Edit tour

Windows Analysis Report
https://go.microsoft.com/fwlink/?LinkId=550986

Overview

General Information

Sample URL:	https://go.microsoft.com/fwlink/?LinkId=550986
Analysis ID:	1310998
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 4084 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 4664 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1908,i,2801621300818733294,8953500953360293423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

chrome.exe (PID: 5820 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://go.microsoft.com/fwlink/?LinkId=550986 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)

cleanup

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: AEC=Ad49MVEVy5CxtQLtYrblzXz4DifLm5q80KxkAsZM0tGClBBQswyzDRIjhA; CONSENT=PENDING+494; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmVuIAEaBgiA0dCmBg; __Secure-ENID=14.SE=FEqwE5eimu_CzO8QanixDxMiVRDl1S74wJwxQG4kibYxHFlarNLstM6_FtN3tkTBDN7NI-PM3BH3uafw_juj7Kua5Sxw58UIqMyDvhq3JStE-0GsITWS9X0QrbjvmkA5MVBf-Eb4RLTTefnPk1F_g7MJo2hXw4TzaSRHE_HtskdpjjbT9g

Source: classification engine

Classification label: clean0.win@20/85@26/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1908,i,2801621300818733294,8953500953360293423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://go.microsoft.com/fwlink/?LinkId=550986
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1908,i,2801621300818733294,8953500953360293423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\chrome_BITS_4084_554039753

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\chrome_BITS_4084_554039753

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	3 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://go.microsoft.com/fwlink/?LinkId=550986	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://git.io/fjule	0%	Avira URL Cloud	safe
https://git.io/fxCyr	0%	Avira URL Cloud	safe
http://git.io/yBU2rg	0%	Avira URL Cloud	safe
http://jedwatson.github.io/classnames	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.217.13.141	true	false	high
part-0012.t-0009.fb-t-msedge.net	13.107.253.40	true	false	unknown
www.google.com	172.217.13.100	true	false	high
clients.l.google.com	172.217.13.174	true	false	high
aka.ms	104.79.139.247	true	false	high
is2-ssl.mzstatic.com	unknown	unknown	false	high
c.s-microsoft.com	unknown	unknown	false	high
is3-ssl.mzstatic.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high
is1-ssl.mzstatic.com	unknown	unknown	false	high
is5-ssl.mzstatic.com	unknown	unknown	false	high
is4-ssl.mzstatic.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://aka.ms/krs?id=P5Ie3-7G	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-GB&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://is1-ssl.mzstatic.com/image/thumb/PurpleSource126/v4/44/00/3a/44003abf-0295-51e4-cfc5-97bc5a3	chromecache_238.1.dr	false		high
https://products.office.com/mobile/office	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple115/v4/48/03/51/480351fd-99d5-2df1-d1df-257bafdacfbb/	chromecache_238.1.dr	false		high
http://www.gimp.org/xmp/	chromecache_220.1.dr, chromecache_176.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/33/9b/18/339b189f-2105-4e4b-76ae-ab7bc706d5a9/	chromecache_238.1.dr	false		high
https://is2-ssl.mzstatic.com	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/60/16/e6/6016e60f-2af2-af5b-65e6-507fbe2475e3/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/PurpleSource126/v4/c4/fe/4c/c4fe4cb3-0e11-3904-727c-ce27cd2	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/cf/5a/81/cf5a81c8-d304-34f3-172f-819c4a4bf68f/	chromecache_238.1.dr	false		high
https://sparkmailapp.com/legal/privacy-app	chromecache_238.1.dr	false		high
https://www.OneNote.com	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Features113/v4/48/c2/f4/48c2f437-f725-e227-59ad-8c075e2907f	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/1d/25/b9/1d25b964-fda2-c3c0-6e08-0b04d9df9a2a/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/10/2b/99/102b9959-28fa-88eb-0ccd-113f88306929/	chromecache_238.1.dr	false		high
https://www.wikidata.org/wiki/Q368215	chromecache_238.1.dr	false		high
http://schema.org	chromecache_230.1.dr	false		high
https://aka.ms/onenote-ios-suggest	chromecache_238.1.dr	false		high
http://aka.ms/outlookFAQ	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Features41/v4/ed/2c/45/ed2c45db-7f5c-07c6-0f33-315f176121a0	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/a9/3a/9a/a93a9a1a-76d0-3a86-2497-c0b19c9e0e6d/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/62/22/9c/62229caa-77fe-9d8e-e03e-56c42ec5b119/	chromecache_238.1.dr	false		high
https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&referrer=kmas_id%253d	chromecache_249.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/61/d6/fc/61d6fcfe-9ff8-1d63-c0f4-69be736e48a5/	chromecache_238.1.dr	false		high
https://play.google.com/store/apps/details?id=com.apple.android.music&referrer=utm_source=$	chromecache_230.1.dr	false		high
https://is3-ssl.mzstatic.com	chromecache_238.1.dr	false		high
https://twitter.com/AppStore	chromecache_238.1.dr	false		high
https://legal.yahoo.com/us/en/yahoo/privacy/index.html	chromecache_238.1.dr	false		high
https://sparkmailapp.com/legal/terms	chromecache_238.1.dr	false		high
http://jedwatson.github.io/classnames	chromecache_218.1.dr	false	Avira URL Cloud: safe	unknown
https://git.io/fxCyr	chromecache_174.1.dr	false	Avira URL Cloud: safe	unknown
https://git.io/fjule	chromecache_174.1.dr	false	Avira URL Cloud: safe	unknown
http://sparkmailapp.com	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/bf/a5/e8/bfa5e8c8-b14f-dc6b-f11e-9c9ec304bfae/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/92/af/bb/92afbb56-a37d-940f-d8e1-a9c94f2c8bbb/	chromecache_238.1.dr	false		high
https://legal.yahoo.com/us/en/yahoo/terms/otos/index.html	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Features113/v4/8d/fb/f3/8dfbf394-7c38-8a86-f229-b5ca04f249f	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/1e/dd/b7/1eddb750-1a91-a792-cc36-28e79f4	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b7/52/18/b7521858-19cf-fc3a-26f4-476fb1b2d019/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Features3/v4/ea/2c/e5/ea2ce53d-eef4-088e-15b2-5280d1be13ca/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/e1/b2/2e/e1b22e6e-6de3-4bd0-db41-fa65acbfe680/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Features3/v4/96/18/e7/9618e7f9-abcd-beae-1698-c48249a8ae5e/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/1c/2b/7c/1c2b7cc6-e029-9bf9-f26f-4b5f533ee2f	chromecache_238.1.dr	false		high
https://schema.org	chromecache_238.1.dr	false		high
https://support.xbox.com/help/subscriptions-billing/manage-subscriptions/microsoft-software-license-	chromecache_238.1.dr	false		high
http://schema.org/ItemListOrderAscending	chromecache_230.1.dr	false		high
https://deprecations.emberjs.com/v1.x/#toc_binding-style-attributes.	chromecache_245.1.dr	false		high
https://raw.github.com/emberjs/ember.js/master/LICENSE	chromecache_245.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/65/41/22/654122e0-2c8c-7b4d-8974-7bce9ec	chromecache_238.1.dr	false		high
https://is5-ssl.mzstatic.com	chromecache_238.1.dr	false		high
https://outlook.live.com	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/90/2e/5a/902e5ade-50eb-df56-2e59-36fbc51d20d5/	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/6e/e2/e7/6ee2e7db-bf98-0d30-7adf-15aa80debeb	chromecache_238.1.dr	false		high
http://git.io/yBU2rg	chromecache_245.1.dr	false	Avira URL Cloud: safe	unknown
https://is1-ssl.mzstatic.com/image/thumb/Features126/v4/09/15/89/091589bc-f33b-2d71-9e77-2ef3729cd95	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/c6/3f/ff/c63fff40-3ba6-83f5-f9a8-a57affa	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/34/d2/c1/34d2c1ed-e3d8-e334-6491-24e3f9b	chromecache_238.1.dr	false		high
https://is1-ssl.mzstatic.com/image/thumb/PurpleSource126/v4/9a/9d/d9/9a9dd94e-adfe-eca7-3eb4-da214cc	chromecache_238.1.dr	false		high
https://is4-ssl.mzstatic.com	chromecache_238.1.dr	false		high
https://upgrade.mail.yahoo.com/	chromecache_238.1.dr	false		high
https://bit.ly/outlookprivacy	chromecache_238.1.dr	false		high
https://preactjs.com	chromecache_218.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.13.100	www.google.com	United States	15169	GOOGLEUS	false
172.217.13.174	clients.l.google.com	United States	15169	GOOGLEUS	false
172.217.13.141	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.253.40	part-0012.t-0009.fb-t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
104.79.139.247	aka.ms	United States	16625	AKAMAI-ASUS	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1310998
Start date and time:	2023-09-19 19:11:40 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 57s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://go.microsoft.com/fwlink/?LinkId=550986
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@20/85@26/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.13.99, 34.104.35.123, 23.192.63.50, 72.21.81.200, 23.49.102.35, 23.77.174.35, 23.206.122.49, 23.197.20.141, 23.197.20.236, 23.197.20.49, 104.127.77.34, 23.49.102.103, 23.77.172.139, 172.217.13.195
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: https://go.microsoft.com/fwlink/?LinkId=550986

