Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA

Overview

General Information

Sample URL:https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkND
Analysis ID:1314629
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • chrome.exe (PID: 4400 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: B5FF854EAE31D49E10B4DC714D8296F1)
    • chrome.exe (PID: 480 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1932,i,7473679338453462237,18009064073529994329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: B5FF854EAE31D49E10B4DC714D8296F1)
  • chrome.exe (PID: 1956 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA MD5: B5FF854EAE31D49E10B4DC714D8296F1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_4400_927785450Jump to behavior
Source: unknownHTTPS traffic detected: 52.184.216.174:443 -> 192.168.2.10:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.179.219.14:443 -> 192.168.2.10:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.184.212.181:443 -> 192.168.2.10:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.10:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.0.174.136:443 -> 192.168.2.10:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.67.197.195:443 -> 192.168.2.10:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.67.197.195:443 -> 192.168.2.10:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.24.69:443 -> 192.168.2.10:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.45.28.28:443 -> 192.168.2.10:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.24.69:443 -> 192.168.2.10:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.45.28.28:443 -> 192.168.2.10:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.110&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.110Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA HTTP/1.1Host: url.avanan.clickConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19043.928/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.906&MK=v4ePeryerDyKMbd&MD=Tgf2XlpW HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /geo?doClientVersion=10.0.19041.746&profile=1048832&callId=2016907992 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: GJL0DDALw0aC7e3L.1.1.1Content-Length: 0Host: geo.prod.do.dsp.mp.microsoft.com
Source: global trafficHTTP traffic detected: GET /geoversion?doClientVersion=10.0.19041.746&profile=1048832 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: GJL0DDALw0aC7e3L.3.1.1Content-Length: 0Host: geover.prod.do.dsp.mp.microsoft.com
Source: global trafficHTTP traffic detected: GET /geo?doClientVersion=10.0.19041.746&profile=1048832&callId=1608168369 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: GJL0DDALw0aC7e3L.4.1.1Content-Length: 0Host: geo.prod.do.dsp.mp.microsoft.com
Source: global trafficHTTP traffic detected: GET /geoversion?doClientVersion=10.0.19041.746&profile=1048832 HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: GJL0DDALw0aC7e3L.6.1.1Content-Length: 0Host: geover.prod.do.dsp.mp.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19043.928/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.906&MK=v4ePeryerDyKMbd&MD=Tgf2XlpW HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31Host: slscr.update.microsoft.com
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49681 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTP traffic detected: POST /join/ HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: OozOKIFhcke2XNhQ.2.30.1.2Content-Length: 661Host: array504.prod.do.dsp.mp.microsoft.com
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.36.175
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.113.215
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.36.175
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.113.215
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.216.174
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.212.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.212.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.212.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.212.212
Source: unknownTCP traffic detected without corresponding DNS query: 2.20.212.212
Source: unknownTCP traffic detected without corresponding DNS query: 52.184.212.181
Source: unknownTCP traffic detected without corresponding DNS query: 52.179.219.14
Source: unknownTCP traffic detected without corresponding DNS query: 104.77.36.175
Source: unknownHTTPS traffic detected: 52.184.216.174:443 -> 192.168.2.10:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.179.219.14:443 -> 192.168.2.10:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 52.184.212.181:443 -> 192.168.2.10:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.10:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.0.174.136:443 -> 192.168.2.10:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.67.197.195:443 -> 192.168.2.10:49715 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.67.197.195:443 -> 192.168.2.10:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.24.69:443 -> 192.168.2.10:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.45.28.28:443 -> 192.168.2.10:49718 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.54.24.69:443 -> 192.168.2.10:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.45.28.28:443 -> 192.168.2.10:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: classification engineClassification label: clean0.win@22/0@13/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\chrome_BITS_4400_927785450Jump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1932,i,7473679338453462237,18009064073529994329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1932,i,7473679338453462237,18009064073529994329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\chrome_BITS_4400_927785450Jump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1314629 URL: https://url.avanan.click/v2... Startdate: 26/09/2023 Architecture: WINDOWS Score: 0 14 esa.trevertex.local 2->14 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.2.10, 443, 49696, 49697 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 www.google.com 142.250.217.228, 443, 49706, 49724 GOOGLEUS United States 11->20 22 accounts.google.com 172.217.2.205, 443, 49700 GOOGLEUS United States 11->22 24 5 other IPs or domains 11->24

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
d1u0leijqiro21.cloudfront.net
3.161.136.86
truefalse
    		high
    google.com
    		142.250.217.174
    		truefalse
      		high
      accounts.google.com
      		172.217.2.205
      		truefalse
        		high
        www.google.com
        		142.250.217.228
        		truefalse
          		high
          clients.l.google.com
          		192.178.50.78
          		truefalse
            		high
            clients2.google.com
            		unknown
            		unknownfalse
              		high
              url.avanan.click
              		unknown
              		unknownfalse
                		unknown
                esa.trevertex.local
                		unknown
                		unknownfalse
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.110&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                    		high
                    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                      		high
                      https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VAfalse
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        192.178.50.78
                        		clients.l.google.comUnited States
                        		15169GOOGLEUSfalse
                        3.161.136.86
                        		d1u0leijqiro21.cloudfront.netUnited States
                        		16509AMAZON-02USfalse
                        239.255.255.250
                        		unknownReserved
                        		unknownunknownfalse
                        142.250.217.228
                        		www.google.comUnited States
                        		15169GOOGLEUSfalse
                        172.217.2.205
                        		accounts.google.comUnited States
                        		15169GOOGLEUSfalse

                        Private

                        IP
                        192.168.2.10

                        General Information

                        Joe Sandbox Version:38.0.0 Beryl
                        Analysis ID:1314629
                        Start date and time:2023-09-26 16:34:01 +02:00
                        Joe Sandbox Product:CloudBasic
                        Overall analysis duration:0h 2m 50s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:browseurl.jbs
                        Sample URL:https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA
                        Analysis system description:Windows 10, Office Professional Plus 2016, Chrome 115, Firefox 115, Adobe Reader 23, Java 8 Update 381
                        Number of analysed new started processes analysed:14
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Detection:CLEAN
                        Classification:clean0.win@22/0@13/6
                        EGA Information:Failed
                        HCA Information:
                        • Successful, ratio: 100%
                        • Number of executed functions: 0
                        • Number of non-executed functions: 0
                        • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, TextInputHost.exe, svchost.exe
                        • Excluded IPs from analysis (whitelisted): 142.250.64.195, 34.104.35.123, 72.21.81.240, 142.250.217.195
                        • Excluded domains from analysis (whitelisted): geover.prod.do.dsp.mp.microsoft.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size getting too big, too many NtSetInformationFile calls found.
                        • VT rate limit hit for: https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA

