Edit tour

Windows Analysis Report
http://qtx.omeclk.com

Overview

General Information

Sample URL:	http://qtx.omeclk.com
Analysis ID:	1342333
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5356 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2224,i,1667927600458203538,13054870842384469206,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 64 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://qtx.omeclk.com MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: http://qtx.omeclk.com/portal/PrivacyNotice.jsp

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.240.146:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.240.146:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.247.108:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.247.108:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.247.108:443 -> 192.168.2.6:49733 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lVRGKUy9M1pKsSm&MD=5N+MUCmh HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lVRGKUy9M1pKsSm&MD=5N+MUCmh HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: qtx.omeclk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /portal/PrivacyNotice.jsp HTTP/1.1Host: qtx.omeclk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qtx.omeclk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://qtx.omeclk.com/portal/PrivacyNotice.jspAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qtx.omeclk.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: qtx.omeclk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /portal/PrivacyNotice.jsp HTTP/1.1Host: qtx.omeclk.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: chromecache_50.2.dr

String found in binary or memory: http://qtx.omeclk.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 104.117.234.93
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.83.240.146
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157
Source: unknown	TCP traffic detected without corresponding DNS query: 40.68.123.157

Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.240.146:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.117.234.93:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.240.146:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.247.108:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.247.108:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.83.247.108:443 -> 192.168.2.6:49733 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_5356_186115686

Jump to behavior

Source: classification engine

Classification label: clean0.win@17/3@10/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2224,i,1667927600458203538,13054870842384469206,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://qtx.omeclk.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2224,i,1667927600458203538,13054870842384469206,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://qtx.omeclk.com	0%	Avira URL Cloud	safe
http://qtx.omeclk.com	0%	Virustotal		Browse

Source	Detection	Scanner	Label	Link
http://qtx.omeclk.com/favicon.ico	0%	Avira URL Cloud	safe
http://qtx.omeclk.com/	0%	Avira URL Cloud	safe
http://qtx.omeclk.com/portal/PrivacyNotice.jsp	0%	Virustotal		Browse
http://qtx.omeclk.com/	0%	Virustotal		Browse

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	142.250.69.205	true	false	high
qtx.omeclk.com	205.162.42.171	true	false	unknown
www.google.com	142.251.211.228	true	false	high
clients.l.google.com	172.217.14.206	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://qtx.omeclk.com/portal/PrivacyNotice.jsp	false	0%, Virustotal, Browse	unknown
http://qtx.omeclk.com/portal/PrivacyNotice.jsp	false	0%, Virustotal, Browse	unknown
http://qtx.omeclk.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
http://qtx.omeclk.com/	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://qtx.omeclk.com	chromecache_50.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.14.206	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.211.228	www.google.com	United States	15169	GOOGLEUS	false
142.250.69.205	accounts.google.com	United States	15169	GOOGLEUS	false
205.162.42.171	qtx.omeclk.com	United States	53866	QTS-ASUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1342333
Start date and time:	2023-11-14 14:23:24 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://qtx.omeclk.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@17/3@10/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Browse: http://qtx.omeclk.com/

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.33.67, 34.104.35.123, 192.229.211.108, 8.252.36.126, 142.250.217.99
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15086
Entropy (8bit):	3.628946365336269
Encrypted:	false
SSDEEP:	96:jphk5MxdIvL9tfjiPii7047N52aFX3QUU0fCi1Ytf6gtI05VLsQQk:j47riPiiQ47PtFXpSwYtfZv4QQk
MD5:	B2A45EA0E3AD58C0D2130C9BBA784FE4
SHA1:	1C7EDF3DBA14BA5784591AE91BF049A876C5B05B
SHA-256:	61A453DDC975D384C6059ACDCC4776C0BECBF841889794C3B659C14D2550D3FA
SHA-512:	F0D40652FA158898C216BA87440FE18BF57BBF2A52B5EDC83E34D815F650EF7B77384DA920B5A6F3B86694EF69DB34E3A7CDD3B6BB291CCCCC14E55BBEFECDFD
Malicious:	false
Reputation:	low
URL:	http://qtx.omeclk.com/favicon.ico
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$..................................................................................r./.yH.$yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[yH.$r./.........................................................................................................................yH..yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[..................................................................................................................7.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.4..........7...7.............................................................................................yH.4yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH...............Ki.K..K-................................................................................r./.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.oyH.oyH..yH..yH..yH..yH..yH.4.........K..

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	660
Entropy (8bit):	4.903799061761463
Encrypted:	false
SSDEEP:	12:/TlYzhkvf1TruPq0AZLCgwT/rh84xLseBUoAz3iO2kWH80GS:/Tlr1yqfwjh8kAzbNWHN
MD5:	9260F95DCB65D9805FA9966A1D544D6B
SHA1:	5D5DDBC9FEAD8FCEBCDB8AD779AD21D0A7CD8448
SHA-256:	3813278212308487BEF5AB5551D3CB111A25400A0AA1532DB9DEB07E10BB9B9F
SHA-512:	A1A4E5420705E3446791CD36AC9C75D9EA0DA6227125DD823435F37BBDC50C2E6CE62B7D22A2C8B159931547B6FFEE264CC056A8E5EFB3B0A6D7076540D546F1
Malicious:	false
Reputation:	low
URL:	http://qtx.omeclk.com/portal/PrivacyNotice.jsp
Preview:	........................ ..........................................................<html style="direction: ltr;" lang="en">..<head>.. <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type">.. <title>Privacy Policy Page</title>.. <meta content="Omeda" name="author">.. <meta content="Home Page for the Omail omessage.com redirect service" name="description">.. ..</head>....<body style="background-color: rgb(245, 248, 250);" topmargin="15" leftmargin="15">..<br><br>....This domain, <a href='http://qtx.omeclk.com'>qtx.omeclk.com</a>, is used by Questex Media.<br>....<br><br>Thank you...<br><br>..</body>..</html>..............

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15086
Entropy (8bit):	3.628946365336269
Encrypted:	false
SSDEEP:	96:jphk5MxdIvL9tfjiPii7047N52aFX3QUU0fCi1Ytf6gtI05VLsQQk:j47riPiiQ47PtFXpSwYtfZv4QQk
MD5:	B2A45EA0E3AD58C0D2130C9BBA784FE4
SHA1:	1C7EDF3DBA14BA5784591AE91BF049A876C5B05B
SHA-256:	61A453DDC975D384C6059ACDCC4776C0BECBF841889794C3B659C14D2550D3FA
SHA-512:	F0D40652FA158898C216BA87440FE18BF57BBF2A52B5EDC83E34D815F650EF7B77384DA920B5A6F3B86694EF69DB34E3A7CDD3B6BB291CCCCC14E55BBEFECDFD
Malicious:	false
Reputation:	low
Preview:	......00.... ..%..6... .... ......%........ .h....6..(...0...`..... ......$..................................................................................r./.yH.$yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[yH.$r./.........................................................................................................................yH..yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.[..................................................................................................................7.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.4..........7...7.............................................................................................yH.4yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH...............Ki.K..K-................................................................................r./.yH.[yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH..yH.oyH.oyH..yH..yH..yH..yH..yH.4.........K..