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Wed Sep 30 06:28:28 2020, mtime=Thu Aug 10 09:45:23 2023, atime=Tue Aug 1 18:57:01 2023, length=1158936, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.009013135772918
Encrypted:	false
SSDEEP:	48:8JAFcdiqRmHRidAKZdA1o9ehwiZUklqeh7BA3:8JAFyRZg
MD5:	3CF1018862AEE9BAF1DCA55DBC93FF65
SHA1:	01D1DF992E07152494577ECEDE42C458B3944DC8
SHA-256:	A557E38F3E976C6DD6679A31372EE86F220BCFC3ACBC8578C0DB1B1BBE87EB3C
SHA-512:	918BDC9A3B094104A8E559A6E1A88BAC842A0B614DA5E328C487072A8427A4156DE48E44B7ED58A047851BFB49663C8DC326EAF0B09F8AFC36D1CA9C6DF868F6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ....b.J........w.....,V............................1....P.O. .:i.....+00.../C:\.....................1......W.U..PROGRA~1..t......L.3W......E...............J........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....>Q.;..Google..>......>Q.;3W................................G.o.o.g.l.e.....T.1......W.U..Chrome..>......>Q.;3W............................c.>.C.h.r.o.m.e.....`.1......W.U..APPLIC~1..H......>Q.;3W.............................A.A.p.p.l.i.c.a.t.i.o.n.....n.2......W!. .CHROME~1.EXE..R......>Q.;.W.U.....}......................h.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........=..U.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-GB&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.171Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /krs?id=P5Ie3-7G HTTP/1.1Host: aka.msConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /redirect?id=P5Ie3-7G HTTP/1.1Host: krs.microsoft.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605
Source: global traffic	HTTP traffic detected: GET /css/styles.css HTTP/1.1Host: krs.microsoft.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://krs.microsoft.com/redirect?id=P5Ie3-7GAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self
Source: global traffic	HTTP traffic detected: GET /images/GooglePlayStoreBadge.png HTTP/1.1Host: krs.microsoft.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://krs.microsoft.com/redirect?id=P5Ie3-7GAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self
Source: global traffic	HTTP traffic detected: GET /images/AppleAppStoreBadge.png HTTP/1.1Host: krs.microsoft.comConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://krs.microsoft.com/redirect?id=P5Ie3-7GAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self
Source: global traffic	HTTP traffic detected: GET /images/GooglePlayStoreBadge.png HTTP/1.1Host: krs.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self
Source: global traffic	HTTP traffic detected: GET /images/AppleAppStoreBadge.png HTTP/1.1Host: krs.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self

Source: chromecache_238.1.dr	String found in binary or memory: "https://www.facebook.com/AppStore/" equals www.facebook.com (Facebook)
Source: chromecache_238.1.dr	String found in binary or memory: <p dir="false" data-test-bidi>Outlook lets you bring all your email accounts and calendars in one convenient spot. Whether it's staying on top of your inbox or scheduling the next big thing, we make it easy to be your most productive, organized, and connected self.<br /><br />Here's what you'll love about Outlook for iOS:<br /><br />- Focus on the right things with our smart inbox - we help you sort between messages you need to act on straight away and everything else.<br /><br />- Swipe to quickly schedule, delete and archive messages.<br /><br />- Share your meeting availability with just a tap and easily find times to meet with others.<br /><br />- Find everything you're looking for with our new search experience, including files, contacts, and your upcoming trips.<br /><br />- View and attach any file from your email, OneDrive, Dropbox, and more, without having to download them to your phone.<br /><br />- Open Word, Excel, or other Office document attachments to edit them directly in the corresponding app and attach them back to an email.<br /><br />--<br /><br />Outlook for iOS works with Microsoft Exchange, Office 365, Outlook.com (including Hotmail and MSN), Gmail, Yahoo Mail, and iCloud.<br /><br />--<br /><br />To make an in-app purchase of a Microsoft 365 Family or Personal subscription, open the app, go to Settings, and tap on Upgrade next to your Outlook.com or Hotmail.com account. Subscriptions begin at $6.99 a month in the US, and can vary by region. With a Microsoft 365 subscription, you get 1TB of storage for each user, access to all features in Word, Excel, and PowerPoint on iPad, iPhone, and iPod touch, and you can install Word, Excel, PowerPoint, Outlook and OneNote on PCs or Macs.<br /><br />Microsoft 365 subscriptions purchased from the app will be charged to your iTunes account and will automatically renew within 24 hours prior to the end of the current subscription period, unless auto-renewal is disabled beforehand. To manage your subscriptions or to disable auto-renewal, after purchase, go to your iTunes account settings. A subscription cannot be cancelled during the active subscription period. Any unused portion of a free trial period, if offered will be forfeited when the user purchases a subscription to that publication, where applicable.<br /><br />Privacy and Cookies: https://go.microsoft.com/fwlink/?LinkId=521839<br />Terms of Use: http://go.microsoft.com/fwlink/?LinkID=530144<br />Contract Summary: https://www.microsoft.com/microsoft-365/outlook/contract-summary</p> equals www.hotmail.com (Hotmail)
Source: chromecache_238.1.dr	String found in binary or memory: <p dir="false" data-test-bidi>Outlook lets you bring all your email accounts and calendars in one convenient spot. Whether it's staying on top of your inbox or scheduling the next big thing, we make it easy to be your most productive, organized, and connected self.<br /><br />Here's what you'll love about Outlook for iOS:<br /><br />- Focus on the right things with our smart inbox - we help you sort between messages you need to act on straight away and everything else.<br /><br />- Swipe to quickly schedule, delete and archive messages.<br /><br />- Share your meeting availability with just a tap and easily find times to meet with others.<br /><br />- Find everything you're looking for with our new search experience, including files, contacts, and your upcoming trips.<br /><br />- View and attach any file from your email, OneDrive, Dropbox, and more, without having to download them to your phone.<br /><br />- Open Word, Excel, or other Office document attachments to edit them directly in the corresponding app and attach them back to an email.<br /><br />--<br /><br />Outlook for iOS works with Microsoft Exchange, Office 365, Outlook.com (including Hotmail and MSN), Gmail, Yahoo Mail, and iCloud.<br /><br />--<br /><br />To make an in-app purchase of a Microsoft 365 Family or Personal subscription, open the app, go to Settings, and tap on Upgrade next to your Outlook.com or Hotmail.com account. Subscriptions begin at $6.99 a month in the US, and can vary by region. With a Microsoft 365 subscription, you get 1TB of storage for each user, access to all features in Word, Excel, and PowerPoint on iPad, iPhone, and iPod touch, and you can install Word, Excel, PowerPoint, Outlook and OneNote on PCs or Macs.<br /><br />Microsoft 365 subscriptions purchased from the app will be charged to your iTunes account and will automatically renew within 24 hours prior to the end of the current subscription period, unless auto-renewal is disabled beforehand. To manage your subscriptions or to disable auto-renewal, after purchase, go to your iTunes account settings. A subscription cannot be cancelled during the active subscription period. Any unused portion of a free trial period, if offered will be forfeited when the user purchases a subscription to that publication, where applicable.<br /><br />Privacy and Cookies: https://go.microsoft.com/fwlink/?LinkId=521839<br />Terms of Use: http://go.microsoft.com/fwlink/?LinkID=530144<br />Contract Summary: https://www.microsoft.com/microsoft-365/outlook/contract-summary</p> equals www.yahoo.com (Yahoo)
Source: chromecache_238.1.dr	String found in binary or memory: 2023 Microsoft Corporation. All rights reserved.\",\"minimumMacOSVersion\":\"12.0\",\"description\":{\"standard\":\"Outlook lets you bring all your email accounts and calendars in one convenient spot. Whether it's staying on top of your inbox or scheduling the next big thing, we make it easy to be your most productive, organized, and connected self.\\n\\nHere's what you'll love about Outlook for iOS:\\n\\n- Focus on the right things with our smart inbox - we help you sort between messages you need to act on straight away and everything else.\\n\\n- Swipe to quickly schedule, delete and archive messages.\\n\\n- Share your meeting availability with just a tap and easily find times to meet with others.\\n\\n- Find everything you're looking for with our new search experience, including files, contacts, and your upcoming trips.\\n\\n- View and attach any file from your email, OneDrive, Dropbox, and more, without having to download them to your phone.\\n\\n- Open Word, Excel, or other Office document attachments to edit them directly in the corresponding app and attach them back to an email.\\n\\n--\\n\\nOutlook for iOS works with Microsoft Exchange, Office 365, Outlook.com (including Hotmail and MSN), Gmail, Yahoo Mail, and iCloud.\\n\\n--\\n\\nTo make an in-app purchase of a Microsoft 365 Family or Personal subscription, open the app, go to Settings, and tap on Upgrade next to your Outlook.com or Hotmail.com account. Subscriptions begin at $6.99 a month in the US, and can vary by region. With a Microsoft 365 subscription, you get 1TB of storage for each user, access to all features in Word, Excel, and PowerPoint on iPad, iPhone, and iPod touch, and you can install Word, Excel, PowerPoint, Outlook and OneNote on PCs or Macs.\\n\\nMicrosoft 365 subscriptions purchased from the app will be charged to your iTunes account and will automatically renew within 24 hours prior to the end of the current subscription period, unless auto-renewal is disabled beforehand. To manage your subscriptions or to disable auto-renewal, after purchase, go to your iTunes account settings. A subscription cannot be cancelled during the active subscription period. Any unused portion of a free trial period, if offered will be forfeited when the user purchases a subscription to that publication, where applicable.\\n\\nPrivacy and Cookies: https://go.microsoft.com/fwlink/?LinkId=521839\\nTerms of Use: http://go.microsoft.com/fwlink/?LinkID=530144\\nContract Summary: https://www.microsoft.com/microsoft-365/outlook/contract-summary\"},\"isStandaloneWithCompanionForWatchOS\":false,\"is32bitOnly\":false,\"isAppleWatchSupported\":true,\"websiteUrl\":\"https://outlook.live.com\",\"versionHistory\":[{\"versionDisplay\":\"4.2334.1\",\"releaseNotes\":\"This update includes performance improvements and bug fixes to make Outlook better for you.\\n\\nFeel free to send us any comments or questions by going to Settings \u003e Help \u0026 Feedback equals www.hotmail.com (Hotmail)
Source: chromecache_238.1.dr	String found in binary or memory: 2023 Microsoft Corporation. All rights reserved.\",\"minimumMacOSVersion\":\"12.0\",\"description\":{\"standard\":\"Outlook lets you bring all your email accounts and calendars in one convenient spot. Whether it's staying on top of your inbox or scheduling the next big thing, we make it easy to be your most productive, organized, and connected self.\\n\\nHere's what you'll love about Outlook for iOS:\\n\\n- Focus on the right things with our smart inbox - we help you sort between messages you need to act on straight away and everything else.\\n\\n- Swipe to quickly schedule, delete and archive messages.\\n\\n- Share your meeting availability with just a tap and easily find times to meet with others.\\n\\n- Find everything you're looking for with our new search experience, including files, contacts, and your upcoming trips.\\n\\n- View and attach any file from your email, OneDrive, Dropbox, and more, without having to download them to your phone.\\n\\n- Open Word, Excel, or other Office document attachments to edit them directly in the corresponding app and attach them back to an email.\\n\\n--\\n\\nOutlook for iOS works with Microsoft Exchange, Office 365, Outlook.com (including Hotmail and MSN), Gmail, Yahoo Mail, and iCloud.\\n\\n--\\n\\nTo make an in-app purchase of a Microsoft 365 Family or Personal subscription, open the app, go to Settings, and tap on Upgrade next to your Outlook.com or Hotmail.com account. Subscriptions begin at $6.99 a month in the US, and can vary by region. With a Microsoft 365 subscription, you get 1TB of storage for each user, access to all features in Word, Excel, and PowerPoint on iPad, iPhone, and iPod touch, and you can install Word, Excel, PowerPoint, Outlook and OneNote on PCs or Macs.\\n\\nMicrosoft 365 subscriptions purchased from the app will be charged to your iTunes account and will automatically renew within 24 hours prior to the end of the current subscription period, unless auto-renewal is disabled beforehand. To manage your subscriptions or to disable auto-renewal, after purchase, go to your iTunes account settings. A subscription cannot be cancelled during the active subscription period. Any unused portion of a free trial period, if offered will be forfeited when the user purchases a subscription to that publication, where applicable.\\n\\nPrivacy and Cookies: https://go.microsoft.com/fwlink/?LinkId=521839\\nTerms of Use: http://go.microsoft.com/fwlink/?LinkID=530144\\nContract Summary: https://www.microsoft.com/microsoft-365/outlook/contract-summary\"},\"isStandaloneWithCompanionForWatchOS\":false,\"is32bitOnly\":false,\"isAppleWatchSupported\":true,\"websiteUrl\":\"https://outlook.live.com\",\"versionHistory\":[{\"versionDisplay\":\"4.2334.1\",\"releaseNotes\":\"This update includes performance improvements and bug fixes to make Outlook better for you.\\n\\nFeel free to send us any comments or questions by going to Settings \u003e Help \u0026 Feedback equals www.yahoo.com (Yahoo)
Source: chromecache_230.1.dr	String found in binary or memory: return a=n===l.CARD_DISPLAY_STYLES.appOfTheDay?_:n===l.CARD_DISPLAY_STYLES.gameOfTheDay?P:n===l.CARD_DISPLAY_STYLES.inAppPurchase?O:this.getTitleKey(e),this.i18n.t(a,{appName:i,storyTitle:r,_disableSafeString:!0})}getOGType(){return r.default.meta.og.type.story}getTwitterSite(){return this.appViewState.isMacAppStoreView?this.i18n.t("WEA.EditorialItemProductPages.Twitter.site.macOs",{_disableSafeString:!0}):super.getTwitterSite(...arguments)}getTwitterTitle(){return this.getOGTitle(...arguments)}getSchemaTags(e){const{product:t}=e.viewModel,i=E(t),[r]=i,n=(0,l.hasShelfDisplay)(r,"collectionLockup"),{lastPublishedDate:a}=t,o=this.getOGTitle(e),s={"@type":"Organization",name:"Apple Inc",url:"http://www.apple.com",logo:{"@type":"ImageObject",url:"https://www.apple.com/ac/structured-data/images/knowledge_graph_logo.png"}},p=this.getOGImageTags(e).find((e=>"og:image"===e.name))\|\|{},c={"@context":"http://schema.org",name:o,description:this.getDescription(e),image:p.content,author:s,publisher:s,headline:o,dateModified:a,datePublished:a} equals www.twitter.com (Twitter)