                        Simulations

                        Behavior and APIs

                        No simulations

                        Joe Sandbox View / Context

                        IPs

                        No context

                        Domains

                        No context

                        ASNs

                        No context

                        JA3 Fingerprints

                        No context

                        Dropped Files

                        No context

                        Created / dropped Files

                        No created / dropped files found

                        Static File Info

                        No static file info

                        Network Behavior

                        Download Network PCAP: filteredfull

                        Network Port Distribution

                        • Total Packets: 236
                        • 443 (HTTPS)
                        • 80 (HTTP)
                        • 53 (DNS)
                        TimestampSource PortDest PortSource IPDest IP
                        Sep 26, 2023 16:34:40.616477966 CEST4968280192.168.2.10104.77.36.175
                        Sep 26, 2023 16:34:40.616543055 CEST49681443192.168.2.10184.28.113.215
                        Sep 26, 2023 16:34:40.774797916 CEST49677443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:40.776913881 CEST49677443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:40.784105062 CEST49679443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:40.784408092 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:40.784432888 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:40.784531116 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:40.784730911 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:40.784739017 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:41.085275888 CEST49679443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.267668009 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:41.267755985 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.271534920 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.271543026 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:41.271884918 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:41.288409948 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.288497925 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.288506985 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:41.640985966 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:41.641098976 CEST4434969752.184.216.174192.168.2.10
                        Sep 26, 2023 16:34:41.641168118 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.642623901 CEST49697443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.650959015 CEST49680443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:41.651293993 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:41.651334047 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:41.651444912 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:41.651659966 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:41.651673079 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:41.694623947 CEST49679443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:41.819622993 CEST4968280192.168.2.10104.77.36.175
                        Sep 26, 2023 16:34:41.822228909 CEST49681443192.168.2.10184.28.113.215
                        Sep 26, 2023 16:34:41.960289955 CEST49680443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.123536110 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:42.123739004 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.124847889 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.124855995 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:42.125123978 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:42.126096964 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.126116991 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.126123905 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:42.480751991 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:42.480979919 CEST4434969852.179.219.14192.168.2.10
                        Sep 26, 2023 16:34:42.481035948 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.481203079 CEST49698443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.489798069 CEST49678443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.490108013 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.490137100 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:42.490221977 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.490375042 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.490391970 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:42.569746971 CEST49680443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:42.788455009 CEST49678443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.897792101 CEST49679443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:42.981364012 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:42.981498957 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.983220100 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.983231068 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:42.984075069 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:42.985196114 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.985227108 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:42.985234976 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:43.337354898 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:43.337457895 CEST4434969952.184.212.181192.168.2.10
                        Sep 26, 2023 16:34:43.337577105 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:43.337855101 CEST49699443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:43.361696959 CEST49673443192.168.2.102.20.212.212
                        Sep 26, 2023 16:34:43.362333059 CEST49674443192.168.2.102.20.212.212
                        Sep 26, 2023 16:34:43.362397909 CEST49675443192.168.2.102.20.212.212
                        Sep 26, 2023 16:34:43.362438917 CEST49672443192.168.2.102.20.212.212
                        Sep 26, 2023 16:34:43.362481117 CEST49676443192.168.2.102.20.212.212
                        Sep 26, 2023 16:34:43.397762060 CEST49678443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:43.772828102 CEST49680443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:44.225853920 CEST4968280192.168.2.10104.77.36.175
                        Sep 26, 2023 16:34:44.226154089 CEST49681443192.168.2.10184.28.113.215
                        Sep 26, 2023 16:34:44.600986004 CEST49678443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:44.804004908 CEST49677443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:45.304007053 CEST49679443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:46.179043055 CEST49680443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:46.781519890 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:46.781550884 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:46.781615973 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:46.782442093 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:46.782535076 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:46.782594919 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:46.783710957 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:46.783741951 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:46.783956051 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:46.783971071 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.004774094 CEST49678443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:47.086416960 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.086858034 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:47.086869955 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.088299990 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.088392973 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:47.090727091 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:47.090821028 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.091438055 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:47.091447115 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.094512939 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.094999075 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.095030069 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.095578909 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.095654964 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.096632004 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.096698999 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.098560095 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.098674059 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.098774910 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.098783970 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.141493082 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:47.141635895 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.362416029 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.362605095 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.362673044 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.365521908 CEST49701443192.168.2.10192.178.50.78
                        Sep 26, 2023 16:34:47.365539074 CEST44349701192.178.50.78192.168.2.10
                        Sep 26, 2023 16:34:47.380661964 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.381378889 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:47.381431103 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:47.388040066 CEST49700443192.168.2.10172.217.2.205
                        Sep 26, 2023 16:34:47.388051987 CEST44349700172.217.2.205192.168.2.10
                        Sep 26, 2023 16:34:48.530242920 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.530287027 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.530364990 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.531802893 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.531838894 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.531924009 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.532536983 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.532551050 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.532721043 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.532746077 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.849437952 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.853008032 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.853048086 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.853089094 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.853286028 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.853321075 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.854814053 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.854872942 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:48.854919910 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:48.854995966 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.032052040 CEST4968280192.168.2.10104.77.36.175
                        Sep 26, 2023 16:34:49.032090902 CEST49681443192.168.2.10184.28.113.215
                        Sep 26, 2023 16:34:49.101567984 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.101794958 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:49.101821899 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.105243921 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.105477095 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:49.142123938 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.142144918 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:49.156958103 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.157011032 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:49.189888954 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.204936981 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.598048925 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:49.598187923 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:49.598248005 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.598942041 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.598965883 CEST443497043.161.136.86192.168.2.10
                        Sep 26, 2023 16:34:49.598978996 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:49.599019051 CEST49704443192.168.2.103.161.136.86
                        Sep 26, 2023 16:34:50.113980055 CEST49679443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:34:50.985692024 CEST49680443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:34:51.357923031 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.357995033 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:34:51.358129025 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.358455896 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.358477116 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:34:51.643002033 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:34:51.643418074 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.643467903 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:34:51.645172119 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:34:51.645287991 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.647960901 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.648113012 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:34:51.688884020 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.688930988 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:34:51.735797882 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:34:51.813905001 CEST49678443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:54.409284115 CEST49677443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:34:58.022568941 CEST4434969623.0.174.136192.168.2.10
                        Sep 26, 2023 16:34:58.022764921 CEST49696443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:34:58.641226053 CEST4968280192.168.2.10104.77.36.175
                        Sep 26, 2023 16:34:58.641248941 CEST49681443192.168.2.10184.28.113.215
                        Sep 26, 2023 16:34:59.722518921 CEST49679443192.168.2.1052.184.216.174
                        Sep 26, 2023 16:35:00.613075972 CEST49680443192.168.2.1052.179.219.14
                        Sep 26, 2023 16:35:01.425616980 CEST49678443192.168.2.1052.184.212.181
                        Sep 26, 2023 16:35:01.622499943 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:01.622668028 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:01.622811079 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:01.996711969 CEST49706443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:01.996788025 CEST44349706142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:05.318638086 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:05.318700075 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:05.318784952 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:05.321278095 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:05.321294069 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:05.827476978 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:05.827734947 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:05.831655025 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:05.831688881 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:05.832119942 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:05.878839016 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.438520908 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.480511904 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760034084 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760097980 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760118961 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760159016 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760188103 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.760201931 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760257959 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760298967 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.760298967 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.760329962 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.760370016 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760442972 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.760457993 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760608912 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.760665894 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.789541006 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.789561033 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:06.789585114 CEST49707443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:06.789589882 CEST4434970713.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:07.223530054 CEST49696443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.223589897 CEST49696443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.224889040 CEST49710443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.224926949 CEST4434971023.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:07.224999905 CEST49710443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.228672028 CEST49710443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.228691101 CEST4434971023.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:07.470457077 CEST4434969623.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:07.470494986 CEST4434969623.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:07.496015072 CEST49710443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.504111052 CEST49711443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.504151106 CEST4434971123.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:07.504245996 CEST49711443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.504504919 CEST49711443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:07.504518986 CEST4434971123.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:08.255400896 CEST4434971123.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:08.255527973 CEST49711443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:18.832376957 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:35:18.832475901 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:35:18.832674026 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:35:19.112926960 CEST49703443192.168.2.103.161.136.86