Total Packets: 197
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 14, 2023 14:24:09.872034073 CET	49673	443	192.168.2.6	173.222.162.64
Nov 14, 2023 14:24:09.872263908 CET	49674	443	192.168.2.6	173.222.162.64
Nov 14, 2023 14:24:10.137770891 CET	49672	443	192.168.2.6	173.222.162.64
Nov 14, 2023 14:24:14.784214973 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:14.784243107 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:14.784305096 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:14.784775972 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:14.784794092 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:14.785347939 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:14.785427094 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:14.785512924 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:14.785861969 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:14.785898924 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.118005991 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.118258953 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.118307114 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:15.118336916 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.118454933 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.118469000 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.119018078 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.119091034 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.119551897 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.119611025 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:15.120038033 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.120093107 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.121175051 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:15.121259928 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.121470928 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:15.121484041 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.121618986 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.121711016 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.121779919 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.121784925 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.329288006 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.329386950 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.333266020 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.333357096 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:15.422141075 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.422547102 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.422605038 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.422858953 CET	49709	443	192.168.2.6	172.217.14.206
Nov 14, 2023 14:24:15.422871113 CET	443	49709	172.217.14.206	192.168.2.6
Nov 14, 2023 14:24:15.426460981 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.426852942 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:15.426949024 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:15.427629948 CET	49710	443	192.168.2.6	142.250.69.205
Nov 14, 2023 14:24:15.427665949 CET	443	49710	142.250.69.205	192.168.2.6
Nov 14, 2023 14:24:16.712254047 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:16.713057995 CET	49714	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:16.809355021 CET	49715	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:16.919387102 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:16.919502020 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:16.919632912 CET	80	49714	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:16.919694901 CET	49714	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:16.919821978 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.016252041 CET	80	49715	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.016465902 CET	49715	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.125932932 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.128346920 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.334239960 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.394665956 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.394819975 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.394974947 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.453857899 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.660099030 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.661928892 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.661955118 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.661969900 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.661986113 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.662045956 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.662092924 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.870872974 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.870959997 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.870976925 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.870987892 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.871004105 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:17.871153116 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:17.919508934 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.077091932 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.077147007 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.077158928 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.077167988 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.077286959 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.077339888 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.366796017 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.422709942 CET	49719	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.573756933 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.573945999 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.574250937 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.630765915 CET	80	49719	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.630868912 CET	49719	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.631778002 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:18.631856918 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:18.631926060 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:18.632174015 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:18.632214069 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:18.781085014 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.789683104 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.789747953 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.789798975 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.789817095 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.839159012 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.964157104 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:18.965017080 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:18.965069056 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:18.966509104 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:18.966614008 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:18.995718002 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.995872974 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.995913982 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.995929956 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:18.995955944 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:18.996102095 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:19.045238018 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:19.045320988 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:19.045428038 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:19.077908993 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:19.078116894 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:19.120543957 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:19.120568991 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:19.167292118 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:19.202001095 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:19.202023983 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:19.202039003 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:19.202068090 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:19.202095985 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:19.202131033 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:19.330352068 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.330421925 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:19.330503941 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.331958055 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.331991911 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:19.479873896 CET	49674	443	192.168.2.6	173.222.162.64
Nov 14, 2023 14:24:19.479873896 CET	49673	443	192.168.2.6	173.222.162.64
Nov 14, 2023 14:24:19.493082047 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:19.493144989 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:19.493226051 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:19.497332096 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:19.497361898 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:19.745415926 CET	49672	443	192.168.2.6	173.222.162.64
Nov 14, 2023 14:24:19.826004028 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:19.826313972 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:19.831295967 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:19.831306934 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:19.831834078 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:19.881222010 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:19.881345987 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.886023045 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:19.886188984 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.886214018 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:19.886554003 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:19.896681070 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.896682024 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.896785021 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:19.896821022 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:19.922004938 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:19.937333107 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:19.965295076 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.069526911 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:20.069610119 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:20.069778919 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:20.071342945 CET	49721	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:20.071396112 CET	443	49721	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:20.117481947 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.117676973 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.117738008 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.117899895 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.117899895 CET	49722	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.117923021 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.117934942 CET	443	49722	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.157632113 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.157712936 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.157841921 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.158207893 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.158242941 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.469432116 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.469674110 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.470912933 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.470941067 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.471196890 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.472564936 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.513318062 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.772300959 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.772409916 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.772500992 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.775384903 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.775429010 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:20.775460958 CET	49723	443	192.168.2.6	104.117.234.93
Nov 14, 2023 14:24:20.775476933 CET	443	49723	104.117.234.93	192.168.2.6
Nov 14, 2023 14:24:21.160235882 CET	443	49706	173.222.162.64	192.168.2.6
Nov 14, 2023 14:24:21.160351038 CET	49706	443	192.168.2.6	173.222.162.64
Nov 14, 2023 14:24:27.328078032 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.328119993 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:27.328186035 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.329336882 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.329351902 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:27.680485010 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:27.680661917 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.690695047 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.690706015 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:27.691134930 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:27.745898008 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.835808039 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.835885048 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.835892916 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:27.836107016 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:27.881257057 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:28.010267973 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:28.010366917 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:28.010457039 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:28.010773897 CET	49724	443	192.168.2.6	40.83.240.146
Nov 14, 2023 14:24:28.010786057 CET	443	49724	40.83.240.146	192.168.2.6
Nov 14, 2023 14:24:28.947519064 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:28.947599888 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:28.947715998 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:28.951843023 CET	49720	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:24:28.951885939 CET	443	49720	142.251.211.228	192.168.2.6