Source: chromecache_238.1.dr	String found in binary or memory: http://aka.ms/outlookFAQ
Source: chromecache_245.1.dr	String found in binary or memory: http://git.io/yBU2rg
Source: chromecache_218.1.dr	String found in binary or memory: http://jedwatson.github.io/classnames
Source: chromecache_230.1.dr	String found in binary or memory: http://schema.org
Source: chromecache_230.1.dr	String found in binary or memory: http://schema.org/ItemListOrderAscending
Source: chromecache_238.1.dr	String found in binary or memory: http://sparkmailapp.com
Source: chromecache_230.1.dr	String found in binary or memory: http://www.apple.com
Source: chromecache_238.1.dr	String found in binary or memory: http://www.apple.com/itunes/download/
Source: chromecache_220.1.dr, chromecache_176.1.dr	String found in binary or memory: http://www.gimp.org/xmp/
Source: chromecache_238.1.dr	String found in binary or memory: https://aka.ms/onenote-ios-suggest
Source: chromecache_238.1.dr	String found in binary or memory: https://amp-api.apps.apple.com
Source: chromecache_230.1.dr	String found in binary or memory: https://amp-api.books.apple.com/
Source: chromecache_230.1.dr	String found in binary or memory: https://amp.apple.com
Source: chromecache_238.1.dr	String found in binary or memory: https://api-edge.apps.apple.com
Source: chromecache_230.1.dr	String found in binary or memory: https://api.books.apple.com/
Source: chromecache_230.1.dr	String found in binary or memory: https://apps.apple.com
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/#organization
Source: chromecache_230.1.dr	String found in binary or memory: https://apps.apple.com/$
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/assets/images/knowledge-graph/apps.png
Source: chromecache_238.1.dr, chromecache_230.1.dr	String found in binary or memory: https://apps.apple.com/story/id1538632801
Source: chromecache_230.1.dr	String found in binary or memory: https://apps.apple.com/story/id1539235847
Source: chromecache_230.1.dr	String found in binary or memory: https://apps.apple.com/story/id1604959672
Source: chromecache_230.1.dr	String found in binary or memory: https://apps.apple.com/us/app/apple-podcasts/id525463029
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/box-the-content-cloud/id290853822
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/box-the-content-cloud/id290853822"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/email-edison-mail/id922793622
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/email-edison-mail/id922793622"
Source: chromecache_249.1.dr	String found in binary or memory: https://apps.apple.com/us/app/id951937596?referrer=kmas_id%253d3637ba07-25bf-94aa-9450-82f3fb4dfe5a%
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/mail-app-for-outlook/id1544804494
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/mail-app-for-outlook/id1544804494"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/mail-com-email-inbox-cloud/id461316429
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/mail-com-email-inbox-cloud/id461316429"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-authenticator/id983156458
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-authenticator/id983156458"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-excel/id586683407
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-excel/id586683407"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-onedrive/id477537958
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-onedrive/id477537958"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-outlook/id951937596
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-teams/id1113153706
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-teams/id1113153706"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-word/id586447913
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/microsoft-word/id586447913"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/mymail-box-email-client-app/id722120997
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/mymail-box-email-client-app/id722120997"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/xbox/id736179781
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/xbox/id736179781"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/zoho-mail-email-and-calendar/id909262651
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/app/zoho-mail-email-and-calendar/id909262651"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/charts/iphone/productivity-apps/6007
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/charts/iphone/productivity-apps/6007"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/developer/microsoft-corporation/id298856275
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/developer/microsoft-corporation/id298856275"
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/story/id1455416618
Source: chromecache_238.1.dr	String found in binary or memory: https://apps.apple.com/us/story/id1455416618"
Source: chromecache_238.1.dr	String found in binary or memory: https://bit.ly/outlookprivacy
Source: chromecache_174.1.dr	String found in binary or memory: https://buy.music.apple.com/account/v1/affiliation/association
Source: chromecache_174.1.dr	String found in binary or memory: https://buy.tv.apple.com/account/v1/affiliation/association
Source: chromecache_245.1.dr	String found in binary or memory: https://deprecations.emberjs.com/v1.x/#toc_binding-style-attributes.
Source: chromecache_174.1.dr	String found in binary or memory: https://git.io/fjule
Source: chromecache_174.1.dr	String found in binary or memory: https://git.io/fxCyr
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features113/v4/48/c2/f4/48c2f437-f725-e227-59ad-8c075e2907f
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features113/v4/8d/fb/f3/8dfbf394-7c38-8a86-f229-b5ca04f249f
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/1c/2b/7c/1c2b7cc6-e029-9bf9-f26f-4b5f533ee2f
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/6e/e2/e7/6ee2e7db-bf98-0d30-7adf-15aa80debeb
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features126/v4/09/15/89/091589bc-f33b-2d71-9e77-2ef3729cd95
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features3/v4/96/18/e7/9618e7f9-abcd-beae-1698-c48249a8ae5e/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features3/v4/ea/2c/e5/ea2ce53d-eef4-088e-15b2-5280d1be13ca/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features41/v4/ed/2c/45/ed2c45db-7f5c-07c6-0f33-315f176121a0
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple115/v4/48/03/51/480351fd-99d5-2df1-d1df-257bafdacfbb/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/10/2b/99/102b9959-28fa-88eb-0ccd-113f88306929/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/1d/25/b9/1d25b964-fda2-c3c0-6e08-0b04d9df9a2a/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/33/9b/18/339b189f-2105-4e4b-76ae-ab7bc706d5a9/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/61/d6/fc/61d6fcfe-9ff8-1d63-c0f4-69be736e48a5/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/62/22/9c/62229caa-77fe-9d8e-e03e-56c42ec5b119/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/a9/3a/9a/a93a9a1a-76d0-3a86-2497-c0b19c9e0e6d/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/b7/52/18/b7521858-19cf-fc3a-26f4-476fb1b2d019/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/bf/a5/e8/bfa5e8c8-b14f-dc6b-f11e-9c9ec304bfae/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple116/v4/cf/5a/81/cf5a81c8-d304-34f3-172f-819c4a4bf68f/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/60/16/e6/6016e60f-2af2-af5b-65e6-507fbe2475e3/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/90/2e/5a/902e5ade-50eb-df56-2e59-36fbc51d20d5/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/92/af/bb/92afbb56-a37d-940f-d8e1-a9c94f2c8bbb/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/e1/b2/2e/e1b22e6e-6de3-4bd0-db41-fa65acbfe680/
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/1e/dd/b7/1eddb750-1a91-a792-cc36-28e79f4
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/34/d2/c1/34d2c1ed-e3d8-e334-6491-24e3f9b
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/65/41/22/654122e0-2c8c-7b4d-8974-7bce9ec
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource116/v4/c6/3f/ff/c63fff40-3ba6-83f5-f9a8-a57affa
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource126/v4/44/00/3a/44003abf-0295-51e4-cfc5-97bc5a3
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource126/v4/9a/9d/d9/9a9dd94e-adfe-eca7-3eb4-da214cc
Source: chromecache_238.1.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource126/v4/c4/fe/4c/c4fe4cb3-0e11-3904-727c-ce27cd2
Source: chromecache_238.1.dr	String found in binary or memory: https://is2-ssl.mzstatic.com
Source: chromecache_238.1.dr	String found in binary or memory: https://is3-ssl.mzstatic.com
Source: chromecache_238.1.dr	String found in binary or memory: https://is4-ssl.mzstatic.com
Source: chromecache_238.1.dr	String found in binary or memory: https://is5-ssl.mzstatic.com
Source: chromecache_230.1.dr	String found in binary or memory: https://itunes.apple.com$
Source: chromecache_230.1.dr	String found in binary or memory: https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewFeature?id=1476734846&mt=11
Source: chromecache_230.1.dr	String found in binary or memory: https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewTop?cc=
Source: chromecache_230.1.dr	String found in binary or memory: https://itunes.apple.com/WebObjects/MZStore.woa/wa/viewTop?genreId=38&mt=11
Source: chromecache_174.1.dr	String found in binary or memory: https://itunes.apple.com/WebObjects/MZStoreServices.woa/wa/processRedirectUrl
Source: chromecache_238.1.dr	String found in binary or memory: https://itunes.apple.com/subscribe?app=music
Source: chromecache_238.1.dr	String found in binary or memory: https://itunes.apple.com/us/genre/id6007
Source: chromecache_238.1.dr	String found in binary or memory: https://itunes.apple.com/us/genre/id6007"
Source: chromecache_238.1.dr	String found in binary or memory: https://js-cdn.music.apple.com
Source: chromecache_180.1.dr, chromecache_186.1.dr, chromecache_188.1.dr, chromecache_182.1.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v1/acknowledgements.txt
Source: chromecache_238.1.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/amp/musickit.js?t=1693615103238
Source: chromecache_238.1.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components/
Source: chromecache_238.1.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components//musickit-components.esm.j
Source: chromecache_238.1.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components//musickit-components.js?t=
Source: chromecache_174.1.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/media-api
Source: chromecache_249.1.dr	String found in binary or memory: https://krsprod.azureedge.net/images/appgroups/f696136c-35fb-4350-a296-0c8b47068b32/103ba177-4e85-43
Source: chromecache_238.1.dr	String found in binary or memory: https://legal.yahoo.com/us/en/yahoo/privacy/index.html
Source: chromecache_238.1.dr	String found in binary or memory: https://legal.yahoo.com/us/en/yahoo/terms/otos/index.html
Source: chromecache_238.1.dr	String found in binary or memory: https://locate.apple.com/
Source: chromecache_238.1.dr	String found in binary or memory: https://outlook.live.com
Source: chromecache_230.1.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.apple.android.music&referrer=utm_source=$
Source: chromecache_249.1.dr	String found in binary or memory: https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&referrer=kmas_id%253d
Source: chromecache_218.1.dr	String found in binary or memory: https://preactjs.com
Source: chromecache_238.1.dr	String found in binary or memory: https://products.office.com/mobile/office
Source: chromecache_245.1.dr	String found in binary or memory: https://raw.github.com/emberjs/ember.js/master/LICENSE
Source: chromecache_238.1.dr	String found in binary or memory: https://schema.org
Source: chromecache_238.1.dr	String found in binary or memory: https://sparkmailapp.com/legal/privacy-app
Source: chromecache_238.1.dr	String found in binary or memory: https://sparkmailapp.com/legal/terms
Source: chromecache_238.1.dr	String found in binary or memory: https://support.apple.com
Source: chromecache_238.1.dr	String found in binary or memory: https://support.xbox.com/help/subscriptions-billing/manage-subscriptions/microsoft-software-license-
Source: chromecache_230.1.dr	String found in binary or memory: https://tv.apple.com/search?q=
Source: chromecache_238.1.dr	String found in binary or memory: https://twitter.com/AppStore
Source: chromecache_238.1.dr	String found in binary or memory: https://upgrade.mail.yahoo.com/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.OneNote.com
Source: chromecache_238.1.dr, chromecache_230.1.dr	String found in binary or memory: https://www.apple.com
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/#organization
Source: chromecache_230.1.dr	String found in binary or memory: https://www.apple.com/ac/structured-data/images/knowledge_graph_logo.png
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/airpods/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/api-www/global-elements/global-header/v1/assets/globalheader.css
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/apple-arcade/
Source: chromecache_230.1.dr	String found in binary or memory: https://www.apple.com/apple-books/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/choose-country-region/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/entertainment/
Source: chromecache_238.1.dr, chromecache_230.1.dr	String found in binary or memory: https://www.apple.com/ios/app-store/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/ipad/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/iphone/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/itunes/download/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/legal/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/legal/internet-services/terms/site.html
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/legal/privacy/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/mac/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/macos/mojave-preview/#mac-app-store
Source: chromecache_230.1.dr	String found in binary or memory: https://www.apple.com/osx/apps/app-store/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/retail/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/sitemap/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/tv-home/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/buy_accessories
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/help/sales_refunds
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/us/shop/goto/store
Source: chromecache_238.1.dr	String found in binary or memory: https://www.apple.com/watch/
Source: chromecache_238.1.dr	String found in binary or memory: https://www.wikidata.org/wiki/Q368215
Source: chromecache_244.1.dr	String found in binary or memory: https://xp-qa.apple.com
Source: chromecache_238.1.dr, chromecache_244.1.dr	String found in binary or memory: https://xp.apple.com
Source: chromecache_247.1.dr	String found in binary or memory: https://xp.apple.com/config/1/report
Source: chromecache_174.1.dr	String found in binary or memory: https://xp.apple.com/register
Source: chromecache_247.1.dr, chromecache_205.1.dr, chromecache_208.1.dr, chromecache_216.1.dr, chromecache_211.1.dr	String found in binary or memory: https://xp.apple.com/report