                        Sep 26, 2023 16:35:19.112945080 CEST443497033.161.136.86192.168.2.10
                        Sep 26, 2023 16:35:27.495007992 CEST4434971123.0.174.136192.168.2.10
                        Sep 26, 2023 16:35:27.495126009 CEST49711443192.168.2.1023.0.174.136
                        Sep 26, 2023 16:35:30.759419918 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:30.759526968 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:30.759623051 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:30.761647940 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:30.761682987 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.030097008 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.030234098 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.032124996 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.032154083 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.032454967 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.078954935 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.097538948 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.144519091 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.276480913 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.276629925 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.276715994 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.276787996 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.276806116 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.276822090 CEST49715443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.276827097 CEST4434971523.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.320601940 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.320707083 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.320911884 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.321244955 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.321276903 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.584662914 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.584784985 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.586437941 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.586450100 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.586735964 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.588027954 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.628508091 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.858983040 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.859062910 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.859153986 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.860666037 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.860718012 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:31.860753059 CEST49716443192.168.2.1023.67.197.195
                        Sep 26, 2023 16:35:31.860770941 CEST4434971623.67.197.195192.168.2.10
                        Sep 26, 2023 16:35:36.464220047 CEST49691443192.168.2.1020.189.173.4
                        Sep 26, 2023 16:35:36.767322063 CEST49691443192.168.2.1020.189.173.4
                        Sep 26, 2023 16:35:36.878643990 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:36.878694057 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:36.878813028 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:36.880371094 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:36.880394936 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:37.376557112 CEST49691443192.168.2.1020.189.173.4
                        Sep 26, 2023 16:35:37.574266911 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:37.574440956 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:37.581244946 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:37.581258059 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:37.581660986 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:37.626669884 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:37.633913040 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:37.680524111 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:37.865634918 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:37.865742922 CEST4434971720.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:37.865840912 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:37.904441118 CEST49717443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:38.177598000 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.177691936 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.177809000 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.178404093 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.178438902 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.575242996 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.575397968 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.579696894 CEST49691443192.168.2.1020.189.173.4
                        Sep 26, 2023 16:35:38.580327034 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.580355883 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.580718994 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.581804037 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.628556013 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.828313112 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.828489065 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.828583002 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.828883886 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.828933001 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.828964949 CEST49718443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:38.828980923 CEST4434971823.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:38.847121954 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:38.847147942 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:38.847297907 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:38.847503901 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:38.847543955 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:39.626509905 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:39.626646996 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:39.628431082 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:39.628452063 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:39.628774881 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:39.630209923 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:39.672558069 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:39.892728090 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:39.892913103 CEST4434971920.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:39.893057108 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:39.894171000 CEST49719443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:39.939783096 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:39.939826965 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:39.939898014 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:39.940273046 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:39.940289974 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.333489895 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.333612919 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:40.335850000 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:40.335865021 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.336117983 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.337373972 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:40.384515047 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.586426973 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.586611986 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.586729050 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:40.587449074 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:40.587474108 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.587493896 CEST49720443192.168.2.1023.45.28.28
                        Sep 26, 2023 16:35:40.587502956 CEST4434972023.45.28.28192.168.2.10
                        Sep 26, 2023 16:35:40.639853954 CEST49721443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:40.639904976 CEST4434972120.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:40.640008926 CEST49721443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:40.640479088 CEST49721443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:40.640507936 CEST4434972120.54.24.69192.168.2.10
                        Sep 26, 2023 16:35:40.720594883 CEST49721443192.168.2.1020.54.24.69
                        Sep 26, 2023 16:35:40.985966921 CEST49691443192.168.2.1020.189.173.4
                        Sep 26, 2023 16:35:43.155108929 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:43.155162096 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:43.155263901 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:43.156256914 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:43.156286001 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:43.661372900 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:43.661531925 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:43.663141966 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:43.663156986 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:43.663563967 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:43.673261881 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:43.716511965 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.142990112 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.143026114 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.143078089 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.143151045 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:44.143184900 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.143215895 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:44.143241882 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:44.145657063 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.145704985 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.145739079 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:44.145752907 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.145770073 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:44.145792961 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:44.145824909 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:44.148332119 CEST49722443192.168.2.1013.85.23.86
                        Sep 26, 2023 16:35:44.148354053 CEST4434972213.85.23.86192.168.2.10
                        Sep 26, 2023 16:35:45.798952103 CEST49691443192.168.2.1020.189.173.4
                        Sep 26, 2023 16:35:51.632518053 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:51.632580042 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:51.632677078 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:51.633151054 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:51.633183956 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:51.908227921 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:51.910187006 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:51.910248041 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:51.910883904 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:51.911900043 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:51.912029028 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:35:51.953620911 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:35:55.406696081 CEST49691443192.168.2.1020.189.173.4
                        Sep 26, 2023 16:36:01.918128014 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:36:01.918231964 CEST44349724142.250.217.228192.168.2.10
                        Sep 26, 2023 16:36:01.918292046 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:36:03.122921944 CEST49724443192.168.2.10142.250.217.228
                        Sep 26, 2023 16:36:03.122956038 CEST44349724142.250.217.228192.168.2.10
                        TimestampSource PortDest PortSource IPDest IP
                        Sep 26, 2023 16:34:46.566097021 CEST6533953192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:46.566342115 CEST5070753192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:46.566936016 CEST5132653192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:46.567245960 CEST5115153192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:46.697465897 CEST53552568.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:46.705998898 CEST53507078.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:46.707093954 CEST53653398.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:46.712124109 CEST53513268.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:46.721539974 CEST53511518.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:47.581574917 CEST53567048.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:48.329617977 CEST6139353192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:48.335861921 CEST6187353192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:48.474041939 CEST53618738.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:48.524851084 CEST53613938.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:49.607418060 CEST5353453192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:49.745753050 CEST53535348.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:49.829340935 CEST5742953192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:49.830468893 CEST6034953192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:49.968868971 CEST53603498.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:49.974169970 CEST53574298.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:51.195712090 CEST6206453192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:51.196099043 CEST5526453192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:51.322716951 CEST53552648.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:51.333940029 CEST53620648.8.8.8192.168.2.10
                        Sep 26, 2023 16:34:56.181725025 CEST5720153192.168.2.108.8.8.8
                        Sep 26, 2023 16:34:56.339068890 CEST53572018.8.8.8192.168.2.10
                        Sep 26, 2023 16:35:04.566946983 CEST53528878.8.8.8192.168.2.10
                        Sep 26, 2023 16:35:23.531568050 CEST53624918.8.8.8192.168.2.10
                        Sep 26, 2023 16:35:26.462264061 CEST6229353192.168.2.108.8.8.8
                        Sep 26, 2023 16:35:26.619841099 CEST53622938.8.8.8192.168.2.10
                        Sep 26, 2023 16:35:46.220280886 CEST53578708.8.8.8192.168.2.10
                        Sep 26, 2023 16:35:46.602947950 CEST53608228.8.8.8192.168.2.10

