Edit tour

Windows Analysis Report
https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5Y

Overview

General Information

Sample URL:	https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAA
Analysis ID:	1352791
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Creates files inside the system directory

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1080 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 1220 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1984,i,8648678833089140659,12106465833755244096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 3564 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx? MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

Joe Sandbox Signatures

• Phishing
• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49738 version: TLS 1.2

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.134Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx? HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lFhaUoEGR7AUvXE&MD=OB2OzS88 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lFhaUoEGR7AUvXE&MD=OB2OzS88 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000001AD27AF996 HTTP/1.1Host: clients1.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49721 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.6:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49732 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.6:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.2.167:443 -> 192.168.2.6:49738 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_1080_862906930

Jump to behavior

Source: classification engine

Classification label: clean0.win@16/3@12/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1984,i,8648678833089140659,12106465833755244096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1984,i,8648678833089140659,12106465833755244096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact	Resource Development	Reconnaissance
Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Abuse Accessibility Features	Acquire Infrastructure	Gather Victim Identity Information
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Non-Application Layer Protocol	SIM Card Swap	Obtain Device Cloud Backups	Network Denial of Service	Domains	Credentials
Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Application Layer Protocol			Data Encrypted for Impact	DNS Server	Email Addresses
Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Traffic Duplication	1 Ingress Tool Transfer			Data Destruction	Virtual Private Server	Employee Names

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?	0%	Avira URL Cloud	safe
https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?	0%	Virustotal		Browse

Name	IP	Active	Malicious	Reputation
google.com	142.251.16.139	true	false	high
accounts.google.com	172.253.115.84	true	false	high
www.google.com	172.253.62.104	true	false	high
clients.l.google.com	172.253.62.101	true	false	high
clients1.google.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false	high
https://clients1.google.com/tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000001AD27AF996	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://google.com/favicon.ico	false	high
https://www.google.com/favicon.ico	false	high
https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.122.139	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.63.106	unknown	United States	15169	GOOGLEUS	false
172.253.62.104	www.google.com	United States	15169	GOOGLEUS	false
172.253.62.101	clients.l.google.com	United States	15169	GOOGLEUS	false
172.253.115.84	accounts.google.com	United States	15169	GOOGLEUS	false
142.251.16.139	google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.30
192.168.2.6

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1352791
Start date and time:	2023-12-03 22:39:39 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 3m 15s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@16/3@12/9
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.111.94, 34.104.35.123, 192.229.211.108, 72.21.81.240, 142.251.16.94
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, ocsp.digicert.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (15229), with no line terminators
Category:	downloaded
Size (bytes):	15229
Entropy (8bit):	5.262114495340076
Encrypted:	false
SSDEEP:	384:ng3ggZ3Z9M3M8V3VZ3b9F9Jkw5ckD5gySYEv:LP4YEv
MD5:	B57CEE146A5449C719F621AE5D180128
SHA1:	B599F9064E4DB67DF490898C552D324830D0DE2C
SHA-256:	139800C36A711595C9403B330C9448698A175402B41D9B0D401E0EDF61C1AD5A
SHA-512:	BF2C08FD1736C0EB672527CE2154958C7234D9E9FCEC233F64FC9B11DB93C5E3271D1AE808910D7FF5825093B881DBF34C6B9FD589B159833A4675985AC4D771
Malicious:	false
Reputation:	low
URL:	"https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?"
Preview:	.FJCJfd{border:none;box-shadow:0px 1px 3px rgba(60,64,67,0.24)}.Aajd3{padding-left:16px}.gxMdVd{padding-right:8px}.U09Jxd{padding-right:4px}.jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inline-block;position:relative}.nNMuOd{-webkit-animation:qli-container-rotate 1568.2352941176ms linear infinite;animation:qli-container-rotate 1568.2352941176ms linear infinite}@-webkit-keyframes qli-container-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}@keyframes qli-container-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}.RoKmhb{height:100%;opacity:0;position:absolute;width:100%}.nNMuOd .VQdeab{-webkit-animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-blue-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both;animation:qli-fill-unfill-rotate 5332ms cub