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2023 19:12:36.071892977 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.071955919 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.072017908 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.073019028 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.073029041 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.076189995 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.076231003 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.076281071 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.076472998 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.076493979 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.319546938 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.322851896 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.322885036 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.323355913 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.323415995 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.324098110 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.324151993 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.326203108 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.326327085 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.326697111 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.326708078 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.332788944 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.332999945 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.333023071 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.336971998 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.337064981 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.338124037 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.338239908 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.338344097 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.338357925 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.371181965 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.386780977 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.552614927 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.553070068 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.553170919 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.553867102 CEST	49695	443	192.168.2.4	172.217.13.174
Sep 19, 2023 19:12:36.553893089 CEST	443	49695	172.217.13.174	192.168.2.4
Sep 19, 2023 19:12:36.568473101 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.568612099 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.568639994 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.568897963 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:36.568938971 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.575298071 CEST	49697	443	192.168.2.4	172.217.13.141
Sep 19, 2023 19:12:36.575326920 CEST	443	49697	172.217.13.141	192.168.2.4
Sep 19, 2023 19:12:38.434045076 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.434175968 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.434268951 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.436920881 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.436984062 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.437041044 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.437338114 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.437377930 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.439604998 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.439616919 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.979793072 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.981245995 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.984062910 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.984127045 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.985275984 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.985364914 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.986974001 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.987076044 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.988095999 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.988173008 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.992932081 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.993031025 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.993257999 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.993462086 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:38.993870020 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:38.993906021 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:39.034616947 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:39.035370111 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:39.035443068 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:39.075625896 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:39.371592045 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:39.371931076 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:39.372004032 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:39.383200884 CEST	49702	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:12:39.383236885 CEST	443	49702	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:39.494045019 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.494102001 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:39.494168043 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.494776964 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.494800091 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:39.814639091 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:39.814990044 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.815052032 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:39.816350937 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:39.816415071 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.917063951 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.917246103 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:39.917356968 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.957611084 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:39.957654953 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:39.999597073 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.039741039 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.039838076 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:40.040194988 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.040270090 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.040277958 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:40.104495049 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.104528904 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.104665995 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.104732990 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.104764938 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.104820013 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.165019035 CEST	49703	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.165049076 CEST	443	49703	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.179270029 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.179358959 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.179459095 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.180308104 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.180336952 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.180711031 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.180742025 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.180788994 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.180944920 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.180955887 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.181312084 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.181345940 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.181391001 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.181638002 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.181654930 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.267096043 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:40.273612022 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.273658037 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:40.275302887 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:40.275391102 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.276393890 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.276469946 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:40.316595078 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.316621065 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:40.357594967 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:40.500865936 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.514626980 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.514652014 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.516515017 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.516530991 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.516596079 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.517818928 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.517904997 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.518261909 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.518265009 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.518341064 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.518651009 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.518729925 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.518769026 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.518784046 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.518891096 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.525043011 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.530179024 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.530256033 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.530661106 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.531125069 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.531208992 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.531291962 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.559587002 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.564651966 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.576670885 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.639120102 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.639153004 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.639209032 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.639431000 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.639498949 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.639564991 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.639619112 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.639669895 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.639724970 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.752805948 CEST	49705	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.752851963 CEST	443	49705	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.970532894 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.970592022 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:40.970653057 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.970921993 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:40.970937967 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.192441940 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.192681074 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.192763090 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.192918062 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.192980051 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.193037033 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.193089008 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.193809032 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.193867922 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.193876028 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.193919897 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.193924904 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.194000006 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.194055080 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.194084883 CEST	49707	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.194107056 CEST	443	49707	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.204066992 CEST	49706	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.204104900 CEST	443	49706	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.273009062 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.273052931 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.273117065 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.273344040 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.273363113 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.298648119 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.298944950 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.298971891 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.300081968 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.300148010 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.300518036 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.300585985 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.300688982 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.300700903 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.341588974 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.418162107 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418216944 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418315887 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.418329954 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418345928 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418392897 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.418397903 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418437004 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.418500900 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418557882 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.418579102 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418713093 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.418761015 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.419656038 CEST	49710	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.419670105 CEST	443	49710	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.616139889 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.616594076 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.616703033 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.620517969 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.620603085 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.621047020 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.621196985 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.621208906 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.621241093 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.667854071 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.667874098 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.714848995 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.737312078 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.737365961 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.737457037 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.737497091 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.737545013 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.737603903 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.737617970 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.737663984 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.737674952 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.737746000 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:41.737803936 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.738464117 CEST	49712	443	192.168.2.4	13.107.253.40
Sep 19, 2023 19:12:41.738493919 CEST	443	49712	13.107.253.40	192.168.2.4
Sep 19, 2023 19:12:50.251065016 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:50.251149893 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:50.251281023 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:51.777992964 CEST	49704	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:12:51.778038025 CEST	443	49704	172.217.13.100	192.168.2.4
Sep 19, 2023 19:12:58.142623901 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:58.142703056 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:12:58.142774105 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:13:00.184246063 CEST	49701	443	192.168.2.4	104.79.139.247
Sep 19, 2023 19:13:00.184294939 CEST	443	49701	104.79.139.247	192.168.2.4
Sep 19, 2023 19:13:39.982975960 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:39.983052015 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:39.983130932 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:39.983496904 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:39.983511925 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:40.207461119 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:40.207880974 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:40.207916975 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:40.208388090 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:40.208878040 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:40.208973885 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:40.261421919 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:50.191348076 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:50.191520929 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:13:50.191596985 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:56.728646994 CEST	49815	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:13:56.728730917 CEST	443	49815	172.217.13.100	192.168.2.4
Sep 19, 2023 19:14:40.136778116 CEST	49823	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:14:40.136814117 CEST	443	49823	172.217.13.100	192.168.2.4
Sep 19, 2023 19:14:40.136877060 CEST	49823	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:14:40.137264967 CEST	49823	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:14:40.137279034 CEST	443	49823	172.217.13.100	192.168.2.4
Sep 19, 2023 19:14:40.358637094 CEST	443	49823	172.217.13.100	192.168.2.4
Sep 19, 2023 19:14:40.359354973 CEST	49823	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:14:40.359395027 CEST	443	49823	172.217.13.100	192.168.2.4
Sep 19, 2023 19:14:40.359867096 CEST	443	49823	172.217.13.100	192.168.2.4
Sep 19, 2023 19:14:40.360268116 CEST	49823	443	192.168.2.4	172.217.13.100
Sep 19, 2023 19:14:40.360343933 CEST	443	49823	172.217.13.100	192.168.2.4
Sep 19, 2023 19:14:40.402666092 CEST	49823	443	192.168.2.4	172.217.13.100