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Sep 26, 2023 16:34:46.566097021 CEST192.168.2.108.8.8.80x61fcStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:46.566342115 CEST192.168.2.108.8.8.80x26cdStandard query (0)clients2.google.com65IN (0x0001)false
                        Sep 26, 2023 16:34:46.566936016 CEST192.168.2.108.8.8.80xa148Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:46.567245960 CEST192.168.2.108.8.8.80x7d73Standard query (0)accounts.google.com65IN (0x0001)false
                        Sep 26, 2023 16:34:48.329617977 CEST192.168.2.108.8.8.80xd200Standard query (0)url.avanan.clickA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:48.335861921 CEST192.168.2.108.8.8.80xe409Standard query (0)url.avanan.click65IN (0x0001)false
                        Sep 26, 2023 16:34:49.607418060 CEST192.168.2.108.8.8.80xdf46Standard query (0)esa.trevertex.localA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:49.829340935 CEST192.168.2.108.8.8.80x63acStandard query (0)google.comA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:49.830468893 CEST192.168.2.108.8.8.80x2f6dStandard query (0)google.comA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:51.195712090 CEST192.168.2.108.8.8.80x27e6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:51.196099043 CEST192.168.2.108.8.8.80x4072Standard query (0)www.google.com65IN (0x0001)false
                        Sep 26, 2023 16:34:56.181725025 CEST192.168.2.108.8.8.80x94b6Standard query (0)esa.trevertex.localA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:35:26.462264061 CEST192.168.2.108.8.8.80xf0e1Standard query (0)esa.trevertex.localA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Sep 26, 2023 16:34:46.705998898 CEST8.8.8.8192.168.2.100x26cdNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Sep 26, 2023 16:34:46.707093954 CEST8.8.8.8192.168.2.100x61fcNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                        Sep 26, 2023 16:34:46.707093954 CEST8.8.8.8192.168.2.100x61fcNo error (0)clients.l.google.com192.178.50.78A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:46.712124109 CEST8.8.8.8192.168.2.100xa148No error (0)accounts.google.com172.217.2.205A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:48.474041939 CEST8.8.8.8192.168.2.100xe409No error (0)url.avanan.clickd1u0leijqiro21.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                        Sep 26, 2023 16:34:48.524851084 CEST8.8.8.8192.168.2.100xd200No error (0)url.avanan.clickd1u0leijqiro21.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                        Sep 26, 2023 16:34:48.524851084 CEST8.8.8.8192.168.2.100xd200No error (0)d1u0leijqiro21.cloudfront.net3.161.136.86A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:48.524851084 CEST8.8.8.8192.168.2.100xd200No error (0)d1u0leijqiro21.cloudfront.net3.161.136.12A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:48.524851084 CEST8.8.8.8192.168.2.100xd200No error (0)d1u0leijqiro21.cloudfront.net3.161.136.22A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:48.524851084 CEST8.8.8.8192.168.2.100xd200No error (0)d1u0leijqiro21.cloudfront.net3.161.136.61A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:49.745753050 CEST8.8.8.8192.168.2.100xdf46Name error (3)esa.trevertex.localnonenoneA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:49.968868971 CEST8.8.8.8192.168.2.100x2f6dNo error (0)google.com142.250.217.174A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:49.974169970 CEST8.8.8.8192.168.2.100x63acNo error (0)google.com142.250.217.174A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:51.322716951 CEST8.8.8.8192.168.2.100x4072No error (0)www.google.com65IN (0x0001)false
                        Sep 26, 2023 16:34:51.333940029 CEST8.8.8.8192.168.2.100x27e6No error (0)www.google.com142.250.217.228A (IP address)IN (0x0001)false
                        Sep 26, 2023 16:34:56.339068890 CEST8.8.8.8192.168.2.100x94b6Name error (3)esa.trevertex.localnonenoneA (IP address)IN (0x0001)false
                        Sep 26, 2023 16:35:26.619841099 CEST8.8.8.8192.168.2.100xf0e1Name error (3)esa.trevertex.localnonenoneA (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • array504.prod.do.dsp.mp.microsoft.com
                        • array503.prod.do.dsp.mp.microsoft.com
                        • array510.prod.do.dsp.mp.microsoft.com
                        • accounts.google.com
                        • clients2.google.com
                        • url.avanan.click
                        • slscr.update.microsoft.com
                        • fs.microsoft.com
                        • geo.prod.do.dsp.mp.microsoft.com
                        • geover.prod.do.dsp.mp.microsoft.com