Nov 14, 2023 14:24:29.014547110 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:29.221674919 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:29.224489927 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:29.430536032 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:29.479403019 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:29.479428053 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:24:29.479551077 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:24:30.120035887 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:30.120104074 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:30.120207071 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:30.122956038 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:30.122976065 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.030319929 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.030414104 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.032883883 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.032892942 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.033206940 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.073111057 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.241436958 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.289263964 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916359901 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916387081 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916394949 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916444063 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916465044 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.916491985 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916507006 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916517973 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.916517973 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916534901 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.916569948 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.916577101 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916599035 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.916625023 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.916645050 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.937020063 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.937038898 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:31.937077999 CET	49725	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:24:31.937083960 CET	443	49725	40.68.123.157	192.168.2.6
Nov 14, 2023 14:24:39.098691940 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.098783970 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.098870993 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.099906921 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.099945068 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.627995014 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.628118038 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.631422043 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.631450891 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.631705046 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.633447886 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.633500099 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.633512020 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.633630991 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.677288055 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.805882931 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.805965900 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:39.806041002 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.806323051 CET	49729	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:39.806355953 CET	443	49729	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:51.877830029 CET	80	49749	8.250.208.126	192.168.2.6
Nov 14, 2023 14:24:51.877914906 CET	49749	80	192.168.2.6	8.250.208.126
Nov 14, 2023 14:24:56.708472967 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:56.708509922 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:56.708658934 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:56.709749937 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:56.709780931 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.258615971 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.258771896 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:57.263986111 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:57.263999939 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.264439106 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.266774893 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:57.266855001 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:57.266865969 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.267049074 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:57.309305906 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.438205004 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.438458920 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:24:57.438550949 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:57.438705921 CET	49730	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:24:57.438720942 CET	443	49730	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:01.933816910 CET	49714	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:02.027576923 CET	49715	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:02.141763926 CET	80	49714	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:02.236565113 CET	80	49715	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:03.636976957 CET	49719	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:03.844346046 CET	80	49719	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:04.215044975 CET	49718	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:04.422296047 CET	80	49718	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:08.733851910 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:08.733897924 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:08.733973026 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:08.735481024 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:08.735496044 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:09.649235964 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:09.649466038 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:09.652403116 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:09.652427912 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:09.653666973 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:09.699523926 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:09.711621046 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:09.753272057 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.544943094 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.544974089 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.544981956 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545018911 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545047045 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:10.545063019 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545072079 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545088053 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545116901 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:10.545124054 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545171976 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:10.545176983 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545196056 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.545250893 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:10.553457022 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:10.553472996 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:10.553493977 CET	49731	443	192.168.2.6	40.68.123.157
Nov 14, 2023 14:25:10.553500891 CET	443	49731	40.68.123.157	192.168.2.6
Nov 14, 2023 14:25:14.480748892 CET	49713	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:14.686661959 CET	80	49713	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:16.952351093 CET	49714	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:17.158015013 CET	80	49714	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:17.158169985 CET	80	49714	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:17.158235073 CET	49714	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:17.943552017 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:17.943597078 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:17.943679094 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:17.944462061 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:17.944473982 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.472596884 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.472837925 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:18.474575043 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:18.474586010 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.474792004 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.476607084 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:18.476672888 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:18.476676941 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.476830006 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:18.521265030 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.642968893 CET	49719	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:18.642991066 CET	49715	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:18.643297911 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:18.643336058 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:18.643425941 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:18.643663883 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:18.643676043 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:18.647936106 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.648123026 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.648180008 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:18.648535013 CET	49733	443	192.168.2.6	40.83.247.108
Nov 14, 2023 14:25:18.648546934 CET	443	49733	40.83.247.108	192.168.2.6
Nov 14, 2023 14:25:18.849598885 CET	80	49715	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:18.849622965 CET	80	49715	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:18.849716902 CET	49715	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:18.851461887 CET	80	49719	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:18.851475000 CET	80	49719	205.162.42.171	192.168.2.6
Nov 14, 2023 14:25:18.851536989 CET	49719	80	192.168.2.6	205.162.42.171
Nov 14, 2023 14:25:18.960839033 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:18.987231016 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:18.987306118 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:18.987881899 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:18.988658905 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:18.988732100 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:19.042054892 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:29.022490025 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:29.022557974 CET	443	49734	142.251.211.228	192.168.2.6
Nov 14, 2023 14:25:29.022610903 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:30.950797081 CET	49734	443	192.168.2.6	142.251.211.228
Nov 14, 2023 14:25:30.950819969 CET	443	49734	142.251.211.228	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 14, 2023 14:24:14.629851103 CET	60475	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:14.631125927 CET	62839	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:14.631975889 CET	50131	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:14.632252932 CET	61820	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:14.759862900 CET	53	57250	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:14.782303095 CET	53	60475	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:14.783456087 CET	53	62839	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:14.784277916 CET	53	50131	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:14.784462929 CET	53	61820	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:15.625690937 CET	53	52701	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:16.527098894 CET	51575	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:16.527695894 CET	56203	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:16.680275917 CET	53	51575	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:16.708396912 CET	53	56203	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:18.160959959 CET	59018	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:18.161602974 CET	49221	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:18.314981937 CET	53	59018	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:18.344703913 CET	53	49221	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:18.464736938 CET	54209	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:18.477818012 CET	58812	53	192.168.2.6	1.1.1.1
Nov 14, 2023 14:24:18.617064953 CET	53	54209	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:18.630194902 CET	53	58812	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:33.590995073 CET	53	61121	1.1.1.1	192.168.2.6
Nov 14, 2023 14:24:52.556005001 CET	53	59533	1.1.1.1	192.168.2.6
Nov 14, 2023 14:25:14.324613094 CET	53	63795	1.1.1.1	192.168.2.6
Nov 14, 2023 14:25:15.588004112 CET	53	60446	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 14, 2023 14:24:14.629851103 CET	192.168.2.6	1.1.1.1	0x3a03	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:14.631125927 CET	192.168.2.6	1.1.1.1	0xf1f1	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Nov 14, 2023 14:24:14.631975889 CET	192.168.2.6	1.1.1.1	0x4d18	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:14.632252932 CET	192.168.2.6	1.1.1.1	0xdb6c	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Nov 14, 2023 14:24:16.527098894 CET	192.168.2.6	1.1.1.1	0xe180	Standard query (0)	qtx.omeclk.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:16.527695894 CET	192.168.2.6	1.1.1.1	0x5ca5	Standard query (0)	qtx.omeclk.com	65	IN (0x0001)	false
Nov 14, 2023 14:24:18.160959959 CET	192.168.2.6	1.1.1.1	0x9b9c	Standard query (0)	qtx.omeclk.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:18.161602974 CET	192.168.2.6	1.1.1.1	0x336a	Standard query (0)	qtx.omeclk.com	65	IN (0x0001)	false
Nov 14, 2023 14:24:18.464736938 CET	192.168.2.6	1.1.1.1	0x5b15	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:18.477818012 CET	192.168.2.6	1.1.1.1	0x3b88	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 14, 2023 14:24:14.782303095 CET	1.1.1.1	192.168.2.6	0x3a03	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 14, 2023 14:24:14.782303095 CET	1.1.1.1	192.168.2.6	0x3a03	No error (0)	clients.l.google.com		172.217.14.206	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:14.783456087 CET	1.1.1.1	192.168.2.6	0xf1f1	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 14, 2023 14:24:14.784277916 CET	1.1.1.1	192.168.2.6	0x4d18	No error (0)	accounts.google.com		142.250.69.205	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:16.680275917 CET	1.1.1.1	192.168.2.6	0xe180	No error (0)	qtx.omeclk.com		205.162.42.171	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:18.314981937 CET	1.1.1.1	192.168.2.6	0x9b9c	No error (0)	qtx.omeclk.com		205.162.42.171	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:18.617064953 CET	1.1.1.1	192.168.2.6	0x5b15	No error (0)	www.google.com		142.251.211.228	A (IP address)	IN (0x0001)	false
Nov 14, 2023 14:24:18.630194902 CET	1.1.1.1	192.168.2.6	0x3b88	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