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 19, 2023 19:12:35.969530106 CEST	60838	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:35.969799995 CEST	53819	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:35.970093966 CEST	60316	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:35.970305920 CEST	51816	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:36.066845894 CEST	53	60316	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:36.070133924 CEST	53	53819	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:36.070661068 CEST	53	51816	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:36.071161985 CEST	53	62265	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:36.075542927 CEST	53	60838	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:36.713284969 CEST	53	49785	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:38.014925003 CEST	53300	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:38.017312050 CEST	64803	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:38.107933044 CEST	53	53300	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:38.109222889 CEST	53	64803	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:39.921844006 CEST	52086	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:39.922408104 CEST	64196	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:40.016064882 CEST	53	64196	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:40.019274950 CEST	53	52086	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:41.270251989 CEST	55618	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:41.270731926 CEST	54289	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:41.855190992 CEST	52359	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:41.855462074 CEST	49668	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.007971048 CEST	49702	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.008307934 CEST	63044	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.122926950 CEST	54956	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.123296976 CEST	64701	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.188594103 CEST	57676	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.188925982 CEST	64496	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.228283882 CEST	49727	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.228584051 CEST	59940	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.237814903 CEST	58636	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.238184929 CEST	53352	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:53.634362936 CEST	53	63455	8.8.8.8	192.168.2.4
Sep 19, 2023 19:12:54.755825043 CEST	62954	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:12:54.756228924 CEST	59415	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:13:00.283149004 CEST	53	57683	8.8.8.8	192.168.2.4
Sep 19, 2023 19:13:10.593595982 CEST	53	63769	8.8.8.8	192.168.2.4
Sep 19, 2023 19:13:28.609040976 CEST	53	53009	8.8.8.8	192.168.2.4
Sep 19, 2023 19:13:35.588001966 CEST	53	50834	8.8.8.8	192.168.2.4
Sep 19, 2023 19:14:15.296401978 CEST	53	50261	8.8.8.8	192.168.2.4
Sep 19, 2023 19:14:40.038774014 CEST	49876	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:14:40.038914919 CEST	51977	53	192.168.2.4	8.8.8.8
Sep 19, 2023 19:14:40.135596037 CEST	53	51977	8.8.8.8	192.168.2.4
Sep 19, 2023 19:14:40.135644913 CEST	53	49876	8.8.8.8	192.168.2.4