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        0192.168.2.104969752.184.216.174443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:41 UTC0OUTPOST /join/ HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Microsoft-Delivery-Optimization/10.0
                        MS-CV: OozOKIFhcke2XNhQ.2.30.1.2
                        Content-Length: 661
                        Host: array504.prod.do.dsp.mp.microsoft.com
                        2023-09-26 14:34:41 UTC0OUTData Raw: 7b 22 43 6f 6e 74 65 6e 74 49 64 22 3a 22 39 35 44 32 45 45 36 30 2d 43 39 44 33 2d 34 35 45 34 2d 38 37 36 44 2d 42 41 45 31 36 44 37 35 38 41 38 37 5f 31 36 5f 30 5f 31 36 35 32 39 5f 32 30 31 38 32 5f 53 54 52 45 41 4d 5f 58 38 36 5f 45 4e 5f 55 53 22 2c 22 41 6c 74 43 61 74 61 6c 6f 67 49 64 22 3a 22 68 74 74 70 3a 2f 2f 66 2e 63 32 72 2e 74 73 2e 63 64 6e 2e 6f 66 66 69 63 65 2e 6e 65 74 2f 70 72 2f 34 39 32 33 35 30 66 36 2d 33 61 30 31 2d 34 66 39 37 2d 62 39 63 30 2d 63 37 63 36 64 64 66 36 37 64 36 30 2f 4f 66 66 69 63 65 2f 44 61 74 61 2f 31 36 2e 30 2e 31 36 35 32 39 2e 32 30 31 38 32 2f 73 74 72 65 61 6d 2e 78 38 36 2e 65 6e 2d 75 73 2e 64 61 74 22 2c 22 50 65 65 72 49 64 22 3a 22 36 32 34 37 35 38 33 64 66 33 33 63 30 64 34 35 62 37 31 64 61
                        Data Ascii: {"ContentId":"95D2EE60-C9D3-45E4-876D-BAE16D758A87_16_0_16529_20182_STREAM_X86_EN_US","AltCatalogId":"http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.16529.20182/stream.x86.en-us.dat","PeerId":"6247583df33c0d45b71da
                        2023-09-26 14:34:41 UTC0INHTTP/1.1 200 OK
                        Cache-Control: private
                        Content-Type: text/html
                        Server: Microsoft-IIS/10.0
                        x-content-type-options: nosniff
                        X-AspNet-Version: 4.0.30319
                        X-Powered-By: ASP.NET
                        Date: Tue, 26 Sep 2023 14:34:41 GMT
                        Connection: close
                        Content-Length: 227
                        2023-09-26 14:34:41 UTC1INData Raw: 7b 22 46 61 69 6c 75 72 65 52 65 61 73 6f 6e 22 3a 6e 75 6c 6c 2c 22 4e 65 78 74 4a 6f 69 6e 54 69 6d 65 49 6e 74 65 72 76 61 6c 49 6e 4d 73 22 3a 33 32 30 39 39 39 36 2c 22 43 6f 6d 70 6c 65 74 65 22 3a 30 2c 22 49 6e 63 6f 6d 70 6c 65 74 65 22 3a 30 2c 22 52 65 64 69 73 63 6f 76 65 72 22 3a 66 61 6c 73 65 2c 22 4b 56 56 65 72 73 69 6f 6e 22 3a 22 30 2d 30 22 2c 22 47 65 6f 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 50 65 65 72 73 22 3a 5b 5d 2c 22 4c 65 61 76 65 22 3a 66 61 6c 73 65 7d
                        Data Ascii: {"FailureReason":null,"NextJoinTimeIntervalInMs":3209996,"Complete":0,"Incomplete":0,"Rediscover":false,"KVVersion":"0-0","GeoVersion":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","Peers":[],"Leave":false}


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        1192.168.2.104969852.179.219.14443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:42 UTC1OUTPOST /join/ HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Microsoft-Delivery-Optimization/10.0
                        MS-CV: vnMvnrB03kWwd4ls.2.0.0.10.2.41.1.2
                        Content-Length: 642
                        Host: array503.prod.do.dsp.mp.microsoft.com
                        2023-09-26 14:34:42 UTC1OUTData Raw: 7b 22 43 6f 6e 74 65 6e 74 49 64 22 3a 22 34 61 39 38 66 35 36 63 66 33 37 32 39 66 31 36 39 37 61 62 31 66 38 31 35 64 30 36 65 62 32 35 37 61 34 34 35 34 37 64 22 2c 22 41 6c 74 43 61 74 61 6c 6f 67 49 64 22 3a 22 68 74 74 70 3a 2f 2f 61 75 2e 64 6f 77 6e 6c 6f 61 64 2e 77 69 6e 64 6f 77 73 75 70 64 61 74 65 2e 63 6f 6d 2f 64 2f 6d 73 64 6f 77 6e 6c 6f 61 64 2f 75 70 64 61 74 65 2f 73 6f 66 74 77 61 72 65 2f 64 65 66 75 2f 32 30 32 33 2f 30 37 2f 61 6d 5f 62 61 73 65 5f 34 61 39 38 66 35 36 63 66 33 37 32 39 66 31 36 39 37 61 62 31 66 38 31 35 64 30 36 65 62 32 35 37 61 34 34 35 34 37 64 2e 65 78 65 22 2c 22 50 65 65 72 49 64 22 3a 22 62 32 32 66 35 62 36 31 34 37 30 64 39 39 34 35 61 37 66 35 35 63 38 30 61 66 62 64 61 39 36 34 30 30 30 30 30 30 30 30
                        Data Ascii: {"ContentId":"4a98f56cf3729f1697ab1f815d06eb257a44547d","AltCatalogId":"http://au.download.windowsupdate.com/d/msdownload/update/software/defu/2023/07/am_base_4a98f56cf3729f1697ab1f815d06eb257a44547d.exe","PeerId":"b22f5b61470d9945a7f55c80afbda96400000000
                        2023-09-26 14:34:42 UTC2INHTTP/1.1 200 OK
                        Cache-Control: private
                        Content-Type: text/html
                        Server: Microsoft-IIS/10.0
                        x-content-type-options: nosniff
                        X-AspNet-Version: 4.0.30319
                        X-Powered-By: ASP.NET
                        Date: Tue, 26 Sep 2023 14:34:42 GMT
                        Connection: close
                        Content-Length: 227
                        2023-09-26 14:34:42 UTC2INData Raw: 7b 22 46 61 69 6c 75 72 65 52 65 61 73 6f 6e 22 3a 6e 75 6c 6c 2c 22 4e 65 78 74 4a 6f 69 6e 54 69 6d 65 49 6e 74 65 72 76 61 6c 49 6e 4d 73 22 3a 32 30 38 33 37 37 35 2c 22 43 6f 6d 70 6c 65 74 65 22 3a 30 2c 22 49 6e 63 6f 6d 70 6c 65 74 65 22 3a 30 2c 22 52 65 64 69 73 63 6f 76 65 72 22 3a 66 61 6c 73 65 2c 22 4b 56 56 65 72 73 69 6f 6e 22 3a 22 30 2d 30 22 2c 22 47 65 6f 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 50 65 65 72 73 22 3a 5b 5d 2c 22 4c 65 61 76 65 22 3a 66 61 6c 73 65 7d
                        Data Ascii: {"FailureReason":null,"NextJoinTimeIntervalInMs":2083775,"Complete":0,"Incomplete":0,"Rediscover":false,"KVVersion":"0-0","GeoVersion":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","Peers":[],"Leave":false}