Chrome Cache Entry: 40

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 41

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Reputation:	low
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Total Packets: 215
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2023 22:40:24.856101036 CET	49673	443	192.168.2.6	173.222.162.64
Dec 3, 2023 22:40:24.856110096 CET	49674	443	192.168.2.6	173.222.162.64
Dec 3, 2023 22:40:25.153016090 CET	49672	443	192.168.2.6	173.222.162.64
Dec 3, 2023 22:40:29.990209103 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:29.990276098 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:29.990353107 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:29.990660906 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:29.990694046 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:29.991188049 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:29.991235971 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:29.991297960 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:29.991601944 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:29.991611004 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.238756895 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.239115000 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:30.239135981 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.239425898 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.239748955 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.239814043 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.240261078 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.240346909 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.240576982 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.240638971 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:30.241326094 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.241390944 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.242688894 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:30.242758036 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.243834019 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.243915081 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.244056940 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:30.244065046 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.244426012 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.244445086 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.342461109 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:30.418003082 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.418092012 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.418112993 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.418149948 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.418211937 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.418667078 CET	49709	443	192.168.2.6	172.253.62.101
Dec 3, 2023 22:40:30.418694973 CET	443	49709	172.253.62.101	192.168.2.6
Dec 3, 2023 22:40:30.451965094 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.452080965 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:30.452276945 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:30.452945948 CET	49710	443	192.168.2.6	172.253.115.84
Dec 3, 2023 22:40:30.452964067 CET	443	49710	172.253.115.84	192.168.2.6
Dec 3, 2023 22:40:31.094578028 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.094609022 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.094692945 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.095010996 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.095022917 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.095660925 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.095704079 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.095760107 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.096189976 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.096204042 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.304518938 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.304935932 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.304953098 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.305419922 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.305552006 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.306155920 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.306226015 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.307073116 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.307893991 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.307924986 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.308135033 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.308207989 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.308260918 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.308268070 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.308510065 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.308599949 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.309561014 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.309623003 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.309950113 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.310033083 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.358058929 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.358083963 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.404100895 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.435571909 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.435583115 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.483128071 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.512913942 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.512964010 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.512995005 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.513114929 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.513125896 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.513266087 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.519562006 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.526521921 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.526635885 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.526648998 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.530767918 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.530884027 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.530889988 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.537771940 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.537889004 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.537895918 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.544708967 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.544787884 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.544790983 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.545054913 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.545151949 CET	49713	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.545166969 CET	443	49713	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.591912031 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.633256912 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.692431927 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.692615986 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.692709923 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.728059053 CET	49714	443	192.168.2.6	142.251.16.139
Dec 3, 2023 22:40:31.728076935 CET	443	49714	142.251.16.139	192.168.2.6
Dec 3, 2023 22:40:31.862818003 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:31.862864971 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:31.862924099 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:31.863605976 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:31.863624096 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.080038071 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.080301046 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.080316067 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.081321001 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.081386089 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.082372904 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.082432032 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.082709074 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.082719088 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.131217003 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.281333923 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.281497955 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.281595945 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.281677961 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.281681061 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.281708956 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.281728029 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.283871889 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.283950090 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.284178972 CET	49716	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.284195900 CET	443	49716	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.386590004 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.386627913 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.386714935 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.387139082 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.387156963 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.440387011 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.440478086 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.440562010 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.440865993 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.440901041 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.631006956 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.642980099 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.643007040 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.644633055 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.645102024 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.645371914 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:32.680675983 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.681916952 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.681953907 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.683707952 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.683799982 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.684844017 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.684940100 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.685085058 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.685101032 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.699038982 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:32.730493069 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.901848078 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.901952028 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.902015924 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.902076960 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.902154922 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.902185917 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.902200937 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.904906034 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:32.904978037 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.955365896 CET	49719	443	192.168.2.6	172.253.63.106
Dec 3, 2023 22:40:32.955401897 CET	443	49719	172.253.63.106	192.168.2.6
Dec 3, 2023 22:40:34.463887930 CET	49673	443	192.168.2.6	173.222.162.64
Dec 3, 2023 22:40:34.463893890 CET	49674	443	192.168.2.6	173.222.162.64
Dec 3, 2023 22:40:34.475598097 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.475624084 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.475723982 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.478185892 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.478195906 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.698298931 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.698575020 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.731005907 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.731049061 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.732040882 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.757863998 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:34.757905960 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:34.757963896 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:34.759296894 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:34.759318113 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:34.760726929 CET	49672	443	192.168.2.6	173.222.162.64
Dec 3, 2023 22:40:34.776376009 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.822268963 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.869262934 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.922112942 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.922285080 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.922358036 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.922415972 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.922436953 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.922466993 CET	49721	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.922472000 CET	443	49721	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.969521999 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.969564915 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:34.969651937 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.970211983 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:34.970230103 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.090920925 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.091057062 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:35.094607115 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:35.094614029 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.094969988 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.096841097 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:35.096899033 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:35.096904039 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.097050905 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:35.137289047 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.180474997 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.180727959 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:35.181922913 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:35.181931973 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.182332039 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.183707952 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:35.200570107 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.200674057 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.200742960 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:35.200942993 CET	49722	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:35.200963020 CET	443	49722	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:35.229259014 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.375369072 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.375469923 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.375545979 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:35.378168106 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:35.378189087 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:35.378209114 CET	49723	443	192.168.2.6	23.221.242.90
Dec 3, 2023 22:40:35.378216028 CET	443	49723	23.221.242.90	192.168.2.6
Dec 3, 2023 22:40:36.173424959 CET	443	49706	173.222.162.64	192.168.2.6
Dec 3, 2023 22:40:36.174196959 CET	49706	443	192.168.2.6	173.222.162.64
Dec 3, 2023 22:40:42.633964062 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:42.634059906 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:42.634188890 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:48.467266083 CET	49718	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:40:48.467297077 CET	443	49718	172.253.62.104	192.168.2.6
Dec 3, 2023 22:40:48.540199041 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.540245056 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.540308952 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.541079044 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.541095972 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.861166000 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.861376047 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.862853050 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.862868071 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.863116026 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.868550062 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.868603945 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.868609905 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.868716002 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.913264990 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.973362923 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.973458052 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:48.973674059 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.973751068 CET	49724	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:40:48.973773003 CET	443	49724	20.7.2.167	192.168.2.6