Timestamp	kBytes transferred	Direction	Data
2023-09-19 17:12:36 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.171&lang=en-GB&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-115.0.5790.171 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
2023-09-19 17:12:36 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-kqzzzXUXheW2LHqkMdHbWA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 19 Sep 2023 17:12:36 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6105 X-Daystart: 36756 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-09-19 17:12:36 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 30 35 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 36 37 35 36 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6105" elapsed_seconds="36756"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-09-19 17:12:36 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-09-19 17:12:36 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-09-19 17:12:36 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: AEC=Ad49MVEVy5CxtQLtYrblzXz4DifLm5q80KxkAsZM0tGClBBQswyzDRIjhA; CONSENT=PENDING+494; SOCS=CAESHAgCEhJnd3NfMjAyMzA4MDMtMF9SQzIaAmVuIAEaBgiA0dCmBg; __Secure-ENID=14.SE=FEqwE5eimu_CzO8QanixDxMiVRDl1S74wJwxQG4kibYxHFlarNLstM6_FtN3tkTBDN7NI-PM3BH3uafw_juj7Kua5Sxw58UIqMyDvhq3JStE-0GsITWS9X0QrbjvmkA5MVBf-Eb4RLTTefnPk1F_g7MJo2hXw4TzaSRHE_HtskdpjjbT9g
2023-09-19 17:12:36 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-09-19 17:12:36 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 19 Sep 2023 17:12:36 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: script-src 'report-sample' 'nonce-J1Cmh5RsO5KIJfdcxi7jlw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-09-19 17:12:36 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-09-19 17:12:36 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	kBytes transferred	Direction	Data
2023-09-19 17:12:38 UTC	4	OUT	GET /krs?id=P5Ie3-7G HTTP/1.1 Host: aka.ms Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
2023-09-19 17:12:39 UTC	5	IN	HTTP/1.1 301 Moved Permanently Content-Length: 0 Server: Kestrel Location: https://krs.microsoft.com/redirect?id=P5Ie3-7G Request-Context: appId=cid-v1:7d63747b-487e-492a-872d-762362f77974 X-Response-Cache-Status: True Expires: Tue, 19 Sep 2023 17:12:39 GMT Cache-Control: max-age=0, no-cache, no-store Pragma: no-cache Date: Tue, 19 Sep 2023 17:12:39 GMT Connection: close Strict-Transport-Security: max-age=31536000 ; includeSubDomains

Timestamp	kBytes transferred	Direction	Data
2023-09-19 17:12:39 UTC	5	OUT	GET /redirect?id=P5Ie3-7G HTTP/1.1 Host: krs.microsoft.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605
2023-09-19 17:12:40 UTC	6	IN	HTTP/1.1 200 OK Transfer-Encoding: chunked Content-Type: text/html; charset=utf-8 Set-Cookie: TiPMix=36.57796004678722; path=/; HttpOnly; Domain=krs.microsoft.com; Max-Age=3600; Secure; SameSite=None Set-Cookie: x-ms-routing-name=self; path=/; HttpOnly; Domain=krs.microsoft.com; Max-Age=3600; Secure; SameSite=None Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:21c5cddf-c4b1-44ff-854e-6e2d0ac6af45 X-Cache: CONFIG_NOCACHE X-Azure-Ref: 0h9YJZQAAAADYgFDXvsG0QLP2QIQoPPpCTU5aMjIxMDYwNjEyMDI1AGViNjA1MmY5LTY2NmUtNDVjZC05YzE5LTQxODZjNmViOTBjYw== Date: Tue, 19 Sep 2023 17:12:39 GMT Connection: close
2023-09-19 17:12:40 UTC	7	IN	Data Raw: 36 32 64 0d 0a 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 39 35 31 39 33 37 35 39 36 2c 20 61 70 70 2d 61 72 67 75 6d 65 6e 74 3d 68 74 74 70 73 3a 2f 2f 61 70 70 73 2e 61 70 70 6c 65 2e 63 6f 6d 2f Data Ascii: 62d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="apple-itunes-app" content="app-id=951937596, app-argument=https://apps.apple.com/
2023-09-19 17:12:40 UTC	8	IN	Data Raw: 31 30 65 0d 0a 70 53 74 6f 72 65 42 61 64 67 65 2e 70 6e 67 22 20 68 65 69 67 68 74 3d 22 34 32 22 20 2f 3e 3c 2f 61 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 20 20 20 20 3c 2f 64 69 76 3e 0d 0a 09 3c 66 6f 6f 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 47 6f 6f 67 6c 65 20 50 6c 61 79 20 61 6e 64 20 74 68 65 20 47 6f 6f 67 6c 65 20 50 6c 61 79 20 6c 6f 67 6f 20 61 72 65 20 74 72 61 64 65 6d 61 72 6b 73 20 6f 66 20 47 6f 6f 67 6c 65 20 4c 4c 43 2e 20 3c 2f 73 70 61 6e 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 70 61 6e 3e 41 70 70 6c 65 20 61 6e 64 20 74 68 65 20 41 70 70 6c 65 20 6c 6f 67 6f 20 61 72 65 20 74 72 61 64 65 6d 61 72 6b 73 20 6f 66 20 41 70 70 6c 65 20 49 6e 63 2e 3c 2f 73 70 61 6e 3e 0d 0a 09 3c 2f 66 6f 6f 74 65 72 3e Data Ascii: 10epStoreBadge.png" height="42" /></a></div> </div><footer> <span>Google Play and the Google Play logo are trademarks of Google LLC. </span> <span>Apple and the Apple logo are trademarks of Apple Inc.</span></footer>
2023-09-19 17:12:40 UTC	8	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (821)
Category:	downloaded
Size (bytes):	7626
Entropy (8bit):	5.215559608926212
Encrypted:	false
SSDEEP:	192:OtQ0m8mBOZgS9tn0Ll9829FAeHlVPrMNW:OtFuSD4829FAeHzPAW
MD5:	33AF753815E0763128B33C38F393AF19
SHA1:	FD81C07EDD497B91F91629687D2AB6976F287E17
SHA-256:	A7A8465112A5F495E5C95139568A59BF35B3116624A5861B71472070520D699E
SHA-512:	D5981A0D80035A3E0B8EFBE12B90C5E82A53F8C2CBC100001D344DC645B07A76DB3B75D863A5BB733F54B9E13B4C0A515B63041F50DCFC9AC750C092C436DBF5
Malicious:	false
Reputation:	low
URL:	https://apps.apple.com/assets/chunk.26.d8fd25d7ba389f9fe03e.js
Preview:	"use strict";(self.webpackChunk_ember_auto_import_=self.webpackChunk_ember_auto_import_\|\|[]).push([[26],{71026:function(e,t,n){n.r(t),n.d(t,{environment:function(){return a},eventRecorder:function(){return F},immediateEventRecorder:function(){return q},logger:function(){return D},network:function(){return E},setEventQueuePostIntervalEnabled:function(){return N}}).var s=n(76588),r=n(24178),u=n(32722),o=r.SC.attachDelegate,a={setDelegate:function(e){return o(this,e)},globalScope:function(){return window}},i={AJAX:"ajax",AJAX_SYNCHRONOUS:"ajaxSynchronous",IMAGE:"image",BEACON:"beacon"},v=r.vc.metricsDisabledOrDenylistedEvent,c=r.vc.removeDenylistedFields,l={},p=["dsId","consumerId"].function f(e,t,n){var s=null.return n&&!v.call(u.Z,n.eventType,t)&&(c.call(u.Z,n,t),m(t,n),e.apply(null,Array.prototype.slice.call(arguments,1)),s=n),s}function d(e,t){l[e]=l[e]\|\|{},l[e]=t}function Q(){l={}}function m(e,t){l[e]=l[e]\|\|{},l[e].anonymous&&p.forEach((function(e){delete t[e]}))}var y=r.SC.attachDel