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        10192.168.2.104971523.67.197.195443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:31 UTC34OUTHEAD /fs/windows/config.json HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: identity
                        User-Agent: Microsoft BITS/7.8
                        Host: fs.microsoft.com
                        2023-09-26 14:35:31 UTC34INHTTP/1.1 200 OK
                        ApiVersion: Distribute 1.1
                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                        Content-Type: application/octet-stream
                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                        Server: ECAcc (chd/072F)
                        X-CID: 11
                        Cache-Control: public, max-age=168074
                        Date: Tue, 26 Sep 2023 14:35:31 GMT
                        Connection: close
                        X-CID: 2


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        11192.168.2.104971623.67.197.195443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:31 UTC34OUTGET /fs/windows/config.json HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: identity
                        If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                        Range: bytes=0-2147483646
                        User-Agent: Microsoft BITS/7.8
                        Host: fs.microsoft.com
                        2023-09-26 14:35:31 UTC35INHTTP/1.1 200 OK
                        Content-Type: application/octet-stream
                        Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                        ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                        ApiVersion: Distribute 1.1
                        Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                        X-Azure-Ref: 0DZ+oYgAAAABSxwJpMgMuSLkfS640ajfFQVRBRURHRTEyMTkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm
                        Cache-Control: public, max-age=168041
                        Date: Tue, 26 Sep 2023 14:35:31 GMT
                        Content-Length: 55
                        Connection: close
                        X-CID: 2
                        2023-09-26 14:35:31 UTC35INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                        Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        12192.168.2.104971720.54.24.69443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:37 UTC35OUTGET /geo?doClientVersion=10.0.19041.746&profile=1048832&callId=2016907992 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: gzip, deflate
                        User-Agent: Microsoft-Delivery-Optimization/10.0
                        MS-CV: GJL0DDALw0aC7e3L.1.1.1
                        Content-Length: 0
                        Host: geo.prod.do.dsp.mp.microsoft.com
                        2023-09-26 14:35:37 UTC36INHTTP/1.1 200 OK
                        Cache-Control: private
                        Content-Type: text/json
                        Server: Microsoft-IIS/10.0
                        x-content-type-options: nosniff
                        X-AspNet-Version: 4.0.30319
                        X-Powered-By: ASP.NET
                        Date: Tue, 26 Sep 2023 14:35:37 GMT
                        Connection: close
                        Content-Length: 305
                        2023-09-26 14:35:37 UTC36INData Raw: 7b 22 45 78 74 65 72 6e 61 6c 49 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 32 39 2e 31 35 33 2e 32 33 35 22 2c 22 43 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 4b 65 79 56 61 6c 75 65 5f 45 6e 64 70 6f 69 6e 74 46 75 6c 6c 55 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 76 38 30 31 2e 70 72 6f 64 2e 64 6f 2e 64 73 70 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 6c 6c 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 43 61 63 68 65 49 64 22 3a 22 37 22 2c 22 43 6f 6d 70 61 63 74 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 37
                        Data Ascii: {"ExternalIpAddress":"102.129.153.235","CountryCode":"US","KeyValue_EndpointFullUri":"https://kv801.prod.do.dsp.mp.microsoft.com/all","Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","CacheId":"7","CompactVersion":"10.0.19041.7


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        13192.168.2.104971823.45.28.28443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:38 UTC36OUTGET /geoversion?doClientVersion=10.0.19041.746&profile=1048832 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: gzip, deflate
                        User-Agent: Microsoft-Delivery-Optimization/10.0
                        MS-CV: GJL0DDALw0aC7e3L.3.1.1
                        Content-Length: 0
                        Host: geover.prod.do.dsp.mp.microsoft.com
                        2023-09-26 14:35:38 UTC36INHTTP/1.1 200 OK
                        Content-Type: text/json
                        Server: Microsoft-IIS/10.0
                        x-content-type-options: nosniff
                        X-AspNet-Version: 4.0.30319
                        X-Powered-By: ASP.NET
                        Content-Length: 121
                        Cache-Control: max-age=261
                        Date: Tue, 26 Sep 2023 14:35:38 GMT
                        Connection: close
                        2023-09-26 14:35:38 UTC37INData Raw: 7b 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 54 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 33 2d 30 39 2d 32 36 54 31 34 3a 33 34 3a 33 36 2e 37 30 38 37 32 33 37 5a 22 7d
                        Data Ascii: {"Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","Timestamp":"2023-09-26T14:34:36.7087237Z"}


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        14192.168.2.104971920.54.24.69443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:39 UTC37OUTGET /geo?doClientVersion=10.0.19041.746&profile=1048832&callId=1608168369 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: gzip, deflate
                        User-Agent: Microsoft-Delivery-Optimization/10.0
                        MS-CV: GJL0DDALw0aC7e3L.4.1.1
                        Content-Length: 0
                        Host: geo.prod.do.dsp.mp.microsoft.com
                        2023-09-26 14:35:39 UTC37INHTTP/1.1 200 OK
                        Cache-Control: private
                        Content-Type: text/json
                        Server: Microsoft-IIS/10.0
                        x-content-type-options: nosniff
                        X-AspNet-Version: 4.0.30319
                        X-Powered-By: ASP.NET
                        Date: Tue, 26 Sep 2023 14:35:39 GMT
                        Connection: close
                        Content-Length: 305
                        2023-09-26 14:35:39 UTC37INData Raw: 7b 22 45 78 74 65 72 6e 61 6c 49 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 32 39 2e 31 35 33 2e 32 33 35 22 2c 22 43 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 4b 65 79 56 61 6c 75 65 5f 45 6e 64 70 6f 69 6e 74 46 75 6c 6c 55 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 76 38 30 31 2e 70 72 6f 64 2e 64 6f 2e 64 73 70 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 6c 6c 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 43 61 63 68 65 49 64 22 3a 22 37 22 2c 22 43 6f 6d 70 61 63 74 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 37
                        Data Ascii: {"ExternalIpAddress":"102.129.153.235","CountryCode":"US","KeyValue_EndpointFullUri":"https://kv801.prod.do.dsp.mp.microsoft.com/all","Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","CacheId":"7","CompactVersion":"10.0.19041.7