Dec 3, 2023 22:40:49.089423895 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:49.089476109 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:49.089608908 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:49.092220068 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:49.092242956 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:49.421689034 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:49.421829939 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:50.229484081 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:50.229520082 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:50.230773926 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:50.441261053 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:50.441359997 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.715919018 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.761265993 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925435066 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925468922 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925487995 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925542116 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.925571918 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925590992 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.925591946 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925621986 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.925626993 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925653934 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.925672054 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.925677061 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925689936 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:40:56.925733089 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.945127964 CET	49726	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:40:56.945147991 CET	443	49726	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:12.858397961 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:12.858426094 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:12.858525038 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:12.859952927 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:12.859967947 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:13.180087090 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:13.180197954 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:14.330862045 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:14.330894947 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:14.331243992 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:14.341051102 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:14.385255098 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:14.597059965 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:14.597227097 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:14.597338915 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:15.317636967 CET	80	49704	69.164.0.128	192.168.2.6
Dec 3, 2023 22:41:15.317812920 CET	49704	80	192.168.2.6	69.164.0.128
Dec 3, 2023 22:41:15.317884922 CET	49704	80	192.168.2.6	69.164.0.128
Dec 3, 2023 22:41:15.415977955 CET	80	49704	69.164.0.128	192.168.2.6
Dec 3, 2023 22:41:20.120321035 CET	49729	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:20.120340109 CET	443	49729	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:33.102180004 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:33.102226019 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:33.102291107 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:33.102844000 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:33.102863073 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:33.317383051 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:33.525299072 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:33.525440931 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:35.776886940 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:35.776963949 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:35.778466940 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:35.780992031 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:35.781207085 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:35.838958025 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:41.149306059 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:41.149390936 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:41.149482965 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:41.150547981 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:41.150578976 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:41.481436014 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:41.481581926 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:43.306893110 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:43.307068110 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:43.307142973 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:43.989115953 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:43.989195108 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:43.989518881 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:44.005193949 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:44.005273104 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:44.005290031 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:44.005346060 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:44.007745981 CET	49731	443	192.168.2.6	172.253.62.104
Dec 3, 2023 22:41:44.007781029 CET	443	49731	172.253.62.104	192.168.2.6
Dec 3, 2023 22:41:44.049252987 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:44.109162092 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:44.109406948 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:44.109613895 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:44.140647888 CET	49732	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:41:44.140687943 CET	443	49732	20.7.2.167	192.168.2.6
Dec 3, 2023 22:41:52.058501005 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.058543921 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.058629990 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.059226036 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.059240103 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.382016897 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.382172108 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.384633064 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.384644985 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.384979010 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.394989967 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.441262007 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.691241980 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.691261053 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.691273928 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.691396952 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.691421032 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.691435099 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.691445112 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.691488981 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.697565079 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.697591066 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:52.697613955 CET	49735	443	192.168.2.6	20.12.23.50
Dec 3, 2023 22:41:52.697619915 CET	443	49735	20.12.23.50	192.168.2.6
Dec 3, 2023 22:41:59.421428919 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.421461105 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.421534061 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.421983004 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.421992064 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.626398087 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.743148088 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.743194103 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.743807077 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.743817091 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.743882895 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.744518042 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.744565964 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.747173071 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.747317076 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.747446060 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.747453928 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.867166996 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:41:59.867269993 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.869066954 CET	49737	443	192.168.2.6	172.253.122.139
Dec 3, 2023 22:41:59.869083881 CET	443	49737	172.253.122.139	192.168.2.6
Dec 3, 2023 22:42:06.718976021 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:06.719003916 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:06.719075918 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:06.719594002 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:06.719602108 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.039067984 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.039252996 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:07.042453051 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:07.042479992 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.042697906 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.044374943 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:07.044444084 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:07.044456005 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.044589996 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:07.089271069 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.147979975 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.148051023 CET	443	49738	20.7.2.167	192.168.2.6
Dec 3, 2023 22:42:07.148190975 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:07.148523092 CET	49738	443	192.168.2.6	20.7.2.167
Dec 3, 2023 22:42:07.148540020 CET	443	49738	20.7.2.167	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 3, 2023 22:40:29.859082937 CET	50866	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:29.859415054 CET	54635	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:29.860620975 CET	55706	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:29.860795975 CET	55724	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:29.974617958 CET	53	63639	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:29.989332914 CET	53	55706	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:29.989485979 CET	53	50866	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:29.989523888 CET	53	54635	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:29.990633965 CET	53	55724	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:30.596892118 CET	53	59667	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:30.963965893 CET	62749	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:30.964188099 CET	53296	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:31.093404055 CET	53	62749	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:31.093802929 CET	53	53296	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:31.729934931 CET	50984	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:31.730436087 CET	65039	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:31.860388041 CET	53	50984	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:31.860413074 CET	53	65039	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:32.291439056 CET	52691	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:32.310894012 CET	54123	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:40:32.421171904 CET	53	52691	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:32.439837933 CET	53	54123	1.1.1.1	192.168.2.6
Dec 3, 2023 22:40:56.799957037 CET	53	61548	1.1.1.1	192.168.2.6
Dec 3, 2023 22:41:24.565978050 CET	53	52831	1.1.1.1	192.168.2.6
Dec 3, 2023 22:41:29.161541939 CET	53	61697	1.1.1.1	192.168.2.6
Dec 3, 2023 22:41:49.055027962 CET	53	53593	1.1.1.1	192.168.2.6
Dec 3, 2023 22:41:59.243091106 CET	56058	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:41:59.243485928 CET	52225	53	192.168.2.6	1.1.1.1
Dec 3, 2023 22:41:59.372766972 CET	53	56058	1.1.1.1	192.168.2.6
Dec 3, 2023 22:41:59.373532057 CET	53	52225	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 3, 2023 22:40:29.859082937 CET	192.168.2.6	1.1.1.1	0x8e20	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.859415054 CET	192.168.2.6	1.1.1.1	0x53eb	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Dec 3, 2023 22:40:29.860620975 CET	192.168.2.6	1.1.1.1	0x2c4	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.860795975 CET	192.168.2.6	1.1.1.1	0x35c8	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Dec 3, 2023 22:40:30.963965893 CET	192.168.2.6	1.1.1.1	0xe24a	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:30.964188099 CET	192.168.2.6	1.1.1.1	0xae80	Standard query (0)	google.com	65	IN (0x0001)	false
Dec 3, 2023 22:40:31.729934931 CET	192.168.2.6	1.1.1.1	0x4729	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.730436087 CET	192.168.2.6	1.1.1.1	0xa0f5	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 3, 2023 22:40:32.291439056 CET	192.168.2.6	1.1.1.1	0xfb0a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:32.310894012 CET	192.168.2.6	1.1.1.1	0x4606	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 3, 2023 22:41:59.243091106 CET	192.168.2.6	1.1.1.1	0x6c83	Standard query (0)	clients1.google.com	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:41:59.243485928 CET	192.168.2.6	1.1.1.1	0xff	Standard query (0)	clients1.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 3, 2023 22:40:29.989332914 CET	1.1.1.1	192.168.2.6	0x2c4	No error (0)	accounts.google.com		172.253.115.84	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989485979 CET	1.1.1.1	192.168.2.6	0x8e20	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989485979 CET	1.1.1.1	192.168.2.6	0x8e20	No error (0)	clients.l.google.com		172.253.62.101	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989485979 CET	1.1.1.1	192.168.2.6	0x8e20	No error (0)	clients.l.google.com		172.253.62.102	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989485979 CET	1.1.1.1	192.168.2.6	0x8e20	No error (0)	clients.l.google.com		172.253.62.138	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989485979 CET	1.1.1.1	192.168.2.6	0x8e20	No error (0)	clients.l.google.com		172.253.62.100	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989485979 CET	1.1.1.1	192.168.2.6	0x8e20	No error (0)	clients.l.google.com		172.253.62.139	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989485979 CET	1.1.1.1	192.168.2.6	0x8e20	No error (0)	clients.l.google.com		172.253.62.113	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:29.989523888 CET	1.1.1.1	192.168.2.6	0x53eb	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2023 22:40:31.093404055 CET	1.1.1.1	192.168.2.6	0xe24a	No error (0)	google.com		142.251.16.139	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.093404055 CET	1.1.1.1	192.168.2.6	0xe24a	No error (0)	google.com		142.251.16.113	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.093404055 CET	1.1.1.1	192.168.2.6	0xe24a	No error (0)	google.com		142.251.16.102	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.093404055 CET	1.1.1.1	192.168.2.6	0xe24a	No error (0)	google.com		142.251.16.138	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.093404055 CET	1.1.1.1	192.168.2.6	0xe24a	No error (0)	google.com		142.251.16.100	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.093404055 CET	1.1.1.1	192.168.2.6	0xe24a	No error (0)	google.com		142.251.16.101	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.093802929 CET	1.1.1.1	192.168.2.6	0xae80	No error (0)	google.com			65	IN (0x0001)	false
Dec 3, 2023 22:40:31.860388041 CET	1.1.1.1	192.168.2.6	0x4729	No error (0)	www.google.com		172.253.62.104	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.860388041 CET	1.1.1.1	192.168.2.6	0x4729	No error (0)	www.google.com		172.253.62.99	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.860388041 CET	1.1.1.1	192.168.2.6	0x4729	No error (0)	www.google.com		172.253.62.103	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.860388041 CET	1.1.1.1	192.168.2.6	0x4729	No error (0)	www.google.com		172.253.62.105	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.860388041 CET	1.1.1.1	192.168.2.6	0x4729	No error (0)	www.google.com		172.253.62.106	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.860388041 CET	1.1.1.1	192.168.2.6	0x4729	No error (0)	www.google.com		172.253.62.147	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:31.860413074 CET	1.1.1.1	192.168.2.6	0xa0f5	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 3, 2023 22:40:32.421171904 CET	1.1.1.1	192.168.2.6	0xfb0a	No error (0)	www.google.com		172.253.63.106	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:32.421171904 CET	1.1.1.1	192.168.2.6	0xfb0a	No error (0)	www.google.com		172.253.63.104	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:32.421171904 CET	1.1.1.1	192.168.2.6	0xfb0a	No error (0)	www.google.com		172.253.63.147	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:32.421171904 CET	1.1.1.1	192.168.2.6	0xfb0a	No error (0)	www.google.com		172.253.63.105	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:32.421171904 CET	1.1.1.1	192.168.2.6	0xfb0a	No error (0)	www.google.com		172.253.63.103	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:32.421171904 CET	1.1.1.1	192.168.2.6	0xfb0a	No error (0)	www.google.com		172.253.63.99	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:40:32.439837933 CET	1.1.1.1	192.168.2.6	0x4606	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 3, 2023 22:41:59.372766972 CET	1.1.1.1	192.168.2.6	0x6c83	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 3, 2023 22:41:59.372766972 CET	1.1.1.1	192.168.2.6	0x6c83	No error (0)	clients.l.google.com		172.253.122.139	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:41:59.372766972 CET	1.1.1.1	192.168.2.6	0x6c83	No error (0)	clients.l.google.com		172.253.122.102	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:41:59.372766972 CET	1.1.1.1	192.168.2.6	0x6c83	No error (0)	clients.l.google.com		172.253.122.100	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:41:59.372766972 CET	1.1.1.1	192.168.2.6	0x6c83	No error (0)	clients.l.google.com		172.253.122.113	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:41:59.372766972 CET	1.1.1.1	192.168.2.6	0x6c83	No error (0)	clients.l.google.com		172.253.122.101	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:41:59.372766972 CET	1.1.1.1	192.168.2.6	0x6c83	No error (0)	clients.l.google.com		172.253.122.138	A (IP address)	IN (0x0001)	false
Dec 3, 2023 22:41:59.373532057 CET	1.1.1.1	192.168.2.6	0xff	No error (0)	clients1.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false

HTTP Request Dependency Graph

accounts.google.com

clients2.google.com

google.com

https:

www.google.com

fs.microsoft.com

slscr.update.microsoft.com

clients1.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49710	172.253.115.84	443	1220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:30 UTC	680	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-12-03 21:40:30 UTC	1	OUT	Data Raw: 20 Data Ascii:
2023-12-03 21:40:30 UTC	1627	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 4f 72 69 67 69 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d 0a 41 63 63 65 73 73 2d 43 6f 6e 74 72 6f 6c 2d 41 6c 6c 6f 77 2d 43 72 65 64 65 6e 74 69 61 6c 73 3a 20 74 72 75 65 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 2c 20 6e 6f 2d 73 74 6f 72 65 2c 20 6d 61 78 2d 61 67 65 3d 30 2c 20 6d 75 73 74 2d 72 65 76 61 6c 69 64 61 74 65 0d 0a 50 72 Data Ascii: HTTP/1.1 200 OKContent-Type: application/json; charset=utf-8Access-Control-Allow-Origin: https://www.google.comAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffCache-Control: no-cache, no-store, max-age=0, must-revalidatePr
2023-12-03 21:40:30 UTC	23	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-12-03 21:40:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49709	172.253.62.101	443	1220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:30 UTC	752	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.134&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-117.0.5938.134 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-12-03 21:40:30 UTC	732	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 42 69 49 69 5a 68 68 31 2d 63 47 6a 4d 54 38 68 2d 4b 69 6b 5a 41 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 63 6c 69 65 6e 74 75 70 64 61 74 65 2d 61 75 73 2f 31 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-BiIiZhh1-cGjMT8h-KikZA' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1Cache-Control
2023-12-03 21:40:30 UTC	520	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 38 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 39 32 33 30 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6180" elapsed_seconds="49230"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-12-03 21:40:30 UTC	200	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-12-03 21:40:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49713	142.251.16.139	443	1220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:31 UTC	1452	OUT	GET /xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx? HTTP/1.1 Host: google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-12-03 21:40:31 UTC	810	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 56 61 72 79 3a 20 41 63 63 65 70 74 2d 45 6e 63 6f 64 69 6e 67 2c 20 4f 72 69 67 69 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 78 74 2f 63 73 73 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 2d 52 65 70 6f 72 74 2d 4f 6e 6c 79 3a 20 72 65 71 75 69 72 65 2d 74 72 75 73 74 65 64 2d 74 79 70 65 73 2d 66 6f 72 20 27 73 63 72 69 70 74 27 3b 20 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 67 77 73 2d 74 65 61 6d 0d 0a 43 72 6f 73 73 2d 4f 72 69 67 69 6e 2d 52 65 73 6f 75 72 63 65 Data Ascii: HTTP/1.1 200 OKAccept-Ranges: bytesVary: Accept-Encoding, OriginContent-Type: text/css; charset=UTF-8Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-teamCross-Origin-Resource
2023-12-03 21:40:31 UTC	442	IN	Data Raw: 2e 46 4a 43 4a 66 64 7b 62 6f 72 64 65 72 3a 6e 6f 6e 65 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 31 70 78 20 33 70 78 20 72 67 62 61 28 36 30 2c 36 34 2c 36 37 2c 30 2e 32 34 29 7d 2e 41 61 6a 64 33 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 67 78 4d 64 56 64 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 38 70 78 7d 2e 55 30 39 4a 78 64 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 34 70 78 7d 2e 6a 62 42 49 74 66 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 44 55 30 4e 4a 7b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 7d 2e 6c 50 33 4a 6f 66 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 Data Ascii: .FJCJfd{border:none;box-shadow:0px 1px 3px rgba(60,64,67,0.24)}.Aajd3{padding-left:16px}.gxMdVd{padding-right:8px}.U09Jxd{padding-right:4px}.jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inli
2023-12-03 21:40:31 UTC	1252	IN	Data Raw: 61 6d 65 73 20 71 6c 69 2d 63 6f 6e 74 61 69 6e 65 72 2d 72 6f 74 61 74 65 7b 66 72 6f 6d 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 7d 74 6f 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 74 75 72 6e 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 74 75 72 6e 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 63 6f 6e 74 61 69 6e 65 72 2d 72 6f 74 61 74 65 7b 66 72 6f 6d 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 29 7d 74 6f 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 74 75 Data Ascii: ames qli-container-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(1turn);transform:rotate(1turn)}}@keyframes qli-container-rotate{from{-webkit-transform:rotate(0);transform:rotate(0)}to{-webkit-transform:rotate(1tu
2023-12-03 21:40:31 UTC	1252	IN	Data Raw: 6e 2d 6f 75 74 20 35 33 33 32 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 7d 2e 6e 4e 4d 75 4f 64 20 2e 46 6c 4b 62 43 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 66 69 6c 6c 2d 75 6e 66 69 6c 6c 2d 72 6f 74 61 74 65 20 35 33 33 32 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 2c 71 6c 69 2d 67 72 65 65 6e 2d 66 61 64 65 2d 69 6e 2d 6f 75 74 20 35 33 33 32 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 3b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 66 69 6c 6c 2d 75 6e 66 69 6c 6c 2d 72 6f 74 Data Ascii: n-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both}.nNMuOd .FlKbCe{-webkit-animation:qli-fill-unfill-rotate 5332ms cubic-bezier(0.4,0,0.2,1) infinite both,qli-green-fade-in-out 5332ms cubic-bezier(0.4,0,0.2,1) infinite both;animation:qli-fill-unfill-rot
2023-12-03 21:40:31 UTC	1252	IN	Data Raw: 6f 74 61 74 65 28 30 29 7d 31 32 2e 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 33 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 33 35 64 65 67 29 7d 32 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 32 37 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 32 37 30 64 65 67 29 7d 33 37 2e 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 34 30 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 34 30 35 64 65 67 29 7d 35 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 34 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 34 Data Ascii: otate(0)}12.5%{-webkit-transform:rotate(135deg);transform:rotate(135deg)}25%{-webkit-transform:rotate(270deg);transform:rotate(270deg)}37.5%{-webkit-transform:rotate(405deg);transform:rotate(405deg)}50%{-webkit-transform:rotate(540deg);transform:rotate(54
2023-12-03 21:40:31 UTC	1252	IN	Data Raw: 67 72 65 65 6e 2d 66 61 64 65 2d 69 6e 2d 6f 75 74 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 36 35 25 7b 6f 70 61 63 69 74 79 3a 30 7d 37 35 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 39 30 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 67 72 65 65 6e 2d 66 61 64 65 2d 69 6e 2d 6f 75 74 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 36 35 25 7b 6f 70 61 63 69 74 79 3a 30 7d 37 35 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 39 30 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e 62 65 44 51 50 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 Data Ascii: green-fade-in-out{0%{opacity:0}65%{opacity:0}75%{opacity:0.99}90%{opacity:0.99}100%{opacity:0}}@keyframes qli-green-fade-in-out{0%{opacity:0}65%{opacity:0}75%{opacity:0.99}90%{opacity:0.99}100%{opacity:0}}.beDQP{display:inline-block;height:100%;overflow:h
2023-12-03 21:40:31 UTC	1252	IN	Data Raw: 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 3b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 72 69 67 68 74 2d 73 70 69 6e 20 31 33 33 33 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 7d 2e 42 53 6e 4c 62 20 2e 6e 4e 4d 75 4f 64 20 2e 4a 37 75 75 55 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 6c 65 66 74 2d 73 70 69 6e 20 31 33 33 33 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 3b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 6c 65 66 74 2d 73 70 69 6e 20 31 33 33 33 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e Data Ascii: -bezier(0.4,0,0.2,1) infinite both;animation:qli-right-spin 1333ms cubic-bezier(0.4,0,0.2,1) infinite both}.BSnLb .nNMuOd .J7uuUe{-webkit-animation:qli-left-spin 1333ms cubic-bezier(0.4,0,0.2,1) infinite both;animation:qli-left-spin 1333ms cubic-bezier(0.
2023-12-03 21:40:31 UTC	1252	IN	Data Raw: 61 74 65 28 2d 31 33 30 64 65 67 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 72 69 67 68 74 2d 73 70 69 6e 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 35 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 64 65 67 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 7d 2e 65 35 4b 5a 4a 66 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 70 6f 73 69 74 69 6f Data Ascii: ate(-130deg)}}@keyframes qli-right-spin{0%{-webkit-transform:rotate(-130deg);transform:rotate(-130deg)}50%{-webkit-transform:rotate(5deg);transform:rotate(5deg)}100%{-webkit-transform:rotate(-130deg);transform:rotate(-130deg)}}.e5KZJf{display:none;positio
2023-12-03 21:40:31 UTC	238	IN	Data Raw: 61 6c 65 59 28 2e 39 29 20 74 72 61 6e 73 6c 61 74 65 58 28 2d 38 25 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 59 28 2e 39 29 20 74 72 61 6e 73 6c 61 74 65 58 28 2d 38 25 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 7d 2e 43 71 6d 50 52 65 3a 61 63 74 69 76 65 20 2e 4b 41 72 4a 75 63 20 73 70 61 6e 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 73 68 61 70 65 2d 74 77 65 65 6e 2d 72 69 67 68 74 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 73 68 61 70 65 2d 74 77 65 65 6e 2d 72 69 67 68 74 7d 2e 43 71 6d 50 52 65 3a 61 63 74 69 76 65 20 2e 59 62 43 72 7a 64 20 73 70 61 6e 7b 2d 77 Data Ascii: aleY(.9) translateX(-8%);transform:scaleY(.9) translateX(-8%)}100%{-webkit-transform:none;transform:none}}.CqmPRe:active .KArJuc span{-webkit-animation-name:shape-tween-right;animation-name:shape-tween-right}.CqmPRe:active .YbCrzd span{-w
2023-12-03 21:40:31 UTC	1252	IN	Data Raw: 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 73 68 61 70 65 2d 74 77 65 65 6e 2d 6c 65 66 74 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 73 68 61 70 65 2d 74 77 65 65 6e 2d 6c 65 66 74 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 73 68 61 70 65 2d 74 77 65 65 6e 2d 75 70 7b 35 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2e 39 29 20 74 72 61 6e 73 6c 61 74 65 59 28 2d 38 25 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 58 28 2e 39 29 20 74 72 61 6e 73 6c 61 74 65 59 28 2d 38 25 29 7d 31 30 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 74 72 61 6e 73 66 6f 72 6d 3a 6e 6f 6e 65 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 73 68 61 70 65 2d 74 77 65 65 Data Ascii: ebkit-animation-name:shape-tween-left;animation-name:shape-tween-left}@-webkit-keyframes shape-tween-up{50%{-webkit-transform:scaleX(.9) translateY(-8%);transform:scaleX(.9) translateY(-8%)}100%{-webkit-transform:none;transform:none}}@keyframes shape-twee

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49714	142.251.16.139	443	1220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:31 UTC	1375	OUT	GET /favicon.ico HTTP/1.1 Host: google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx? Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-12-03 21:40:31 UTC	453	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 4c 6f 63 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 0d 0a 43 72 6f 73 73 2d 4f 72 69 67 69 6e 2d 52 65 73 6f 75 72 63 65 2d 50 6f 6c 69 63 79 3a 20 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a 58 2d 43 6f 6e 74 65 6e 74 2d 54 79 70 65 2d 4f 70 74 69 6f 6e 73 3a 20 6e 6f 73 6e 69 66 66 0d 0a 53 65 72 76 65 72 3a 20 73 66 66 65 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 33 31 0d 0a 58 2d 58 53 53 2d 50 72 6f 74 65 63 74 69 6f 6e 3a 20 30 0d 0a 44 61 74 65 3a 20 53 75 6e 2c 20 30 33 20 44 65 63 20 32 30 32 33 20 32 31 3a 33 32 3a 33 38 20 47 4d 54 0d 0a 45 78 70 69 72 65 73 Data Ascii: HTTP/1.1 301 Moved PermanentlyLocation: https://www.google.com/favicon.icoCross-Origin-Resource-Policy: cross-originX-Content-Type-Options: nosniffServer: sffeContent-Length: 231X-XSS-Protection: 0Date: Sun, 03 Dec 2023 21:32:38 GMTExpires
2023-12-03 21:40:31 UTC	231	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/favicon.ico">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49716	172.253.62.104	443	1220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:32 UTC	892	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-12-03 21:40:32 UTC	706	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 43 72 6f 73 73 2d 4f 72 69 67 69 6e 2d 52 65 73 6f 75 72 63 65 2d 50 6f 6c 69 63 79 3a 20 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a 43 72 6f 73 73 2d 4f 72 69 67 69 6e 2d 4f 70 65 6e 65 72 2d 50 6f 6c 69 63 79 2d 52 65 70 6f 72 74 2d 4f 6e 6c 79 3a 20 73 61 6d 65 2d 6f 72 69 67 69 6e 3b 20 72 65 70 6f 72 74 2d 74 6f 3d 22 73 74 61 74 69 63 2d 6f 6e 2d 62 69 67 74 61 62 6c 65 22 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 67 72 6f 75 70 22 3a 22 73 74 61 74 69 63 2d 6f 6e 2d 62 69 67 74 61 62 6c 65 22 2c 22 6d 61 78 5f 61 67 65 22 3a 32 35 39 32 30 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f Data Ascii: HTTP/1.1 200 OKAccept-Ranges: bytesCross-Origin-Resource-Policy: cross-originCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https:/
2023-12-03 21:40:32 UTC	546	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2023-12-03 21:40:32 UTC	1252	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 a6 75 ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff 0b be fb ff 05 bc fb ff b6 ec fe ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 aa 7b ff ff ff ff ff fd fd fd f9 fd fd fd db ff ff ff ff 35 c9 fc ff 0a b2 f9 ff 6b a4 f6 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea Data Ascii: BBBBBuBBBBB{5k7R8F2Vb5C
2023-12-03 21:40:32 UTC	1252	IN	Data Raw: de ee d8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 fe fe fe 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 24 fd fd fd ea ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff eb f5 e7 ff 8f c6 7b ff 54 a9 36 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 7e be 67 ff dd ee d7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 ff ff ff 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd d3 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c4 e1 b9 ff 5c ac 3e ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 Data Ascii: /${T6S4S4S4S4S4S4S4S4S4~g"\>S4S4S4S4S4S4S4S4S4S4
2023-12-03 21:40:32 UTC	1252	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fa c8 aa ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBBBBBB}BBBBBBBBBBB}
2023-12-03 21:40:32 UTC	1128	IN	Data Raw: ff ff ff ff a0 a7 f5 ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 81 8a f2 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 0b fd fd fd d5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b5 ba f7 ff 3e 4b eb ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 3f 4c eb ff ba bf f8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 26 fd fd fd eb ff ff ff Data Ascii: 5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C>K5C5C5C5C5C5C5C5C5C5C5C5C?L&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49719	172.253.63.106	443	1220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:32 UTC	615	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIk6HLAQj6mM0BCIWgzQEIucrNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=UBeNCkZ3L8yXcx8qh4JFUXkwkNC9IrdiRdbjSTjqSiFh8WrRcbKr_rOJbgHY6TA4RT-6ps0bhemfwCPBsLMgPT7-gTcWqHvZvZbafOpkqRy0dLyYG9AjP2vbUBomarnc9pcZVlhHkUeUaWMurD0GGXyW05_B_1IyUNYEELmyqRg
2023-12-03 21:40:32 UTC	707	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 63 63 65 70 74 2d 52 61 6e 67 65 73 3a 20 62 79 74 65 73 0d 0a 43 72 6f 73 73 2d 4f 72 69 67 69 6e 2d 52 65 73 6f 75 72 63 65 2d 50 6f 6c 69 63 79 3a 20 63 72 6f 73 73 2d 6f 72 69 67 69 6e 0d 0a 43 72 6f 73 73 2d 4f 72 69 67 69 6e 2d 4f 70 65 6e 65 72 2d 50 6f 6c 69 63 79 2d 52 65 70 6f 72 74 2d 4f 6e 6c 79 3a 20 73 61 6d 65 2d 6f 72 69 67 69 6e 3b 20 72 65 70 6f 72 74 2d 74 6f 3d 22 73 74 61 74 69 63 2d 6f 6e 2d 62 69 67 74 61 62 6c 65 22 0d 0a 52 65 70 6f 72 74 2d 54 6f 3a 20 7b 22 67 72 6f 75 70 22 3a 22 73 74 61 74 69 63 2d 6f 6e 2d 62 69 67 74 61 62 6c 65 22 2c 22 6d 61 78 5f 61 67 65 22 3a 32 35 39 32 30 30 30 2c 22 65 6e 64 70 6f 69 6e 74 73 22 3a 5b 7b 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f Data Ascii: HTTP/1.1 200 OKAccept-Ranges: bytesCross-Origin-Resource-Policy: cross-originCross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https:/
2023-12-03 21:40:32 UTC	545	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2023-12-03 21:40:32 UTC	1252	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 a6 75 ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff 0b be fb ff 05 bc fb ff b6 ec fe ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f7 aa 7b ff ff ff ff ff fd fd fd f9 fd fd fd db ff ff ff ff 35 c9 fc ff 0a b2 f9 ff 6b a4 f6 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 Data Ascii: BBBBBuBBBBB{5k7R8F2Vb5C
2023-12-03 21:40:32 UTC	1252	IN	Data Raw: ff de ee d8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 fe fe fe 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 24 fd fd fd ea ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff eb f5 e7 ff 8f c6 7b ff 54 a9 36 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 7e be 67 ff dd ee d7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd e8 ff ff ff 22 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd d3 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c4 e1 b9 ff 5c ac 3e ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 Data Ascii: /${T6S4S4S4S4S4S4S4S4S4~g"\>S4S4S4S4S4S4S4S4S4S
2023-12-03 21:40:32 UTC	1252	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fa c8 aa ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd f9 fd fd fd fa ff ff ff ff ff ff ff ff ff ff ff ff 07 bd fb ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 7d dc fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBBBBBB}BBBBBBBBBBB}
2023-12-03 21:40:32 UTC	1129	IN	Data Raw: ff ff ff ff ff a0 a7 f5 ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 81 8a f2 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 8a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 0b fd fd fd d5 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b5 ba f7 ff 3e 4b eb ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 3f 4c eb ff ba bf f8 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 26 fd fd fd eb ff ff Data Ascii: 5C5C5C5C5C5C5C5C5C5C5C5C5C5C5C>K5C5C5C5C5C5C5C5C5C5C5C5C?L&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49721	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:34 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-03 21:40:34 UTC	435	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 4c 61 73 74 2d 4d 6f 64 69 Data Ascii: HTTP/1.1 200 OKApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonContent-Type: application/octet-streamETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"Last-Modi

Session ID	Source IP	Source Port	Destination IP	Destination Port
7	192.168.2.6	49722	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 47 34 33 62 7a 64 34 71 74 45 6d 30 43 68 48 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 33 30 63 36 38 38 30 37 32 32 30 33 36 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: G43bzd4qtEm0ChHh.1Context: 1230c6880722036b
2023-12-03 21:40:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-12-03 21:40:35 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 47 34 33 62 7a 64 34 71 74 45 6d 30 43 68 48 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 33 30 63 36 38 38 30 37 32 32 30 33 36 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 6a 62 44 72 42 58 6d 74 35 57 32 6b 67 2f 54 53 36 4f 77 38 32 51 74 72 64 78 43 7a 31 72 7a 4b 2b 70 58 49 4b 61 68 50 53 63 4b 64 4c 61 73 4a 66 79 71 54 46 30 48 33 73 31 37 6e 78 34 5a 35 5a 6b 6a 37 35 41 6a 65 69 31 77 33 34 2f 6a 43 2f 61 4e 2b 64 70 75 78 65 47 41 39 62 57 51 6a 55 56 50 31 38 62 43 59 35 39 36 4f Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: G43bzd4qtEm0ChHh.2Context: 1230c6880722036b<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZjbDrBXmt5W2kg/TS6Ow82QtrdxCz1rzK+pXIKahPScKdLasJfyqTF0H3s17nx4Z5Zkj75Ajei1w34/jC/aN+dpuxeGA9bWQjUVP18bCY596O
2023-12-03 21:40:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 47 34 33 62 7a 64 34 71 74 45 6d 30 43 68 48 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 32 33 30 63 36 38 38 30 37 32 32 30 33 36 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: G43bzd4qtEm0ChHh.3Context: 1230c6880722036b<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-12-03 21:40:35 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-12-03 21:40:35 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 75 59 71 33 4d 6c 47 7a 6f 55 47 52 49 45 70 72 35 71 33 47 64 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: uYq3MlGzoUGRIEpr5q3GdA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49723	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:35 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-12-03 21:40:35 UTC	773	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 54 75 65 2c 20 31 36 20 4d 61 79 20 32 30 31 37 20 32 32 3a 35 38 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 30 78 36 34 36 36 37 46 37 30 37 46 46 30 37 44 36 32 42 37 33 33 44 42 43 42 37 39 45 46 45 33 38 35 35 45 36 38 38 36 43 39 39 37 35 42 30 43 30 42 34 36 37 44 34 36 32 33 31 42 33 46 41 35 45 37 22 0d 0a 41 70 69 56 65 72 73 69 6f 6e 3a 20 44 69 73 74 72 69 62 75 74 65 20 31 2e 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 61 74 74 61 63 68 6d 65 6e 74 3b 20 66 69 6c 65 6e 61 6d 65 3d 63 6f 6e 66 69 67 2e 6a 73 6f 6e 3b 20 66 69 6c 65 6e 61 6d 65 2a 3d 55 54 46 2d 38 27 27 63 6f 6e 66 69 67 2e 6a 73 6f 6e 0d 0a 58 2d 43 Data Ascii: HTTP/1.1 200 OKLast-Modified: Tue, 16 May 2017 22:58:00 GMTETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"ApiVersion: Distribute 1.1Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.jsonX-C
2023-12-03 21:40:35 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port
9	192.168.2.6	49724	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:48 UTC	70	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 37 56 74 43 6d 71 55 43 61 55 32 45 37 35 70 4c 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 39 32 30 66 38 66 36 66 65 38 33 65 62 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: 7VtCmqUCaU2E75pL.1Context: 99920f8f6fe83eb
2023-12-03 21:40:48 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-12-03 21:40:48 UTC	1075	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 32 0d 0a 4d 53 2d 43 56 3a 20 37 56 74 43 6d 71 55 43 61 55 32 45 37 35 70 4c 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 39 32 30 66 38 66 36 66 65 38 33 65 62 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 6a 62 44 72 42 58 6d 74 35 57 32 6b 67 2f 54 53 36 4f 77 38 32 51 74 72 64 78 43 7a 31 72 7a 4b 2b 70 58 49 4b 61 68 50 53 63 4b 64 4c 61 73 4a 66 79 71 54 46 30 48 33 73 31 37 6e 78 34 5a 35 5a 6b 6a 37 35 41 6a 65 69 31 77 33 34 2f 6a 43 2f 61 4e 2b 64 70 75 78 65 47 41 39 62 57 51 6a 55 56 50 31 38 62 43 59 35 39 36 4f 62 Data Ascii: ATH 2 CON\DEVICE 1052MS-CV: 7VtCmqUCaU2E75pL.2Context: 99920f8f6fe83eb<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZjbDrBXmt5W2kg/TS6Ow82QtrdxCz1rzK+pXIKahPScKdLasJfyqTF0H3s17nx4Z5Zkj75Ajei1w34/jC/aN+dpuxeGA9bWQjUVP18bCY596Ob
2023-12-03 21:40:48 UTC	217	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 36 0d 0a 4d 53 2d 43 56 3a 20 37 56 74 43 6d 71 55 43 61 55 32 45 37 35 70 4c 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 39 39 39 32 30 66 38 66 36 66 65 38 33 65 62 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 196MS-CV: 7VtCmqUCaU2E75pL.3Context: 99920f8f6fe83eb<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-12-03 21:40:48 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-12-03 21:40:48 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4e 74 41 34 46 68 49 68 71 30 2b 36 38 53 48 72 6d 4c 6f 79 62 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: NtA4FhIhq0+68SHrmLoybA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.6	49726	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:40:56 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lFhaUoEGR7AUvXE&MD=OB2OzS88 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-03 21:40:56 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 58 41 6f 70 61 7a 56 30 30 58 44 57 6e 4a 43 77 6b 6d 45 57 52 76 36 4a 6b 62 6a 52 41 39 51 53 53 5a 32 2b 65 2f 33 4d 7a 45 6b 3d 5f 32 38 38 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 35 35 37 35 30 38 61 38 2d 31 31 36 30 2d 34 38 36 37 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"MS-CorrelationId: 557508a8-1160-4867-
2023-12-03 21:40:56 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-12-03 21:40:56 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49729	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:41:14 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 35 44 36 71 6a 54 72 4a 63 30 69 6a 6e 43 33 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 30 33 63 31 36 35 66 64 33 62 64 30 37 39 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 5D6qjTrJc0ijnC3h.1Context: c03c165fd3bd079f
2023-12-03 21:41:14 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-12-03 21:41:14 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-12-03 21:41:14 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 4c 6f 6a 61 33 39 4a 4c 54 6b 69 34 6e 6c 36 51 51 6b 31 31 49 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Loja39JLTki4nl6QQk11Iw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49732	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:41:44 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 6d 52 70 65 57 61 52 47 73 30 61 4a 6c 6e 66 64 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 34 35 32 37 65 65 62 37 38 32 65 65 34 34 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: mRpeWaRGs0aJlnfd.1Context: fe4527eeb782ee44
2023-12-03 21:41:44 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-12-03 21:41:44 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6d 52 70 65 57 61 52 47 73 30 61 4a 6c 6e 66 64 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 34 35 32 37 65 65 62 37 38 32 65 65 34 34 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 6a 62 44 72 42 58 6d 74 35 57 32 6b 67 2f 54 53 36 4f 77 38 32 51 74 72 64 78 43 7a 31 72 7a 4b 2b 70 58 49 4b 61 68 50 53 63 4b 64 4c 61 73 4a 66 79 71 54 46 30 48 33 73 31 37 6e 78 34 5a 35 5a 6b 6a 37 35 41 6a 65 69 31 77 33 34 2f 6a 43 2f 61 4e 2b 64 70 75 78 65 47 41 39 62 57 51 6a 55 56 50 31 38 62 43 59 35 39 36 4f Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: mRpeWaRGs0aJlnfd.2Context: fe4527eeb782ee44<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZjbDrBXmt5W2kg/TS6Ow82QtrdxCz1rzK+pXIKahPScKdLasJfyqTF0H3s17nx4Z5Zkj75Ajei1w34/jC/aN+dpuxeGA9bWQjUVP18bCY596O
2023-12-03 21:41:44 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6d 52 70 65 57 61 52 47 73 30 61 4a 6c 6e 66 64 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 66 65 34 35 32 37 65 65 62 37 38 32 65 65 34 34 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: mRpeWaRGs0aJlnfd.3Context: fe4527eeb782ee44<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-12-03 21:41:44 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-12-03 21:41:44 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 5a 73 63 4f 4b 6d 70 36 56 6b 47 52 39 32 2f 63 74 6b 5a 79 36 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: ZscOKmp6VkGR92/ctkZy6w.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.6	49735	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:41:52 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=lFhaUoEGR7AUvXE&MD=OB2OzS88 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-12-03 21:41:52 UTC	560	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 61 63 68 65 2d 43 6f 6e 74 72 6f 6c 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 50 72 61 67 6d 61 3a 20 6e 6f 2d 63 61 63 68 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 45 78 70 69 72 65 73 3a 20 2d 31 0d 0a 4c 61 73 74 2d 4d 6f 64 69 66 69 65 64 3a 20 4d 6f 6e 2c 20 30 31 20 4a 61 6e 20 30 30 30 31 20 30 30 3a 30 30 3a 30 30 20 47 4d 54 0d 0a 45 54 61 67 3a 20 22 4d 78 31 52 6f 4a 48 2f 71 45 77 70 57 66 4b 6c 6c 78 37 73 62 73 6c 32 38 41 75 45 52 7a 35 49 59 64 63 73 76 74 54 4a 63 67 4d 3d 5f 32 31 36 30 22 0d 0a 4d 53 2d 43 6f 72 72 65 6c 61 74 69 6f 6e 49 64 3a 20 38 38 39 36 32 63 36 36 2d 37 62 30 32 2d 34 33 30 61 2d Data Ascii: HTTP/1.1 200 OKCache-Control: no-cachePragma: no-cacheContent-Type: application/octet-streamExpires: -1Last-Modified: Mon, 01 Jan 0001 00:00:00 GMTETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"MS-CorrelationId: 88962c66-7b02-430a-
2023-12-03 21:41:52 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-12-03 21:41:52 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.6	49737	172.253.122.139	443	1220	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:41:59 UTC	449	OUT	GET /tools/pso/ping?as=chrome&brand=ONGR&pid=&hl=en&events=C1I,C2I,C7I,C1S,C7S&rep=2&rlz=C1:,C2:,C7:&id=00000000000000000000000000000000000000001AD27AF996 HTTP/1.1 Host: clients1.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br
2023-12-03 21:41:59 UTC	817	IN	Data Raw: 48 54 54 50 2f 31 2e 31 20 32 30 30 20 4f 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 6f 6c 69 63 79 3a 20 73 63 72 69 70 74 2d 73 72 63 20 27 72 65 70 6f 72 74 2d 73 61 6d 70 6c 65 27 20 27 6e 6f 6e 63 65 2d 61 6d 67 61 61 76 2d 4c 56 65 56 32 65 48 65 72 56 6c 77 68 78 67 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 73 74 72 69 63 74 2d 64 79 6e 61 6d 69 63 27 20 68 74 74 70 73 3a 20 68 74 74 70 3a 3b 6f 62 6a 65 63 74 2d 73 72 63 20 27 6e 6f 6e 65 27 3b 62 61 73 65 2d 75 72 69 20 27 73 65 6c 66 27 3b 72 65 70 6f 72 74 2d 75 72 69 20 68 74 74 70 73 3a 2f 2f 63 73 70 2e 77 69 74 68 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 63 73 70 2f 64 6f 77 6e 6c 6f 61 64 2d 64 74 2f 31 0d 0a 43 6f 6e 74 65 6e 74 2d 53 65 63 75 72 69 74 79 2d 50 Data Ascii: HTTP/1.1 200 OKContent-Security-Policy: script-src 'report-sample' 'nonce-amgaav-LVeV2eHerVlwhxg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/download-dt/1Content-Security-P
2023-12-03 21:41:59 UTC	220	IN	Data Raw: 72 6c 7a 43 31 3a 20 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 36 0a 72 6c 7a 43 32 3a 20 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 36 0a 72 6c 7a 43 37 3a 20 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 36 0a 64 63 63 3a 20 0a 73 65 74 5f 64 63 63 3a 20 43 31 3a 31 43 31 4f 4e 47 52 5f 65 6e 55 53 31 30 38 36 2c 43 32 3a 31 43 32 4f 4e 47 52 5f 65 6e 55 53 31 30 38 36 2c 43 37 3a 31 43 37 4f 4e 47 52 5f 65 6e 55 53 31 30 38 36 0a 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 2c 43 31 53 2c 43 37 53 0a 73 74 61 74 65 66 75 6c 2d 65 76 65 6e 74 73 3a 20 43 31 49 2c 43 32 49 2c 43 37 49 0a 63 72 63 33 32 3a 20 38 31 30 65 63 62 64 33 0a Data Ascii: rlzC1: 1C1ONGR_enUS1086rlzC2: 1C2ONGR_enUS1086rlzC7: 1C7ONGR_enUS1086dcc: set_dcc: C1:1C1ONGR_enUS1086,C2:1C2ONGR_enUS1086,C7:1C7ONGR_enUS1086events: C1I,C2I,C7I,C1S,C7Sstateful-events: C1I,C2I,C7Icrc32: 810ecbd3

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.6	49738	20.7.2.167	443

Timestamp	Bytes transferred	Direction	Data
2023-12-03 21:42:07 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 78 63 74 55 4a 43 31 2b 6c 6b 53 59 49 41 38 6b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 32 33 63 39 61 34 35 33 34 38 30 39 34 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: xctUJC1+lkSYIA8k.1Context: c323c9a453480943
2023-12-03 21:42:07 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-12-03 21:42:07 UTC	1076	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 78 63 74 55 4a 43 31 2b 6c 6b 53 59 49 41 38 6b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 32 33 63 39 61 34 35 33 34 38 30 39 34 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 5a 6a 62 44 72 42 58 6d 74 35 57 32 6b 67 2f 54 53 36 4f 77 38 32 51 74 72 64 78 43 7a 31 72 7a 4b 2b 70 58 49 4b 61 68 50 53 63 4b 64 4c 61 73 4a 66 79 71 54 46 30 48 33 73 31 37 6e 78 34 5a 35 5a 6b 6a 37 35 41 6a 65 69 31 77 33 34 2f 6a 43 2f 61 4e 2b 64 70 75 78 65 47 41 39 62 57 51 6a 55 56 50 31 38 62 43 59 35 39 36 4f Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: xctUJC1+lkSYIA8k.2Context: c323c9a453480943<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAZjbDrBXmt5W2kg/TS6Ow82QtrdxCz1rzK+pXIKahPScKdLasJfyqTF0H3s17nx4Z5Zkj75Ajei1w34/jC/aN+dpuxeGA9bWQjUVP18bCY596O
2023-12-03 21:42:07 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 78 63 74 55 4a 43 31 2b 6c 6b 53 59 49 41 38 6b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 33 32 33 63 39 61 34 35 33 34 38 30 39 34 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: xctUJC1+lkSYIA8k.3Context: c323c9a453480943<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-12-03 21:42:07 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-12-03 21:42:07 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 41 63 39 5a 4d 65 36 64 55 30 57 65 54 74 74 35 49 5a 4b 37 76 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: Ac9ZMe6dU0WeTtt5IZK7vw.0Payload parsing failed.

Statistics

CPU Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

Target ID:	0
Start time:	22:40:24
Start date:	03/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	22:40:28
Start date:	03/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1984,i,8648678833089140659,12106465833755244096,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	22:40:30
Start date:	03/12/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Google\Chrome\Application\chrome.exe" "https://google.com/xjs/_/ss/k=xjs.s.kAZIEIlFiNU.L.W.O/am=ABAIAAQIAAAAAAAAAAAAACAAAAAAgAjwhAMAGwAAHhkEAAAAAgAAAAYAADAAAAIAAAAAAAAAAAAAgMAAIAggKvwGAgCABFQB2AEAAAAIAUAEAACAAAAACAAAAAEIiOgAQgAAAAAAAAAEAAAAGAAAAAAAAAAAAAAAAAAAAAAAAAD4owAAAAAAAAAAAAAAAABAAABEQAIAYA/d=0/dg=2/br=1/rs=ACT90oGD_rEdVfRC1iDCU5YDRr-cW80htQ/m=L1AAkb,AjRVIe,tE6Rzd,phecbc,q28gvc,sy1zm,sy1zn,sy1zo,sy1zp,sy1zq,syin,sylo,syi7,syim,sygm,sygq,y05UD,sy14b,sy11z,sy18g,sy11b,sy11c,sy120,sy121,sy12h,syjp,sy2vi,sy66a,sy116,sy117,sy119,epYOx?
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 39

Chrome Cache Entry: 40

Chrome Cache Entry: 41

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 1080, Parent PID: 5892

General

File Activities

File Opened

File Created

File Deleted

File Moved

Other File Operations

Registry Activities

Key Deleted

Key Value Deleted

Process Activities

Process Created

Process Terminated