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (2289)
Category:	downloaded
Size (bytes):	261346
Entropy (8bit):	5.237906414956902
Encrypted:	false
SSDEEP:	1536:Z70pEEmLtB0R0J0WzioyhqJmEJcqt6UqZSqCs94MX4amnwxJ3P5A4GaGHk6uv3WD:ZDnehEmEJcqt6UqZS44MXVA4GJnQahx
MD5:	7E7D75BFC4C76F5DEFFCDCFE18DC2D6D
SHA1:	18E6165D359F08B0EF42F556E6CCA3B153FCC03A
SHA-256:	350B875DDB6BB4E2B132441EC8C0FFB467AE9E1BDF491A905CC7728A7D1215F9
SHA-512:	4C536815368A10BDC41DB67EBDDF4AFF74B61A54C98FA13B3DC1A3D18CC142219E372565A34A30DB4F5255C55BEE7D96584BFD6C2ABA086981E61654678DDFB1
Malicious:	false
Reputation:	low
URL:	https://apps.apple.com/assets/chunk.526.14ff28008c804d4cc489.js
Preview:	/! For license information please see chunk.526.14ff28008c804d4cc489.js.LICENSE.txt /.(self.webpackChunk_ember_auto_import_=self.webpackChunk_ember_auto_import_\|\|[]).push([[526],{2353:function(e,t,r){"use strict".r.r(t),r.d(t,{KNOWN_CAMPAIGN_AND_AFFILIATE_QUERY_PARAMS:function(){return n},KNOWN_MARKETING_QUERY_PARAMS:function(){return a},METRICS_REGISTER_ENDPOINT:function(){return o},MUSIC_AFFILIATIONS_ENDPOINT:function(){return u},PROCESS_REDIRECT_URL_ENDPOINT:function(){return i},TV_AFFILIATIONS_ENDPOINT:function(){return s},default:function(){return c},handleCampaignAndAffiliateUrls:function(){return f}}).var n=["affC","adId","advp","at","ct","itsct","itscg","itscc","itcCt","its_qt","ls","partnerId","pt","qtkid","uo"],a=["mttn3pid","mttnagencyid","mttncc","mttnmyad","mttnmyadg","mttnmycmp","mttnmykw","mttnmypla","mttnmypub","mttnmysite","mttnpid","mttnrefid","mttnsiteid","mttnsub1","mttnsub2","mttnsub3","mttnsubad","mttnsubadgp","mttnsubcmp","mttnsubkw","mttnsubpid","mttnsubplmnt"

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 564 x 168, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	9371
Entropy (8bit):	6.775324714137017
Encrypted:	false
SSDEEP:	192:aSkVHhQQSk+tvHzKRlZfR/bwJ6b3nvIQe:aRVBaTTKRN0KIP
MD5:	96E7DA23073D7FFEB2B90FCEF2570B2C
SHA1:	6AEFAC48244653FE982489338E70C5FB0D900FC2
SHA-256:	89514515CA490C1E66E3298D91D74EAF1F760C0D4B21E4E9F18FDAF3996554F3
SHA-512:	D1D82FB43FDADD9F8A3F55AD7E7D8FBAA0B7EBB82B0742B8440121EB272E3D68E7A67A163AA095BD6DD961286B61A130DCE130FA7C308E79639A2D6DD9E6A718
Malicious:	false
Reputation:	low
URL:	https://krs.microsoft.com/images/GooglePlayStoreBadge.png
Preview:	.PNG........IHDR...4..........n. ....zTXtRaw profile type exif..x.mP..C!..w.........t..`.l{.'.x".\|...6.....MZ....P.8;tr.4y.)C...t]..pT....e.qa.E-..#~D.'.... :.....#.#.O.0P.Vn......w..4.xo...mzG.w.............u..B+Sc.J.3..9-..1.YO.+J~....iCCPICC profile..x.}.=H.@.._[KU*.F.q.P.."...E.P...:.\..M....G.....b...YW.WA...quqRt.....Z.xp.w..w.....T.'...e..q1._.C..........'3.Yx..{..z..Y.....J.d.O$.1..7.g7-..>...B\|N<i..........g.F6=O,..........x.8.....s.+..8..:k..0\.V2\.9....D."d.QA....j..H.~..?..S..U.#..jP!9~.?..Y..r..q .b...@h.h5l...['@....:.Z...$..."G..6pq...=.r..y.%Cr..M......7.[....... K]-.....D...=.....g.....~r.v......viTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 4.4.0-Exiv2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceE

Timestamp	kBytes transferred	Direction	Data
2023-09-19 17:12:40 UTC	8	OUT	GET /css/styles.css HTTP/1.1 Host: krs.microsoft.com Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://krs.microsoft.com/redirect?id=P5Ie3-7G Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self
2023-09-19 17:12:41 UTC	20	IN	HTTP/1.1 200 OK Content-Length: 555 Content-Type: text/css Last-Modified: Thu, 31 Aug 2023 19:31:08 GMT Accept-Ranges: bytes ETag: "1d9dc41b0b8642b" Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:21c5cddf-c4b1-44ff-854e-6e2d0ac6af45 X-Cache: CONFIG_NOCACHE X-Azure-Ref: 0iNYJZQAAAAD4+52QsScZQoojlajt7HNYTU5aMjIxMDYwNjEyMDA5AGViNjA1MmY5LTY2NmUtNDVjZC05YzE5LTQxODZjNmViOTBjYw== Date: Tue, 19 Sep 2023 17:12:41 GMT Connection: close
2023-09-19 17:12:41 UTC	21	IN	Data Raw: ef bb bf 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0d 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 53 65 67 6f 65 20 55 49 2c 53 65 67 6f 65 55 49 2c 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 0d 0a 20 20 20 20 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 36 34 70 78 3b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0d 0a 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0d 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0d 0a 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0d 0a 7d 0d 0a 0d 0a 2e 66 6c 65 78 2d 72 6f 77 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 Data Ascii: .container { font-family: Segoe UI,SegoeUI,"Helvetica Neue",Helvetica,Arial,sans-serif; margin-top: 64px; display: flex; flex-direction: column; text-align: center; align-items: center;}.flex-row { display: flex

Timestamp	kBytes transferred	Direction	Data
2023-09-19 17:12:40 UTC	9	OUT	GET /images/GooglePlayStoreBadge.png HTTP/1.1 Host: krs.microsoft.com Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://krs.microsoft.com/redirect?id=P5Ie3-7G Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self
2023-09-19 17:12:40 UTC	11	IN	HTTP/1.1 200 OK Content-Length: 9371 Content-Type: image/png Last-Modified: Thu, 31 Aug 2023 19:31:22 GMT Accept-Ranges: bytes ETag: "1d9dc41b910859b" Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:21c5cddf-c4b1-44ff-854e-6e2d0ac6af45 X-Cache: CONFIG_NOCACHE X-Azure-Ref: 0iNYJZQAAAADU1m9yYO5sTpU6wbuLsc8mTU5aMjIxMDYwNjE0MDI5AGViNjA1MmY5LTY2NmUtNDVjZC05YzE5LTQxODZjNmViOTBjYw== Date: Tue, 19 Sep 2023 17:12:40 GMT Connection: close
2023-09-19 17:12:40 UTC	11	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 34 00 00 00 a8 08 03 00 00 00 c0 6e 84 20 00 00 00 c2 7a 54 58 74 52 61 77 20 70 72 6f 66 69 6c 65 20 74 79 70 65 20 65 78 69 66 00 00 78 da 6d 50 d1 0d 43 21 08 fc 77 8a 8e a0 80 0a e3 d0 be d7 a4 1b 74 fc a2 60 f2 6c 7b 89 27 1e 78 22 e9 7c bf 9e e9 36 00 85 12 d5 ce 4d 5a cb 06 12 12 50 0b 38 3b 74 72 c9 34 79 02 29 43 a8 9b 9e 74 5d 02 93 70 54 fa 91 9b ef 65 e9 71 61 ed 45 2d aa 17 23 7e 44 e2 be 27 84 c2 9f bf 8c 20 3a 1b 1d 8d f8 08 23 09 23 04 4f 94 30 50 ff 56 6e c2 fd fa 85 fb 99 77 b0 af 34 88 78 6f fb e7 dc 6d 7a 47 b5 77 10 e0 c4 82 d9 18 91 bc 01 1c 0b 13 aa 05 75 b2 8c 42 2b 53 63 9e 4a 0f 33 1b c8 bf 39 2d a4 0f 31 ad 59 4f 0b 2b 4a 7e 00 00 01 84 69 43 43 50 49 43 43 20 70 72 6f 66 Data Ascii: PNGIHDR4n zTXtRaw profile type exifxmPC!wt`l{'x"\|6MZP8;tr4y)Ct]pTeqaE-#~D' :##O0PVnw4xomzGwuB+ScJ39-1YO+J~iCCPICC prof
2023-09-19 17:12:40 UTC	14	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 Data Ascii:
2023-09-19 17:12:40 UTC	16	IN	Data Raw: 17 d9 9e d1 e8 f9 84 99 f3 67 d3 fb 0d 3c a3 9b 5e 20 81 e8 0c 40 c3 d3 33 9b 34 b5 19 da a8 2f 27 61 4c 16 56 28 c6 c9 0b 96 d2 1c 34 d6 46 2e d8 35 12 f3 b2 7e 79 7c 81 24 40 7e c5 06 68 d8 7a 75 93 ae d3 af b6 f6 cc 67 92 f7 de 22 39 52 1a 84 26 b9 df cb c4 fd 0c 2f f9 96 31 86 e6 62 6c 6b ba 06 40 c3 d4 a5 4d 96 4e b4 14 da a8 b1 77 f0 2f 33 7e d8 00 34 56 7c bf 75 9d 62 ec 2e 8e 2e 70 ca 88 fd a3 73 16 a0 61 4e b6 37 39 7a ad 15 1f 75 25 0b 7b 5b 81 e6 2c ed 7e 17 e3 6f ae a5 17 d0 ba 29 2a 00 4d 51 df e3 41 b3 79 fa 91 16 1e 39 09 28 2e b7 08 cd 5a 3c 57 2a dc 4f 7d dd 71 5e 57 d3 0b 7c 3f 4d d6 00 34 45 bd f1 03 2e 35 9b 97 9a cf 11 c7 9e 61 c3 e2 41 43 5d 0b a8 0e cd 63 d4 fb c5 b6 e5 82 96 5e c0 f8 e1 38 59 03 d0 14 f5 e6 d5 12 6a 36 4f 34 3d fd Data Ascii: g<^ @34/'aLV(4F.5~y\|$@~hzug"9R&/1blk@MNw/3~4V\|ub..psaN79zu%{[,~o)MQAy9(.Z<WO}q^W\|?M4E.5aAC]c^8Yj6O4=
2023-09-19 17:12:40 UTC	19	IN	Data Raw: 58 06 8c f2 5c a3 ef 69 b5 43 a3 51 1f ca a1 2c 6c 57 d8 79 38 09 34 82 cc dc fa 5c a9 5d 76 c9 0e 14 2c 29 ea 5b f9 51 77 e9 c9 c2 91 6d f1 c4 4a 23 7c e9 d2 08 b5 f0 44 99 6d 0a 8c 9a a1 d1 a9 0f e5 50 22 34 d9 f9 f6 64 d0 08 32 53 67 30 43 19 43 ca 44 c4 30 3d da c9 a9 8c 22 2c bf 5a 11 16 a2 95 0d f3 8b b0 42 1a 35 23 93 48 33 36 55 a0 a1 d4 5f e0 95 d1 54 f7 2d bd f3 b0 3a 34 62 cc 6c 7d a9 34 23 b2 ac db 0b 47 7f 68 c2 d0 74 72 29 30 a0 59 64 7f bc 4c 8c 9d 93 cf 2b f7 c4 fe 02 43 ea dc 3c 4a b9 a7 cf 2d f7 cc 9c 6a 5a 6e 8a 31 1b d4 02 4d da 2d 1e ad 06 d5 a1 fa 2c fa 72 48 13 d0 fc 53 84 99 9b 77 94 c6 64 3a 22 c2 cd 2e 5e 58 ee 47 c8 64 14 96 e3 6f a6 17 22 1b 05 d4 c2 72 bc d3 fb 41 7c b5 c8 2f 2b 2c d7 89 c2 76 9d fc 95 b0 16 68 b2 74 84 e3 05 Data Ascii: X\iCQ,lWy84\]v,)[QwmJ#\|DmP"4d2Sg0CCD0=",ZB5#H36U_T-:4bl}4#Ghtr)0YdL+C<J-jZn1M-,rHSwd:".^XGdo"rA\|/+,vht