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        15192.168.2.104972023.45.28.28443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:40 UTC38OUTGET /geoversion?doClientVersion=10.0.19041.746&profile=1048832 HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        Accept-Encoding: gzip, deflate
                        User-Agent: Microsoft-Delivery-Optimization/10.0
                        MS-CV: GJL0DDALw0aC7e3L.6.1.1
                        Content-Length: 0
                        Host: geover.prod.do.dsp.mp.microsoft.com
                        2023-09-26 14:35:40 UTC38INHTTP/1.1 200 OK
                        Content-Type: text/json
                        Server: Microsoft-IIS/10.0
                        x-content-type-options: nosniff
                        X-AspNet-Version: 4.0.30319
                        X-Powered-By: ASP.NET
                        Content-Length: 121
                        Cache-Control: max-age=259
                        Date: Tue, 26 Sep 2023 14:35:40 GMT
                        Connection: close
                        2023-09-26 14:35:40 UTC38INData Raw: 7b 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 54 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 33 2d 30 39 2d 32 36 54 31 34 3a 33 34 3a 33 36 2e 37 30 38 37 32 33 37 5a 22 7d
                        Data Ascii: {"Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","Timestamp":"2023-09-26T14:34:36.7087237Z"}


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        16192.168.2.104972213.85.23.86443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:43 UTC38OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19043.928/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.906&MK=v4ePeryerDyKMbd&MD=Tgf2XlpW HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31
                        Host: slscr.update.microsoft.com
                        2023-09-26 14:35:44 UTC39INHTTP/1.1 200 OK
                        Cache-Control: no-cache
                        Pragma: no-cache
                        Content-Type: application/octet-stream
                        Expires: -1
                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                        ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                        MS-CorrelationId: 238a1c0f-facc-41ac-9b91-f6c34e0ff1a4
                        MS-RequestId: ee3ad48d-8e90-4e82-b0f9-5e77f138650a
                        MS-CV: OjNxYwyonkW2E7Pn.0
                        X-Microsoft-SLSClientCache: 2160
                        Content-Disposition: attachment; filename=environment.cab
                        X-Content-Type-Options: nosniff
                        Date: Tue, 26 Sep 2023 14:35:42 GMT
                        Connection: close
                        Content-Length: 25457
                        2023-09-26 14:35:44 UTC39INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                        Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                        2023-09-26 14:35:44 UTC55INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                        Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        2192.168.2.104969952.184.212.181443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:42 UTC2OUTPOST /join/ HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Microsoft-Delivery-Optimization/10.0
                        MS-CV: H6D35h1UN02Nady/jB5Smw.0.2.36.1.2
                        Content-Length: 627
                        Host: array510.prod.do.dsp.mp.microsoft.com
                        2023-09-26 14:34:42 UTC2OUTData Raw: 7b 22 43 6f 6e 74 65 6e 74 49 64 22 3a 22 42 30 77 61 48 6f 5a 4a 63 7a 4f 7a 77 57 61 70 74 64 31 6b 6a 58 66 45 68 5a 50 43 47 50 7a 4b 36 48 62 53 63 45 69 72 78 4b 59 3d 22 2c 22 41 6c 74 43 61 74 61 6c 6f 67 49 64 22 3a 22 68 74 74 70 3a 2f 2f 6d 73 65 64 67 65 2e 62 2e 74 6c 75 2e 64 6c 2e 64 65 6c 69 76 65 72 79 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 72 65 61 6d 69 6e 67 73 65 72 76 69 63 65 2f 66 69 6c 65 73 2f 37 63 31 65 31 37 35 33 2d 32 32 39 33 2d 34 36 34 32 2d 38 37 37 65 2d 35 33 63 32 30 32 63 36 62 34 38 34 22 2c 22 50 65 65 72 49 64 22 3a 22 36 39 63 30 31 33 37 35 38 33 33 34 34 61 34 33 38 62 38 33 35 36 66 61 32 65 35 36 37 33 61 63 30 30 30 30 30 30 30 30 22 2c 22 52 65 70 6f 72 74 65 64 49 70 22 3a
                        Data Ascii: {"ContentId":"B0waHoZJczOzwWaptd1kjXfEhZPCGPzK6HbScEirxKY=","AltCatalogId":"http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/7c1e1753-2293-4642-877e-53c202c6b484","PeerId":"69c0137583344a438b8356fa2e5673ac00000000","ReportedIp":
                        2023-09-26 14:34:43 UTC3INHTTP/1.1 200 OK
                        Cache-Control: private
                        Content-Type: text/html
                        Server: Microsoft-IIS/10.0
                        x-content-type-options: nosniff
                        X-AspNet-Version: 4.0.30319
                        X-Powered-By: ASP.NET
                        Date: Tue, 26 Sep 2023 14:34:43 GMT
                        Connection: close
                        Content-Length: 227
                        2023-09-26 14:34:43 UTC3INData Raw: 7b 22 46 61 69 6c 75 72 65 52 65 61 73 6f 6e 22 3a 6e 75 6c 6c 2c 22 4e 65 78 74 4a 6f 69 6e 54 69 6d 65 49 6e 74 65 72 76 61 6c 49 6e 4d 73 22 3a 31 33 33 39 38 32 33 2c 22 43 6f 6d 70 6c 65 74 65 22 3a 30 2c 22 49 6e 63 6f 6d 70 6c 65 74 65 22 3a 30 2c 22 52 65 64 69 73 63 6f 76 65 72 22 3a 66 61 6c 73 65 2c 22 4b 56 56 65 72 73 69 6f 6e 22 3a 22 30 2d 30 22 2c 22 47 65 6f 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 50 65 65 72 73 22 3a 5b 5d 2c 22 4c 65 61 76 65 22 3a 66 61 6c 73 65 7d
                        Data Ascii: {"FailureReason":null,"NextJoinTimeIntervalInMs":1339823,"Complete":0,"Incomplete":0,"Rediscover":false,"KVVersion":"0-0","GeoVersion":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","Peers":[],"Leave":false}


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        3192.168.2.1049700172.217.2.205443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:47 UTC3OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                        Host: accounts.google.com
                        Connection: keep-alive
                        Content-Length: 1
                        Origin: https://www.google.com
                        Content-Type: application/x-www-form-urlencoded
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9
                        Cookie: CONSENT=YES+srp.gws-20220323-0-RC3.en+FX+827
                        2023-09-26 14:34:47 UTC4OUTData Raw: 20
                        Data Ascii:


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        4192.168.2.1049701192.178.50.78443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:47 UTC4OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.110&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                        Host: clients2.google.com
                        Connection: keep-alive
                        X-Goog-Update-Interactivity: fg
                        X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                        X-Goog-Update-Updater: chromecrx-115.0.5790.110
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: no-cors
                        Sec-Fetch-Dest: empty
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        5192.178.50.78443192.168.2.1049701C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:47 UTC5INHTTP/1.1 200 OK
                        Content-Security-Policy: script-src 'report-sample' 'nonce-Dx9ZVIn-ZZnogSLUDDL-nQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Tue, 26 Sep 2023 14:34:47 GMT
                        Content-Type: text/xml; charset=UTF-8
                        X-Daynum: 6112
                        X-Daystart: 27287
                        X-Content-Type-Options: nosniff
                        X-Frame-Options: SAMEORIGIN
                        X-XSS-Protection: 1; mode=block
                        Server: GSE
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2023-09-26 14:34:47 UTC5INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 31 32 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 32 37 32 38 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                        Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6112" elapsed_seconds="27287"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                        2023-09-26 14:34:47 UTC6INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                        Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                        2023-09-26 14:34:47 UTC6INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        6172.217.2.205443192.168.2.1049700C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:47 UTC6INHTTP/1.1 200 OK
                        Content-Type: application/json; charset=utf-8
                        Access-Control-Allow-Origin: https://www.google.com
                        Access-Control-Allow-Credentials: true
                        X-Content-Type-Options: nosniff
                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                        Pragma: no-cache
                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                        Date: Tue, 26 Sep 2023 14:34:47 GMT
                        Strict-Transport-Security: max-age=31536000; includeSubDomains
                        Content-Security-Policy: script-src 'report-sample' 'nonce-YSkYJYFBP1W8GbuDdt6A2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                        Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                        Cross-Origin-Opener-Policy: same-origin
                        Server: ESF
                        X-XSS-Protection: 0
                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                        Accept-Ranges: none
                        Vary: Accept-Encoding
                        Connection: close
                        Transfer-Encoding: chunked
                        2023-09-26 14:34:47 UTC8INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                        Data Ascii: 11["gaia.l.a.r",[]]
                        2023-09-26 14:34:47 UTC8INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        7192.168.2.10497043.161.136.86443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:49 UTC8OUTGET /v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA HTTP/1.1
                        Host: url.avanan.click
                        Connection: keep-alive
                        sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"
                        sec-ch-ua-mobile: ?0
                        sec-ch-ua-platform: "Windows"
                        Upgrade-Insecure-Requests: 1
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
                        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                        Sec-Fetch-Site: none
                        Sec-Fetch-Mode: navigate
                        Sec-Fetch-User: ?1
                        Sec-Fetch-Dest: document
                        Accept-Encoding: gzip, deflate, br
                        Accept-Language: en-US,en;q=0.9


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        83.161.136.86443192.168.2.1049704C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:34:49 UTC9INHTTP/1.1 302 Found
                        Content-Length: 0
                        Connection: close
                        Date: Tue, 26 Sep 2023 14:34:49 GMT
                        location: https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com
                        Apigw-Requestid: L3nRfigvoAMEWRw=
                        set-cookie: x-cloud-sec-ctp = 514b9583-c95f-45d1-ae7a-7a8d82cafb12; Secure; HttpOnly; path=/; expires=25-Sep-2024 14:34:49 GMT
                        X-Cache: Miss from cloudfront
                        Via: 1.1 73a9e956bca0b4ec953d1d3672a33ae2.cloudfront.net (CloudFront)
                        X-Amz-Cf-Pop: ATL59-P4
                        X-Amz-Cf-Id: LxgOKUmJ6g7JqKZvVIahftONOvlyeiiWjzOzyu0jozQgA15kxGPkOg==


                        Session IDSource IPSource PortDestination IPDestination PortProcess
                        9192.168.2.104970713.85.23.86443C:\Program Files\Google\Chrome\Application\chrome.exe
                        TimestampkBytes transferredDirectionData
                        2023-09-26 14:35:06 UTC9OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19043.928/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.906&MK=v4ePeryerDyKMbd&MD=Tgf2XlpW HTTP/1.1
                        Connection: Keep-Alive
                        Accept: */*
                        User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.31
                        Host: slscr.update.microsoft.com
                        2023-09-26 14:35:06 UTC9INHTTP/1.1 200 OK
                        Cache-Control: no-cache
                        Pragma: no-cache
                        Content-Type: application/octet-stream
                        Expires: -1
                        Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                        ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                        MS-CorrelationId: ed1fe649-2956-44de-b1db-e536140f6383
                        MS-RequestId: 74768b85-5b53-4a32-a252-699030484db5
                        MS-CV: YBEXlsXjc0WzjFQo.0
                        X-Microsoft-SLSClientCache: 2880
                        Content-Disposition: attachment; filename=environment.cab
                        X-Content-Type-Options: nosniff
                        Date: Tue, 26 Sep 2023 14:35:05 GMT
                        Connection: close
                        Content-Length: 24490
                        2023-09-26 14:35:06 UTC10INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                        Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                        2023-09-26 14:35:06 UTC25INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                        Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                        Statistics

                        CPU Usage

                        020406080s020406080100

                        Click to jump to process

                        Memory Usage

                        020406080s0.0050100MB

                        Click to jump to process

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:16:34:44
                        Start date:26/09/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                        Imagebase:0x7ff7d24c0000
                        File size:3'217'176 bytes
                        MD5 hash:B5FF854EAE31D49E10B4DC714D8296F1
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Process Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Process Token Activities


                        General

                        Target ID:1
                        Start time:16:34:44
                        Start date:26/09/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1932,i,7473679338453462237,18009064073529994329,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                        Imagebase:0x7ff7d24c0000
                        File size:3'217'176 bytes
                        MD5 hash:B5FF854EAE31D49E10B4DC714D8296F1
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false
                        Show Windows behavior

                        File Activities

                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        Show Windows behavior

                        Memory Activities


                        General

                        Target ID:3
                        Start time:16:34:47
                        Start date:26/09/2023
                        Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.avanan.click/v2/___https://esa.trevertex.local:83/Search?email=aaron.fuleki%40kbra.com___.YXAzOmticmE6YTpvOjAyOWQ1MWJlNzhhMTcwMzU2YmJmYjAwNGVjODlmNjZjOjY6ODJkYzo2Y2EzMzU0Mzc3NDlhMzhjOTRkNDRjYmI2OWQyMTcwODg4YWIxMTg2MGFjNjVlNzg3OTdhY2E1ODlhOTRhZDhiOmg6VA
                        Imagebase:0x7ff7d24c0000
                        File size:3'217'176 bytes
                        MD5 hash:B5FF854EAE31D49E10B4DC714D8296F1
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                        There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

                        Disassembly

                        No disassembly