fs.microsoft.com

slscr.update.microsoft.com

qtx.omeclk.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49710	142.250.69.205	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49709	172.217.14.206	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.6	49730	40.83.247.108	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.6	49731	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.6	49733	40.83.247.108	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.6	49713	205.162.42.171	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 14, 2023 14:24:16.919821978 CET	88	OUT	GET / HTTP/1.1 Host: qtx.omeclk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 14, 2023 14:24:17.128346920 CET	88	OUT	GET /portal/PrivacyNotice.jsp HTTP/1.1 Host: qtx.omeclk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 14, 2023 14:24:17.453857899 CET	90	OUT	GET /favicon.ico HTTP/1.1 Host: qtx.omeclk.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://qtx.omeclk.com/portal/PrivacyNotice.jsp Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 14, 2023 14:24:29.014547110 CET	157	OUT	GET / HTTP/1.1 Host: qtx.omeclk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 14, 2023 14:24:29.224489927 CET	158	OUT	GET /portal/PrivacyNotice.jsp HTTP/1.1 Host: qtx.omeclk.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 14, 2023 14:25:14.480748892 CET	336	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	205.162.42.171	80	192.168.2.6	49713	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 14, 2023 14:24:17.125932932 CET	88	IN	HTTP/1.0 302 Moved Temporarily Location: http://qtx.omeclk.com/portal/PrivacyNotice.jsp Server: BigIP Connection: Keep-Alive Content-Length: 0
Nov 14, 2023 14:24:17.394665956 CET	90	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: JSESSIONID=6F60EBEE97CB600EBE054D65B6C416A6; Path=/portal; Secure; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Security-Policy: object-src 'none' Content-Type: text/html;charset=UTF-8 Content-Language: en-US Transfer-Encoding: chunked Date: Tue, 14 Nov 2023 13:24:16 GMT Keep-Alive: timeout=5 Connection: keep-alive Server: Apache Data Raw: 32 39 34 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 20 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 64 69 72 65 63 74 69 6f 6e 3a 20 6c 74 72 3b 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 72 69 76 61 63 79 20 50 6f 6c 69 63 79 20 50 61 67 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4f 6d 65 64 61 22 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 48 6f 6d 65 20 50 61 67 65 20 66 6f 72 20 74 68 65 20 4f 6d 61 69 6c 20 6f 6d 65 73 73 61 67 65 2e 63 6f 6d 20 72 65 64 69 72 65 63 74 20 73 65 72 76 69 63 65 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 34 35 2c 20 32 34 38 2c 20 32 35 30 29 3b 22 20 74 6f 70 6d 61 72 67 69 6e 3d 22 31 35 22 20 6c 65 66 74 6d 61 72 67 69 6e 3d 22 31 35 22 3e 0d 0a 3c 62 72 3e 3c 62 72 3e 0d 0a 0d 0a 54 68 69 73 20 64 6f 6d 61 69 6e 2c 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 71 74 78 2e 6f 6d 65 63 6c 6b 2e 63 6f 6d 27 3e 71 74 78 2e 6f 6d 65 63 6c 6b 2e 63 6f 6d 3c 2f 61 3e 2c 20 69 73 20 75 73 65 64 20 62 79 20 51 75 65 73 74 65 78 20 4d 65 64 69 61 2e 3c 62 72 3e 0d 0a 0d 0a 3c 62 72 3e 3c 62 72 3e 54 68 61 6e 6b 20 79 6f 75 2e 0d 0a 3c 62 72 3e 3c 62 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a Data Ascii: 294 <html style="direction: ltr;" lang="en"><head> <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"> <title>Privacy Policy Page</title> <meta content="Omeda" name="author"> <meta content="Home Page for the Omail omessage.com redirect service" name="description"> </head><body style="background-color: rgb(245, 248, 250);" topmargin="15" leftmargin="15"><br><br>This domain, <a href='http://qtx.omeclk.com'>qtx.omeclk.com</a>, is used by Questex Media.<br><br><br>Thank you.<br><br></body></html>
Nov 14, 2023 14:24:17.394819975 CET	90	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0
Nov 14, 2023 14:24:17.661928892 CET	92	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes ETag: W/"15086-1503515970000" Last-Modified: Wed, 23 Aug 2017 19:19:30 GMT Content-Type: image/x-icon Content-Length: 15086 Date: Tue, 14 Nov 2023 13:24:16 GMT Keep-Alive: timeout=5 Connection: keep-alive Server: Apache Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 24 79 48 13 5b 79 48 13 95 79 48 13 cf 79 48 13 e2 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 c0 79 48 13 95 79 48 13 5b 79 48 13 24 72 88 2f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 11 79 48 13 5b 79 48 13 aa 79 48 13 e2 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 5b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e 89 37 0a 79 48 13 5b 79 48 13 c0 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 e2 79 48 13 34 00 00 00 00 00 00 00 00 8e 89 37 0a 8e 89 37 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 34 79 48 13 aa 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 95 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 69 c8 8e 4b aa c8 8e 4b 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 5b 79 48 13 e2 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 Data Ascii: 00 %6 % h6(0` $r/yH$yH[yHyHyHyHyHyHyHyHyHyHyH[yH$r/yHyH[yHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyH[7yH[yHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyH477yH4yHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHKiKK-r/yH[yHyHyHyHyH
Nov 14, 2023 14:24:17.661955118 CET	93	IN	Data Raw: 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 c0 79 48 13 95 79 48 13 81 79 48 13 6f 79 48 13 6f 79 48 13 81 79 48 13 95 79 48 13 c0 79 48 13 e2 79 48 13 e2 79 48 13 34 00 00 00 00 00 00 00 00 c8 8e 4b 16 c8 8e 4b d0 c8 8e 4b ff Data Ascii: yHyHyHyHyHyHyHyHoyHoyHyHyHyHyHyH4KKKKKir/7yHyHyHyHyHyHyHyHyHyH[yH$77y
Nov 14, 2023 14:24:17.661969900 CET	94	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 5b 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 cf 79 48 13 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 15 49 b5 39 59 49 b5 39 ad 49 b5 Data Ascii: yH[yHyHyHyHyHyH$I9I9YI9I9I9I9I9I9I9I9I9YI9K-KKKKKKVyHyHyHyHyHyHyH[
Nov 14, 2023 14:24:17.661986113 CET	95	IN	Data Raw: 39 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 2d c8 8e 4b e0 c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b 7f 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 aa 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 c0 Data Ascii: 9KK-KKKKKr/yHyHyHyHyHyHI9I9I9I9I9I94I94I9I9I9I9I97KKKKK
Nov 14, 2023 14:24:17.870872974 CET	96	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 59 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 e9 49 b5 39 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e Data Ascii: I9YI9I9I9I9I9'KKKKKKyHyHyHyHyHyHI94I9I9I9I9I9AI9AI9I9I9
Nov 14, 2023 14:24:17.870959997 CET	98	IN	Data Raw: 13 ff 79 48 13 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 49 b5 39 99 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 d8 49 b5 39 59 8e 89 37 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e 89 37 0a Data Ascii: yHor/I9I9I9I9I9I9I9Y77I9YI9I9I9I9I9I9r/KiKKKKKFyHyHyHyHyHyHyHI9'I9I9I9I9I
Nov 14, 2023 14:24:17.870976925 CET	99	IN	Data Raw: 00 00 00 00 72 88 2f 04 c8 8e 4b 2d 8e 89 37 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 24 79 48 13 cf 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 c0 79 48 Data Ascii: r/K-7yH$yHyHyHyHyHyHyH$7I9~I9I9'
Nov 14, 2023 14:24:17.870987892 CET	100	IN	Data Raw: 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 f4 49 b5 39 7e 72 88 2f 04 00 00 00 00 00 00 00 00 Data Ascii: 9I9I9I9I9I9I9I9I9I9I9I9I9I9I9I9I9I9~r/r/yH4yHyHyHyHyHyHyHI9gI9I9I9I9I9I9I9I9I9I9I9I9I9I
Nov 14, 2023 14:24:17.871004105 CET	101	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 67 49 b5 39 ff 49 b5 39 f4 49 b5 39 e5 49 b5 39 c7 49 b5 39 99 49 b5 39 67 49 b5 Data Ascii: I9gI9I9I9I9I9I9gI947???
Nov 14, 2023 14:24:18.077091932 CET	103	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e a1 42 22 c8 8e 4b a9 c8 8e 4b ff c8 8e 4b ff c8 8e 4b f8 c8 8e 4b 70 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 35 79 48 13 e9 79 48 13 ff 79 48 13 ff Data Ascii: B"KKKKKpyH5yHyHyHyHp4\|0m0m0\|0p4KKKKK1p4yHyHyHyHyHI9I9fI9I
Nov 14, 2023 14:24:29.221674919 CET	157	IN	HTTP/1.0 302 Moved Temporarily Location: http://qtx.omeclk.com/portal/PrivacyNotice.jsp Server: BigIP Connection: Keep-Alive Content-Length: 0
Nov 14, 2023 14:24:29.479403019 CET	159	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Set-Cookie: JSESSIONID=811E001D290E73A5B179C95A26188160; Path=/portal; Secure; HttpOnly Cache-Control: no-cache Pragma: no-cache Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Security-Policy: object-src 'none' Content-Type: text/html;charset=UTF-8 Content-Language: en-US Transfer-Encoding: chunked Date: Tue, 14 Nov 2023 13:24:28 GMT Keep-Alive: timeout=5 Connection: keep-alive Server: Apache Data Raw: 32 39 34 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 20 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 64 69 72 65 63 74 69 6f 6e 3a 20 6c 74 72 3b 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 49 53 4f 2d 38 38 35 39 2d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 72 69 76 61 63 79 20 50 6f 6c 69 63 79 20 50 61 67 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 4f 6d 65 64 61 22 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 48 6f 6d 65 20 50 61 67 65 20 66 6f 72 20 74 68 65 20 4f 6d 61 69 6c 20 6f 6d 65 73 73 61 67 65 2e 63 6f 6d 20 72 65 64 69 72 65 63 74 20 73 65 72 76 69 63 65 22 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3e 0d 0a 20 20 20 20 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 72 67 62 28 32 34 35 2c 20 32 34 38 2c 20 32 35 30 29 3b 22 20 74 6f 70 6d 61 72 67 69 6e 3d 22 31 35 22 20 6c 65 66 74 6d 61 72 67 69 6e 3d 22 31 35 22 3e 0d 0a 3c 62 72 3e 3c 62 72 3e 0d 0a 0d 0a 54 68 69 73 20 64 6f 6d 61 69 6e 2c 20 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 71 74 78 2e 6f 6d 65 63 6c 6b 2e 63 6f 6d 27 3e 71 74 78 2e 6f 6d 65 63 6c 6b 2e 63 6f 6d 3c 2f 61 3e 2c 20 69 73 20 75 73 65 64 20 62 79 20 51 75 65 73 74 65 78 20 4d 65 64 69 61 2e 3c 62 72 3e 0d 0a 0d 0a 3c 62 72 3e 3c 62 72 3e 54 68 61 6e 6b 20 79 6f 75 2e 0d 0a 3c 62 72 3e 3c 62 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a Data Ascii: 294 <html style="direction: ltr;" lang="en"><head> <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"> <title>Privacy Policy Page</title> <meta content="Omeda" name="author"> <meta content="Home Page for the Omail omessage.com redirect service" name="description"> </head><body style="background-color: rgb(245, 248, 250);" topmargin="15" leftmargin="15"><br><br>This domain, <a href='http://qtx.omeclk.com'>qtx.omeclk.com</a>, is used by Questex Media.<br><br><br>Thank you.<br><br></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.6	49718	205.162.42.171	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 14, 2023 14:24:18.574250937 CET	108	OUT	GET /favicon.ico HTTP/1.1 Host: qtx.omeclk.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Nov 14, 2023 14:25:04.215044975 CET	303	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	205.162.42.171	80	192.168.2.6	49718	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 14, 2023 14:24:18.789683104 CET	110	IN	HTTP/1.1 200 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Accept-Ranges: bytes ETag: W/"15086-1503515970000" Last-Modified: Wed, 23 Aug 2017 19:19:30 GMT Content-Type: image/x-icon Content-Length: 15086 Date: Tue, 14 Nov 2023 13:24:17 GMT Keep-Alive: timeout=5 Connection: keep-alive Server: Apache Data Raw: 00 00 01 00 03 00 30 30 00 00 01 00 20 00 a8 25 00 00 36 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 de 25 00 00 10 10 00 00 01 00 20 00 68 04 00 00 86 36 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00 00 00 00 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 24 79 48 13 5b 79 48 13 95 79 48 13 cf 79 48 13 e2 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 c0 79 48 13 95 79 48 13 5b 79 48 13 24 72 88 2f 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 11 79 48 13 5b 79 48 13 aa 79 48 13 e2 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 5b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e 89 37 0a 79 48 13 5b 79 48 13 c0 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 e2 79 48 13 34 00 00 00 00 00 00 00 00 8e 89 37 0a 8e 89 37 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 34 79 48 13 aa 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 95 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 69 c8 8e 4b aa c8 8e 4b 2d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 5b 79 48 13 e2 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 Data Ascii: 00 %6 % h6(0` $r/yH$yH[yHyHyHyHyHyHyHyHyHyHyH[yH$r/yHyH[yHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyH[7yH[yHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyH477yH4yHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHyHKiKK-r/yH[yHyHyHyHyH
Nov 14, 2023 14:24:18.789747953 CET	112	IN	Data Raw: 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 e2 79 48 13 c0 79 48 13 95 79 48 13 81 79 48 13 6f 79 48 13 6f 79 48 13 81 79 48 13 95 79 48 13 c0 79 48 13 e2 79 48 13 e2 79 48 13 34 00 00 00 00 00 00 00 00 c8 8e 4b 16 c8 8e 4b d0 c8 8e 4b ff Data Ascii: yHyHyHyHyHyHyHyHoyHoyHyHyHyHyHyH4KKKKKir/7yHyHyHyHyHyHyHyHyHyH[yH$77y
Nov 14, 2023 14:24:18.789798975 CET	113	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 5b 79 48 13 f8 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 cf 79 48 13 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 15 49 b5 39 59 49 b5 39 ad 49 b5 Data Ascii: yH[yHyHyHyHyHyH$I9I9YI9I9I9I9I9I9I9I9I9YI9K-KKKKKKVyHyHyHyHyHyHyH[
Nov 14, 2023 14:24:18.995718002 CET	119	IN	Data Raw: 39 4b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 8e 4b 2d c8 8e 4b e0 c8 8e 4b ff c8 8e 4b ff c8 8e 4b ff c8 8e 4b 7f 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 aa 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 c0 Data Ascii: 9KK-KKKKKr/yHyHyHyHyHyHI9I9I9I9I9I94I94I9I9I9I9I97KKKKK
Nov 14, 2023 14:24:18.995872974 CET	120	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8e 89 37 0a 49 b5 39 ad 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 c7 49 b5 39 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 Data Ascii: 7I9I9I9I9I9I9r/KKKKK7yHyHyHyHyHyHI9I9I9I9I9I9KI9KI9I9I9
Nov 14, 2023 14:24:18.995913982 CET	121	IN	Data Raw: 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 f8 79 48 13 6f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 49 b5 39 27 49 b5 39 99 49 b5 39 e9 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff Data Ascii: yHyHyHyHoI9'I9I9I9I9I9I9I9I9I9I9I9I9I9'KKKKK7yHGyHyHyHyHyHyH4r
Nov 14, 2023 14:24:18.995955944 CET	123	IN	Data Raw: 49 b5 39 ff 49 b5 39 f4 49 b5 39 7e 49 b5 39 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 72 88 2f 04 79 48 13 5b 79 48 13 e2 79 48 Data Ascii: I9I9I9~I9r/yH[yHyHyHyHyHyHyHyHyHyHGyHr/r/I9I9'I9YI9I9I9I9I9I9I9I9I9I9I9I9I9I9'
Nov 14, 2023 14:24:19.045238018 CET	124	IN	Data Raw: 39 67 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 ff 49 b5 39 e5 49 b5 39 7e 49 b5 39 15 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: 9gI9I9I9I9I9I9I9I9I9I9I9I9I9~I9I9gI9I9I9I9I9I9I9I9I9I9I9I94r
Nov 14, 2023 14:24:19.045320988 CET	125	IN	Data Raw: 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 ff 79 48 13 af 6d 8d 30 09 00 00 00 00 a6 70 34 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: yHyHyHyHyHm0p4\|0yHVyHyHyHyHyHyHyHyHyHyHyHyHyHVK1KKR\|0m0yH\|yHyHyHyHyHyH
Nov 14, 2023 14:24:19.202001095 CET	127	IN	Data Raw: 00 00 49 b5 39 16 49 b5 39 a6 49 b5 39 ff 49 b5 39 ff 49 b5 39 b5 6d 8d 30 09 00 00 00 00 00 00 00 00 6d 8d 30 09 c8 8e 4b ba c8 8e 4b ff c8 8e 4b f8 c8 8e 4b 52 00 00 00 00 00 00 00 00 79 48 13 7c 79 48 13 ff 79 48 13 ff 79 48 13 86 00 00 00 00 Data Ascii: I9I9I9I9I9m0m0KKKKRyH\|yHyHyHI9:I9I9I9I9+I9+I9I9I9I9:KKKKpyHyHyHyHgI9\I9I9I9
Nov 14, 2023 14:24:19.202023983 CET	129	IN	Data Raw: 49 b5 39 3a 7c 83 30 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a6 70 34 10 c8 8e 4b 83 c8 8e 4b ba a6 70 34 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 48 13 56 79 48 13 f6 79 48 13 ff 79 48 13 f6 79 48 Data Ascii: I9:\|0p4KKp4yHVyHyHyHyH\|\|0I9B"B"I9I9+I9\|0p4m0yHyHyHyHyH\|p4

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.6	49714	205.162.42.171	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 14, 2023 14:25:01.933816910 CET	302	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.6	49715	205.162.42.171	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 14, 2023 14:25:02.027576923 CET	302	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.6	49719	205.162.42.171	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
Nov 14, 2023 14:25:03.636976957 CET	302	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	172.217.14.206	443	192.168.2.6	49709	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.250.69.205	443	192.168.2.6	49710	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49721	40.83.240.146	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49722	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.6	49723	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.6	49724	40.83.240.146	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.6	49725	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.6	49729	40.83.247.108	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49710	142.250.69.205	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:15 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-11-14 13:24:15 UTC	0	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49709	172.217.14.206	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:15 UTC	0	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.6	49730	40.83.247.108	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:57 UTC	35	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6c 47 47 59 4b 4d 2b 4c 67 6b 53 49 74 79 56 39 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 39 37 32 62 35 31 36 36 63 62 66 34 66 64 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: lGGYKM+LgkSItyV9.1Context: 4972b5166cbf4fd5
2023-11-14 13:24:57 UTC	35	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-14 13:24:57 UTC	35	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 6c 47 47 59 4b 4d 2b 4c 67 6b 53 49 74 79 56 39 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 39 37 32 62 35 31 36 36 63 62 66 34 66 64 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 68 61 50 4c 39 7a 74 61 6b 2f 72 73 6d 59 66 5a 43 55 52 76 44 65 36 69 55 77 62 43 50 70 7a 70 50 45 42 4d 4c 39 6a 74 73 35 52 6f 43 57 55 4f 68 65 45 4e 4e 4c 68 48 41 7a 6e 49 78 64 33 6f 6f 76 2f 32 51 34 6d 4b 2f 2b 63 38 69 44 46 55 6e 5a 70 31 37 44 6d 79 65 48 53 52 75 70 4c 68 6a 44 4e 76 4e 38 4e 64 64 47 6d 39 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: lGGYKM+LgkSItyV9.2Context: 4972b5166cbf4fd5<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAehaPL9ztak/rsmYfZCURvDe6iUwbCPpzpPEBML9jts5RoCWUOheENNLhHAznIxd3oov/2Q4mK/+c8iDFUnZp17DmyeHSRupLhjDNvN8NddGm9
2023-11-14 13:24:57 UTC	36	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6c 47 47 59 4b 4d 2b 4c 67 6b 53 49 74 79 56 39 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 39 37 32 62 35 31 36 36 63 62 66 34 66 64 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: lGGYKM+LgkSItyV9.3Context: 4972b5166cbf4fd5<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-14 13:24:57 UTC	37	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-14 13:24:57 UTC	37	IN	Data Raw: 4d 53 2d 43 56 3a 20 72 64 4f 49 46 41 58 35 67 6b 4b 73 72 44 69 6a 4c 4c 36 6e 71 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: rdOIFAX5gkKsrDijLL6nqg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.6	49731	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:25:09 UTC	37	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lVRGKUy9M1pKsSm&MD=5N+MUCmh HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-14 13:25:10 UTC	37	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: a4c3de8f-6f99-455a-9d94-18e778a213cd MS-RequestId: bf543bb0-c131-4117-9675-a720de75bb1c MS-CV: NMoMsw9BNkq/nM9v.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 14 Nov 2023 13:25:09 GMT Connection: close Content-Length: 25457
2023-11-14 13:25:10 UTC	37	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-11-14 13:25:10 UTC	53	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.6	49733	40.83.247.108	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:25:18 UTC	62	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 36 78 39 7a 72 70 76 52 47 30 53 71 6d 73 31 46 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 32 62 36 64 36 65 63 63 33 33 37 66 34 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 6x9zrpvRG0Sqms1F.1Context: a22b6d6ecc337f42
2023-11-14 13:25:18 UTC	62	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-14 13:25:18 UTC	63	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 36 78 39 7a 72 70 76 52 47 30 53 71 6d 73 31 46 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 32 62 36 64 36 65 63 63 33 33 37 66 34 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 68 61 50 4c 39 7a 74 61 6b 2f 72 73 6d 59 66 5a 43 55 52 76 44 65 36 69 55 77 62 43 50 70 7a 70 50 45 42 4d 4c 39 6a 74 73 35 52 6f 43 57 55 4f 68 65 45 4e 4e 4c 68 48 41 7a 6e 49 78 64 33 6f 6f 76 2f 32 51 34 6d 4b 2f 2b 63 38 69 44 46 55 6e 5a 70 31 37 44 6d 79 65 48 53 52 75 70 4c 68 6a 44 4e 76 4e 38 4e 64 64 47 6d 39 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 6x9zrpvRG0Sqms1F.2Context: a22b6d6ecc337f42<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAehaPL9ztak/rsmYfZCURvDe6iUwbCPpzpPEBML9jts5RoCWUOheENNLhHAznIxd3oov/2Q4mK/+c8iDFUnZp17DmyeHSRupLhjDNvN8NddGm9
2023-11-14 13:25:18 UTC	64	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 36 78 39 7a 72 70 76 52 47 30 53 71 6d 73 31 46 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 32 32 62 36 64 36 65 63 63 33 33 37 66 34 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 6x9zrpvRG0Sqms1F.3Context: a22b6d6ecc337f42<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-14 13:25:18 UTC	64	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-14 13:25:18 UTC	64	IN	Data Raw: 4d 53 2d 43 56 3a 20 49 79 58 4a 64 30 43 6c 5a 45 65 55 49 4c 7a 4a 39 56 2f 33 51 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: IyXJd0ClZEeUILzJ9V/3Qw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	172.217.14.206	443	192.168.2.6	49709	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:15 UTC	1	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-ZpK-mAwUl6zXLNFkJVk2rQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 14 Nov 2023 13:24:15 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6161 X-Daystart: 19455 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-14 13:24:15 UTC	2	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 36 31 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 39 34 35 35 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6161" elapsed_seconds="19455"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-11-14 13:24:15 UTC	2	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-11-14 13:24:15 UTC	2	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	142.250.69.205	443	192.168.2.6	49710	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:15 UTC	2	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Tue, 14 Nov 2023 13:24:15 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-jeleqospUjLeu_OD1BH8DQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-11-14 13:24:15 UTC	4	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-11-14 13:24:15 UTC	4	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.6	49721	40.83.240.146	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:19 UTC	4	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 54 36 44 66 4e 54 35 51 50 55 43 64 75 2f 58 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 66 32 37 37 31 38 37 31 63 32 32 61 38 63 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: T6DfNT5QPUCdu/Xv.1Context: 5f2771871c22a8c6
2023-11-14 13:24:19 UTC	4	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-14 13:24:19 UTC	4	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 54 36 44 66 4e 54 35 51 50 55 43 64 75 2f 58 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 66 32 37 37 31 38 37 31 63 32 32 61 38 63 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 68 61 50 4c 39 7a 74 61 6b 2f 72 73 6d 59 66 5a 43 55 52 76 44 65 36 69 55 77 62 43 50 70 7a 70 50 45 42 4d 4c 39 6a 74 73 35 52 6f 43 57 55 4f 68 65 45 4e 4e 4c 68 48 41 7a 6e 49 78 64 33 6f 6f 76 2f 32 51 34 6d 4b 2f 2b 63 38 69 44 46 55 6e 5a 70 31 37 44 6d 79 65 48 53 52 75 70 4c 68 6a 44 4e 76 4e 38 4e 64 64 47 6d 39 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: T6DfNT5QPUCdu/Xv.2Context: 5f2771871c22a8c6<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAehaPL9ztak/rsmYfZCURvDe6iUwbCPpzpPEBML9jts5RoCWUOheENNLhHAznIxd3oov/2Q4mK/+c8iDFUnZp17DmyeHSRupLhjDNvN8NddGm9
2023-11-14 13:24:19 UTC	5	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 54 36 44 66 4e 54 35 51 50 55 43 64 75 2f 58 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 35 66 32 37 37 31 38 37 31 63 32 32 61 38 63 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: T6DfNT5QPUCdu/Xv.3Context: 5f2771871c22a8c6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-14 13:24:20 UTC	6	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-14 13:24:20 UTC	6	IN	Data Raw: 4d 53 2d 43 56 3a 20 30 50 4a 43 6b 4a 51 54 4b 45 71 6b 63 67 31 70 58 4c 6e 33 55 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 0PJCkJQTKEqkcg1pXLn3Uw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.6	49722	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:19 UTC	6	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-14 13:24:20 UTC	6	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (sac/2518) X-CID: 11 Cache-Control: public, max-age=166805 Date: Tue, 14 Nov 2023 13:24:20 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.6	49723	104.117.234.93	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:20 UTC	6	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-11-14 13:24:20 UTC	6	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0MNkrYwAAAADiUL7L3dxqSIABzBrl++yWQ082QUEzMTUwODEwMDIxAGNlZmMyNTgzLWE5YjItNDRhNy05NzU1LWI3NmQxN2UwNWY3Zg== Cache-Control: public, max-age=166798 Date: Tue, 14 Nov 2023 13:24:20 GMT Content-Length: 55 Connection: close X-CID: 2
2023-11-14 13:24:20 UTC	7	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.6	49724	40.83.240.146	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:27 UTC	7	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 38 49 50 4d 52 43 79 63 48 55 4f 44 56 2f 30 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 32 66 37 38 35 63 35 39 30 64 31 31 35 35 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 8IPMRCycHUODV/0k.1Context: 7b2f785c590d1155
2023-11-14 13:24:27 UTC	7	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-14 13:24:27 UTC	7	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 38 49 50 4d 52 43 79 63 48 55 4f 44 56 2f 30 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 32 66 37 38 35 63 35 39 30 64 31 31 35 35 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 68 61 50 4c 39 7a 74 61 6b 2f 72 73 6d 59 66 5a 43 55 52 76 44 65 36 69 55 77 62 43 50 70 7a 70 50 45 42 4d 4c 39 6a 74 73 35 52 6f 43 57 55 4f 68 65 45 4e 4e 4c 68 48 41 7a 6e 49 78 64 33 6f 6f 76 2f 32 51 34 6d 4b 2f 2b 63 38 69 44 46 55 6e 5a 70 31 37 44 6d 79 65 48 53 52 75 70 4c 68 6a 44 4e 76 4e 38 4e 64 64 47 6d 39 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: 8IPMRCycHUODV/0k.2Context: 7b2f785c590d1155<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAehaPL9ztak/rsmYfZCURvDe6iUwbCPpzpPEBML9jts5RoCWUOheENNLhHAznIxd3oov/2Q4mK/+c8iDFUnZp17DmyeHSRupLhjDNvN8NddGm9
2023-11-14 13:24:27 UTC	8	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 38 49 50 4d 52 43 79 63 48 55 4f 44 56 2f 30 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 37 62 32 66 37 38 35 63 35 39 30 64 31 31 35 35 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 8IPMRCycHUODV/0k.3Context: 7b2f785c590d1155<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-14 13:24:28 UTC	9	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-14 13:24:28 UTC	9	IN	Data Raw: 4d 53 2d 43 56 3a 20 7a 35 69 55 46 74 51 44 54 55 32 31 6f 5a 68 59 77 67 46 7a 34 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: z5iUFtQDTU21oZhYwgFz4Q.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.6	49725	40.68.123.157	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:31 UTC	9	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lVRGKUy9M1pKsSm&MD=5N+MUCmh HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-11-14 13:24:31 UTC	9	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 0fb32f75-28b6-407b-9384-8b37cd02ef28 MS-RequestId: d0951057-a3f4-4f42-b8b7-c27feba97f18 MS-CV: Fw60MlCuhUuPQakG.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 14 Nov 2023 13:24:31 GMT Connection: close Content-Length: 24490
2023-11-14 13:24:31 UTC	9	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-11-14 13:24:31 UTC	25	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.6	49729	40.83.247.108	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-11-14 13:24:39 UTC	33	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 62 55 33 56 79 74 67 33 56 45 57 56 59 63 66 61 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 63 38 32 37 64 39 37 38 37 35 64 34 63 61 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: bU3Vytg3VEWVYcfa.1Context: a6c827d97875d4ca
2023-11-14 13:24:39 UTC	33	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-11-14 13:24:39 UTC	34	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 34 31 0d 0a 4d 53 2d 43 56 3a 20 62 55 33 56 79 74 67 33 56 45 57 56 59 63 66 61 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 63 38 32 37 64 39 37 38 37 35 64 34 63 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 6f 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 65 68 61 50 4c 39 7a 74 61 6b 2f 72 73 6d 59 66 5a 43 55 52 76 44 65 36 69 55 77 62 43 50 70 7a 70 50 45 42 4d 4c 39 6a 74 73 35 52 6f 43 57 55 4f 68 65 45 4e 4e 4c 68 48 41 7a 6e 49 78 64 33 6f 6f 76 2f 32 51 34 6d 4b 2f 2b 63 38 69 44 46 55 6e 5a 70 31 37 44 6d 79 65 48 53 52 75 70 4c 68 6a 44 4e 76 4e 38 4e 64 64 47 6d 39 Data Ascii: ATH 2 CON\DEVICE 1041MS-CV: bU3Vytg3VEWVYcfa.2Context: a6c827d97875d4ca<device><compact-ticket>t=EwCoAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAehaPL9ztak/rsmYfZCURvDe6iUwbCPpzpPEBML9jts5RoCWUOheENNLhHAznIxd3oov/2Q4mK/+c8iDFUnZp17DmyeHSRupLhjDNvN8NddGm9
2023-11-14 13:24:39 UTC	35	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 62 55 33 56 79 74 67 33 56 45 57 56 59 63 66 61 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 36 63 38 32 37 64 39 37 38 37 35 64 34 63 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: bU3Vytg3VEWVYcfa.3Context: a6c827d97875d4ca<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-11-14 13:24:39 UTC	35	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-11-14 13:24:39 UTC	35	IN	Data Raw: 4d 53 2d 43 56 3a 20 41 4b 65 39 30 4b 63 42 4b 6b 53 56 44 6a 58 2b 31 53 6e 78 49 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: AKe90KcBKkSVDjX+1SnxIw.0Payload parsing failed.

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	14:24:10
Start date:	14/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	14:24:13
Start date:	14/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 --field-trial-handle=2224,i,1667927600458203538,13054870842384469206,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	14:24:15
Start date:	14/11/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "http://qtx.omeclk.com
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://qtx.omeclk.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5356, Parent PID: 5772

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Windows Analysis Report
http://qtx.omeclk.com