Timestamp	kBytes transferred	Direction	Data
2023-09-19 17:12:40 UTC	10	OUT	GET /images/AppleAppStoreBadge.png HTTP/1.1 Host: krs.microsoft.com Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://krs.microsoft.com/redirect?id=P5Ie3-7G Accept-Encoding: gzip, deflate, br Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: MC1=GUID=762ed1c63ceb49b49cb46dba465abf5d&HASH=762e&LV=202308&V=4&LU=1691663513605; TiPMix=36.57796004678722; x-ms-routing-name=self
2023-09-19 17:12:41 UTC	21	IN	HTTP/1.1 200 OK Content-Length: 6391 Content-Type: image/png Last-Modified: Thu, 31 Aug 2023 19:31:20 GMT Accept-Ranges: bytes ETag: "1d9dc41b7df6cf7" Strict-Transport-Security: max-age=2592000 Request-Context: appId=cid-v1:21c5cddf-c4b1-44ff-854e-6e2d0ac6af45 X-Cache: CONFIG_NOCACHE X-Azure-Ref: 0iNYJZQAAAACECCq0Rjm/SYoG8A28tlmQTU5aMjIxMDYwNjEyMDI5AGViNjA1MmY5LTY2NmUtNDVjZC05YzE5LTQxODZjNmViOTBjYw== Date: Tue, 19 Sep 2023 17:12:40 GMT Connection: close
2023-09-19 17:12:41 UTC	22	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 e0 00 00 00 a0 08 03 00 00 00 e3 25 4f 7f 00 00 01 53 50 4c 54 45 00 00 00 a7 a7 a7 a6 a6 a6 a8 a8 a8 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a5 a5 a5 a6 a6 a6 a7 a7 a7 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a6 a7 a7 a7 a6 a6 a6 a6 a6 a6 00 00 00 ff ff ff a6 a6 a6 59 59 59 4d 4d 4d 1b 1b 1b cc cc cc 04 04 04 fd fd fd fa fa fa f0 f0 f0 a3 a3 a3 69 69 69 33 33 33 94 94 94 bb bb bb e3 e3 e3 aa aa aa 08 08 08 ee ee ee a0 a0 a0 81 81 81 0c 0c 0c f4 f4 f4 de de de 21 21 21 d9 d9 d9 16 16 16 88 88 88 65 65 65 10 10 10 7d 7d 7d f6 f6 f6 0f 0f 0f c8 c8 c8 49 49 49 d2 d2 d2 70 70 70 25 25 25 9a 9a 9a 77 77 77 1f 1f 1f fc fc fc e8 e8 e8 e6 e6 e6 6d 6d 6d 3c 3c 3c 42 42 42 98 98 98 2b 2b 2b 28 Data Ascii: PNGIHDR%OSPLTEYYYMMMiii333!!!eee}}}IIIppp%%%wwwmmm<<<BBB+++(
2023-09-19 17:12:41 UTC	24	IN	Data Raw: f9 a2 f4 19 c0 ac 6f 20 c1 1d fb da d9 50 fe a7 82 57 67 01 2c b3 e7 f5 45 d6 9a 35 ff 8c e0 ea f5 4c c7 ca 1d 45 57 4a fd 1a 95 f5 f9 46 04 8c 5a 6e ae 18 1f e1 27 3b 9f a6 48 90 cd c0 25 12 97 fb 00 8c 90 bb 61 85 ca 60 82 a9 5d 83 4b a0 2b 72 35 43 9b d5 80 2d 57 70 ca 80 a0 91 ec 17 4c d5 97 70 89 95 69 20 c1 8b 70 98 fe a9 60 9a ca 38 fd 5a b3 1f d4 5d fa 03 82 ab 57 11 b8 d4 2a 5d f2 52 aa d4 e0 c5 1f d4 87 13 ac 55 bc 3d eb 1a e0 1c c9 c3 4b 72 9d 68 aa 00 76 07 14 4c 79 3f 38 1f db f4 83 f4 2d dd 15 4c ab 39 71 51 f3 58 0a 96 ac b6 c0 39 db a4 c1 04 2b e1 fb 04 d3 ba 1b de d8 05 fd 7e c1 af 3a 2a 7a 49 ec 8b 3c 62 ee 27 d0 c7 5a 51 a1 c1 38 f6 73 1a d1 d7 97 2f a8 07 3d d8 d2 80 d3 fa 25 49 aa ec a5 e7 bc 1d 65 6d f7 2d 61 bf ff 58 64 77 76 7c 8a Data Ascii: o PWg,E5LEWJFZn';H%a`]K+r5C-WpLpi p`8Z]W]RU=KrhvLy?8-L9qQX9+~:zI<b'ZQ8s/=%Iem-aXdwv\|

Target ID:	0
Start time:	19:12:32
Start date:	19/09/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff7c94b0000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	1
Start time:	19:12:33
Start date:	19/09/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1908,i,2801621300818733294,8953500953360293423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7c94b0000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Target ID:	2
Start time:	19:12:35
Start date:	19/09/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://go.microsoft.com/fwlink/?LinkId=550986
Imagebase:	0x7ff7c94b0000
File size:	3'219'224 bytes
MD5 hash:	8D1C4713ACB7CC2AAAEE4477C58A80BA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://go.microsoft.com/fwlink/?LinkId=550986

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 173

Chrome Cache Entry: 174

Chrome Cache Entry: 175

Chrome Cache Entry: 176

Chrome Cache Entry: 177

Chrome Cache Entry: 178

Chrome Cache Entry: 179

Chrome Cache Entry: 180

Chrome Cache Entry: 181

Chrome Cache Entry: 182

Chrome Cache Entry: 183

Chrome Cache Entry: 184

Chrome Cache Entry: 185

Chrome Cache Entry: 186

Chrome Cache Entry: 187

Chrome Cache Entry: 188

Chrome Cache Entry: 189

Chrome Cache Entry: 190

Chrome Cache Entry: 191

Chrome Cache Entry: 192

Chrome Cache Entry: 193

Chrome Cache Entry: 194

Chrome Cache Entry: 195

Windows Analysis Report
https://go.microsoft.com/fwlink/?LinkId=550986

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre