Edit tour

Windows Analysis Report
http://web.core.windows.net

Overview

General Information

Sample URL:	http://web.core.windows.net
Analysis ID:	1424682
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 7008 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://web.core.windows.net/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6152 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1948,i,8709819896451024238,16471427870947536288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

• AV Detection
• Compliance
• Networking
• System Summary
• Boot Survival

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://xrphash.com	Avira URL Cloud: Label: malware
Source: https://xverge.cloud/account/dashboard	Avira URL Cloud: Label: malware
Source: https://xverge.cloud	Avira URL Cloud: Label: malware

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49745 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MsH4nwFO8+RpMSK&MD=arBo7F6t HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=ht&oit=1&cp=2&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=htt&oit=1&cp=3&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http&oit=1&cp=4&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https&oit=1&cp=5&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A&oit=4&cp=6&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxra&oit=3&cp=11&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxr&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fv&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv1&oit=3&cp=11&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15&oit=3&cp=12&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.&oit=3&cp=13&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z&oit=3&cp=14&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z1&oit=3&cp=15&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16&oit=3&cp=16&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.&oit=3&cp=17&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.we&oit=3&cp=19&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web&oit=3&cp=20&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.&oit=3&cp=21&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.co&oit=3&cp=23&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.cor&oit=3&cp=24&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core&oit=3&cp=25&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.&oit=3&cp=26&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.win&oit=3&cp=29&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.wind&oit=3&cp=30&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows&oit=3&cp=33&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.&oit=3&cp=34&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.ne&oit=3&cp=36&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.net&oit=3&cp=37&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MsH4nwFO8+RpMSK&MD=arBo7F6t HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: chromecache_75.1.dr	String found in binary or memory: ["https",["https","chat openai","https //quizlet.com live","https //www.ny.gov login","https //dmahs-nj.my.site.come/familycare","https //kahoot..com","https://mail.google.com/mail/u/0/#inbox","https://www.facebook.com","https://www.youtube.com","https://www.google.com"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[1300,600,553,552,551,550,403,402,401,400],"google:suggestsubtypes":[[512,433,131],[512,433,131,10],[512],[512],[512],[512],[44],[44],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":1300}] equals www.facebook.com (Facebook)
Source: chromecache_75.1.dr	String found in binary or memory: ["https",["https","chat openai","https //quizlet.com live","https //www.ny.gov login","https //dmahs-nj.my.site.come/familycare","https //kahoot..com","https://mail.google.com/mail/u/0/#inbox","https://www.facebook.com","https://www.youtube.com","https://www.google.com"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[1300,600,553,552,551,550,403,402,401,400],"google:suggestsubtypes":[[512,433,131],[512,433,131,10],[512],[512],[512],[512],[44],[44],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":1300}] equals www.youtube.com (Youtube)
Source: chromecache_69.1.dr	String found in binary or memory: ["https:",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","https://www.facebook.com","https://aka.ms/remoteconnect"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,555,554,553,552,551,550,401,400],"google:suggestsubtypes":[[512,433,131],[512,433],[512],[512],[512],[512,433,131],[512,433],[512,433,131],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}] equals www.facebook.com (Facebook)
Source: chromecache_79.1.dr	String found in binary or memory: ["https://",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","https://www.facebook.com","https://aka.ms/remoteconnect"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,555,554,553,552,551,550,401,400],"google:suggestsubtypes":[[512,433,131],[512,433],[512],[512],[512],[512,433,131],[512,433],[512,433,131],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}] equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: google.com

Source: chromecache_70.1.dr	String found in binary or memory: http://spaa.xyz/
Source: chromecache_77.1.dr	String found in binary or memory: http://www.preactor.org/
Source: chromecache_75.1.dr	String found in binary or memory: https://mail.google.com/mail/u/0/#inbox
Source: chromecache_76.1.dr	String found in binary or memory: https://vantage.pwc.com
Source: chromecache_76.1.dr	String found in binary or memory: https://view.multiplan.com
Source: chromecache_76.1.dr	String found in binary or memory: https://vimeo.com/
Source: chromecache_76.1.dr	String found in binary or memory: https://voice.google.com/
Source: chromecache_76.1.dr	String found in binary or memory: https://vportal.northwell.edu/
Source: chromecache_61.1.dr	String found in binary or memory: https://xbox.com/getapp
Source: chromecache_61.1.dr	String found in binary or memory: https://xfinity.com
Source: chromecache_61.1.dr	String found in binary or memory: https://xfinity.com/authorize
Source: chromecache_61.1.dr	String found in binary or memory: https://xfinity.com/password
Source: chromecache_78.1.dr, chromecache_77.1.dr	String found in binary or memory: https://xra.veloximaging.net
Source: chromecache_78.1.dr	String found in binary or memory: https://xray.cloud.getxray.app/api/v1/authenticate
Source: chromecache_78.1.dr	String found in binary or memory: https://xray.cloud.getxray.app/api/v2
Source: chromecache_78.1.dr	String found in binary or memory: https://xray.cloud.getxray.app/api/v2/authenticate
Source: chromecache_78.1.dr	String found in binary or memory: https://xray.cloud.getxray.app/api/v2/import/execution
Source: chromecache_78.1.dr	String found in binary or memory: https://xray.floridahealth.gov
Source: chromecache_78.1.dr	String found in binary or memory: https://xray.raymar.biz
Source: chromecache_78.1.dr	String found in binary or memory: https://xray.web.health.state.mn.us
Source: chromecache_78.1.dr, chromecache_77.1.dr	String found in binary or memory: https://xrayhours.com
Source: chromecache_78.1.dr	String found in binary or memory: https://xrayhours.com/ie
Source: chromecache_77.1.dr	String found in binary or memory: https://xrm.hoa-ir.com
Source: chromecache_77.1.dr	String found in binary or memory: https://xrphash.com
Source: chromecache_61.1.dr	String found in binary or memory: https://xtramath.org
Source: chromecache_62.1.dr	String found in binary or memory: https://xv15.z
Source: chromecache_67.1.dr	String found in binary or memory: https://xv15.z1
Source: chromecache_72.1.dr	String found in binary or memory: https://xv15.z16
Source: chromecache_74.1.dr	String found in binary or memory: https://xv15.z16.web
Source: chromecache_73.1.dr	String found in binary or memory: https://xv15.z16.web.
Source: chromecache_66.1.dr	String found in binary or memory: https://xv15.z16.web.core.
Source: chromecache_63.1.dr	String found in binary or memory: https://xv15.z16.web.core.windows.
Source: chromecache_65.1.dr	String found in binary or memory: https://xv15.z16.web.core.windows.net
Source: chromecache_70.1.dr	String found in binary or memory: https://xvcenso.gob.ve/
Source: chromecache_70.1.dr	String found in binary or memory: https://xverge.cloud
Source: chromecache_70.1.dr	String found in binary or memory: https://xverge.cloud/account/dashboard
Source: chromecache_70.1.dr	String found in binary or memory: https://xvpn.io
Source: chromecache_70.1.dr	String found in binary or memory: https://xvpn.io/products

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49745 version: TLS 1.2

Source: classification engine

Classification label: mal48.win@22/44@15/3

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://web.core.windows.net/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1948,i,8709819896451024238,16471427870947536288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1948,i,8709819896451024238,16471427870947536288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://web.core.windows.net	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://xvcenso.gob.ve/	0%	Avira URL Cloud	safe
https://xv15.z1	0%	Avira URL Cloud	safe
https://xrphash.com	100%	Avira URL Cloud	malware
https://xray.raymar.biz	0%	Avira URL Cloud	safe
http://spaa.xyz/	0%	Avira URL Cloud	safe
https://xverge.cloud/account/dashboard	100%	Avira URL Cloud	malware
https://xverge.cloud	100%	Avira URL Cloud	malware
https://xrayhours.com	0%	Avira URL Cloud	safe
http://www.preactor.org/	0%	Avira URL Cloud	safe
https://xv15.z16.web.	0%	Avira URL Cloud	safe
https://xrm.hoa-ir.com	0%	Avira URL Cloud	safe
https://xray.cloud.getxray.app/api/v2	0%	Avira URL Cloud	safe
https://xv15.z16.web	0%	Avira URL Cloud	safe
https://xv15.z16.web.core.windows.	0%	Avira URL Cloud	safe
https://xv15.z16	0%	Avira URL Cloud	safe
https://xray.web.health.state.mn.us	0%	Avira URL Cloud	safe
https://xv15.z	0%	Avira URL Cloud	safe
https://xrayhours.com/ie	0%	Avira URL Cloud	safe
https://xray.cloud.getxray.app/api/v2/authenticate	0%	Avira URL Cloud	safe
https://xray.cloud.getxray.app/api/v1/authenticate	0%	Avira URL Cloud	safe
https://xray.cloud.getxray.app/api/v2/import/execution	0%	Avira URL Cloud	safe
https://xv15.z16.web.core.	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.64.110	true	false	high
www.google.com	142.250.80.36	true	false	high
xv15.z16.web.core.windows.ne	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.wind&oit=3&cp=30&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.&oit=3&cp=17&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.we&oit=3&cp=19&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z&oit=3&cp=14&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxr&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core&oit=3&cp=25&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxra&oit=3&cp=11&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A&oit=4&cp=6&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows&oit=3&cp=33&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=ht&oit=1&cp=2&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.co&oit=3&cp=23&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http&oit=1&cp=4&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=htt&oit=1&cp=3&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web&oit=3&cp=20&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.&oit=3&cp=26&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.win&oit=3&cp=29&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z1&oit=3&cp=15&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16&oit=3&cp=16&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.ne&oit=3&cp=36&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.&oit=3&cp=21&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.&oit=3&cp=13&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https&oit=1&cp=5&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv1&oit=3&cp=11&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fv&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.cor&oit=3&cp=24&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.&oit=3&cp=34&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15&oit=3&cp=12&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://vantage.pwc.com	chromecache_76.1.dr	false		high
https://xv15.z1	chromecache_67.1.dr	false	Avira URL Cloud: safe	unknown
https://xvpn.io/products	chromecache_70.1.dr	false		high
https://xverge.cloud	chromecache_70.1.dr	false	Avira URL Cloud: malware	unknown
http://spaa.xyz/	chromecache_70.1.dr	false	Avira URL Cloud: safe	unknown
https://vportal.northwell.edu/	chromecache_76.1.dr	false		high
https://xvpn.io	chromecache_70.1.dr	false		high
https://xray.raymar.biz	chromecache_78.1.dr	false	Avira URL Cloud: safe	unknown
http://www.preactor.org/	chromecache_77.1.dr	false	Avira URL Cloud: safe	unknown
https://xverge.cloud/account/dashboard	chromecache_70.1.dr	false	Avira URL Cloud: malware	unknown
https://xv15.z16.web.	chromecache_73.1.dr	false	Avira URL Cloud: safe	unknown
https://xvcenso.gob.ve/	chromecache_70.1.dr	false	Avira URL Cloud: safe	unknown
https://xrphash.com	chromecache_77.1.dr	false	Avira URL Cloud: malware	unknown
https://xrayhours.com	chromecache_78.1.dr, chromecache_77.1.dr	false	Avira URL Cloud: safe	unknown
https://xfinity.com	chromecache_61.1.dr	false		high
https://xrm.hoa-ir.com	chromecache_77.1.dr	false	Avira URL Cloud: safe	unknown
https://xray.floridahealth.gov	chromecache_78.1.dr	false		high
https://xray.cloud.getxray.app/api/v2	chromecache_78.1.dr	false	Avira URL Cloud: safe	unknown
https://xv15.z16.web	chromecache_74.1.dr	false	Avira URL Cloud: safe	unknown
https://xv15.z16.web.core.windows.	chromecache_63.1.dr	false	Avira URL Cloud: safe	unknown
https://xtramath.org	chromecache_61.1.dr	false		high
https://xray.cloud.getxray.app/api/v2/authenticate	chromecache_78.1.dr	false	Avira URL Cloud: safe	unknown
https://xray.cloud.getxray.app/api/v1/authenticate	chromecache_78.1.dr	false	Avira URL Cloud: safe	unknown
https://xbox.com/getapp	chromecache_61.1.dr	false		high
https://xfinity.com/authorize	chromecache_61.1.dr	false		high
https://xrayhours.com/ie	chromecache_78.1.dr	false	Avira URL Cloud: safe	unknown
https://view.multiplan.com	chromecache_76.1.dr	false		high
https://xv15.z	chromecache_62.1.dr	false	Avira URL Cloud: safe	unknown
https://vimeo.com/	chromecache_76.1.dr	false		high
https://voice.google.com/	chromecache_76.1.dr	false		high
https://xfinity.com/password	chromecache_61.1.dr	false		high
https://xv15.z16	chromecache_72.1.dr	false	Avira URL Cloud: safe	unknown
https://xray.web.health.state.mn.us	chromecache_78.1.dr	false	Avira URL Cloud: safe	unknown
https://xray.cloud.getxray.app/api/v2/import/execution	chromecache_78.1.dr	false	Avira URL Cloud: safe	unknown
https://mail.google.com/mail/u/0/#inbox	chromecache_75.1.dr	false		high
https://xv15.z16.web.core.	chromecache_66.1.dr	false	Avira URL Cloud: safe	unknown
https://xra.veloximaging.net	chromecache_78.1.dr, chromecache_77.1.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
142.250.80.36	www.google.com	United States		15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved		unknown	unknown	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1424682
Start date and time:	2024-04-11 22:19:56 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://web.core.windows.net
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@22/44@15/3
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.65.163, 142.250.64.110, 172.253.122.84, 34.104.35.123, 23.206.121.5, 142.250.65.227, 142.250.80.78
Not all processes where analyzed, report is missing behavior information
VT rate limit hit for: http://web.core.windows.net

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 11 19:20:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.994453331327027
Encrypted:	false
SSDEEP:	48:8mid+T6arHgidAKZdA1FehwiZUklqehYy+3:8aT6Hy
MD5:	E82B18D492643711442378E00BC36BF1
SHA1:	B6ED0A7B457179DE5BE24AD7A9A624A7582FF5D2
SHA-256:	1E4B493F491FC466566095AA48005BBD3CC1EDF11F18936147363FEDA2B2B3AC
SHA-512:	60D1EFB4972EC0163118F60801330B5D43A322BF6AFC35BE931171B061A7E5EF72CEAE35771C99C6E4FB47408A8C369C23853DD4A9C17632CD91257D0646FBF6
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 11 19:20:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.011225832872616
Encrypted:	false
SSDEEP:	48:8yJd+T6arHgidAKZdA1seh/iZUkAQkqeh3y+2:8y6T09QWy
MD5:	E92EE058C62D1AE88111CA1C4BC0E2E1
SHA1:	51A6FBBD4CCE9DB8CA91F93EDC48D672D9DC1FA3
SHA-256:	563E7C3572BEFB1236007C2D16420912B2832F09EAD5D049407C5F6DE75019CE
SHA-512:	F3C590B413BD34478500AC73CE6E71D28EC8E9D21ADAC57B709957D8A961A9600D823C3B7E48B60D0C52E118914AD511D4A14B44DABD5C8822CE8394D7A6151C
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....{...M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.016738369991237
Encrypted:	false
SSDEEP:	48:8td+T6aAHgidAKZdA14meh7sFiZUkmgqeh7s1y+BX:8eTtnDy
MD5:	F9B27C92128293D0A3FE8DEFB814870B
SHA1:	22383EB651C5AC1257A5F28246F165215A57E24E
SHA-256:	317C5BEEF793E4F604A18D363767DB86B4E62B226B0CA3A89F343C3355FB3CC9
SHA-512:	8CD7FA501CD0762EBEC0D86D8135587AAAC265770B3128FC90F32CD2E9CA541C612C53B56240A32A546CD3C8BA91C8A3CF467FD2AFA9C04FF3483CF69FB5EC3A
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 11 19:20:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.006668489571077
Encrypted:	false
SSDEEP:	48:8md+T6arHgidAKZdA1TehDiZUkwqeh7y+R:8XTvNy
MD5:	704AC8D1A85322782E5979768AD1BAAA
SHA1:	B5BD422B45DE5F55399870EAD056BC16B02E2426
SHA-256:	650D3AECAFA7C924ED80C905A07042CB1740A070D0F1DBE1605687624A9B5F0D
SHA-512:	9F08608C6D905E73569AA30668127D31993024E5FC2A71C3661A32C2E2E251C18E56986870367C0FF5464E5035E54EE5921385849F1ADD4D7ECB30F8929A9F1F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 11 19:20:22 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.998783273425787
Encrypted:	false
SSDEEP:	48:8/d+T6arHgidAKZdA1dehBiZUk1W1qehxy+C:88Tv9Ry
MD5:	E3142DDC722A535D4A143C850E54A46E
SHA1:	1C545BE955A216C0A7BFFD78F4CA97DA0659A7A2
SHA-256:	7890BA8266D65417FA55C7B20A8A656911247CEFFA58BF728B058886B06E808B
SHA-512:	BEEF81333A5598B880926C948F3D24C395C09F9B40A5B5E66C74C1AEFFE3E9765C94A814A0E6F3F77973C220845F5566537D39D70D4BFDC3345B2DEF57BEA2D3
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,........M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Apr 11 19:20:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.005833894351007
Encrypted:	false
SSDEEP:	48:8Hpd+T6arHgidAKZdA1duTeehOuTbbiZUk5OjqehOuTbDy+yT+:8HaTTTfTbxWOvTbDy7T
MD5:	A29EF0B73FF4AFF0E68CBFE8D2D32C5E
SHA1:	ADFB04E2DDA0811C47E333FAC689243DBA437105
SHA-256:	7F93729D965E009F31ABDB76752F927D5EFEF5D214DB939F5BF989807675ED52
SHA-512:	5ADF445420BA8F162130D1145DAF5EFA34F6144F99C6CC85C6B63B0E15A8446EF894D0382A8D3A0E74641F07DF0BD4CBB4ACF38DB7EBEC11D466D8D7A2505744
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..../...M...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (663)
Category:	downloaded
Size (bytes):	668
Entropy (8bit):	5.1999526983546165
Encrypted:	false
SSDEEP:	12:u25iHI5XPa0Td3kdXnPpdqZpdjd0BHslriFuyegd7kwuhZw4mUfff0wzC3:OoII3UXnPzEzh0BHslguCd7F4qIfffV+
MD5:	D1965E62BCD59CFE28B133C89A7A7489
SHA1:	FA7A541BD442964DD656BD7EA7DAA70522704191
SHA-256:	D2A93CA02828FB9EC025B440637238C2E7DDAB9E5A7489C29E98404BF6951A81
SHA-512:	801A912C9BD20B044C53F45DE76ADE01F68002564E2F0E54520176608543108CD34078D0A685F442C69FA9BA9853892B34D2C7F74A34B29FFCD1E4B595EC600E
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://x",["https://xfinity.com","https://xtramath.org","https://xfinity.com/authorize","https://xfinity.com/password","https://xbox.com/getapp","https //xbox.11443","https //xcelsolutions..com","https //x.com login","https //xbox.com getapp","https //xfinity login"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[804,803,802,801,800,601,600,552,551,550],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[512],[512],[512],[512],[512]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (381)
Category:	downloaded
Size (bytes):	386
Entropy (8bit):	4.965813229629374
Encrypted:	false
SSDEEP:	12:u2zr/d8id8h5BHslriFDECwuZwwuv9w48wzC3:9Jr05BHslg+uZ53m+
MD5:	8729E47305E1B4D7AB2929D80C870C60
SHA1:	346EE78396CA6373915FAA04C2998E42B2B0402D
SHA-256:	E657089D01EB3F3A5EB56D930B193182F3525C8111EDCA41590E2C868D31B116
SHA-512:	56E0F7BAF1A218EFDA32DB1C1FA13470951C9F09B258247DDF750F177C3677016D2525B46695650804F17D95D3A0D1613D6103A48AEAFD896AD6BF3E83EFAE92
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z&oit=3&cp=14&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z",["https //xv15.zoom.us","https //xv15.zoom.us login"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.zoom.us"},{"mp":"\u2026 ","t":"//xv15.zoom.us login"}],"google:suggestrelevance":[601,600],"google:suggestsubtypes":[[160],[160]],"google:suggesttype":["TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (711)
Category:	downloaded
Size (bytes):	716
Entropy (8bit):	5.042848072357823
Encrypted:	false
SSDEEP:	12:u2Ez/dwxdwaEdwopdwwrxBHslriFDXJovwrswuZs9kwuX9w4swzC3:iBwbwa0wgwmxBHslgDXJymduZs9Fv++
MD5:	F7CCFFBF534EC462C91A2A5A64B362D0
SHA1:	9415FB5C529AE45377A71A6E13AC4602ADBD3A5C
SHA-256:	D877D6177518232DDD4E26DEB376145619099F9488C6E8E1F8A4DF109927E4B7
SHA-512:	F2C02E9E936B2A8F3B80AEA02DF1486F2589E4BF3DD109AD7EE80297B982AA9376171A76D207B86BD168540D7DFAC1062CF306301D27B6B1EC8B1039D14536E8
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.&oit=3&cp=34&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z16.web.core.windows.",["https //xv15.z16.web.core.windows.net","https //xv15.z16.web.core.windows.com","https //xv15.z16.web.core.windows.net login","https //xv15.z16.web.core.windows.com login"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.z16.web.core.windows.net"},{"mp":"\u2026 ","t":"//xv15.z16.web.core.windows.com"},{"mp":"\u2026 ","t":"//xv15.z16.web.core.windows.net login"},{"mp":"\u2026 ","t":"//xv15.z16.web.core.windows.com login"}],"google:suggestrelevance":[601,600,551,550],"google:suggestsubtypes":[[160],[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	132
Entropy (8bit):	4.710246536525393
Encrypted:	false
SSDEEP:	3:Vw2/JL7HwwBHsZAmuHbGWjLwWkzXFETH1u4:Vw2hPH5BHsZLqGAwWeXFEL13
MD5:	D544A78DDE8C339BD34F2209B5B89F24
SHA1:	5E26B5EAA74D34482527CC91ECFBC1717AC6B6CC
SHA-256:	9960C859F9340FCD1ABFB841BA2B0841CDFA94C670DC7601C8B66BC2119DFDCC
SHA-512:	6400384076F09032C3EE5A8E381121D08451F5F06BE09159F35211ED761EC360FA2C0A6A0BDEEA6081128CD80394B25CB19F875E8EBAFADAFACDDD649DBCB9C4
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.&oit=3&cp=13&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.",[],[],[],{"google:clientdata":{"bpc":true,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	157
Entropy (8bit):	4.854161221958523
Encrypted:	false
SSDEEP:	3:Vw2/JLvuN+wwBHsLpHbGWjLwWkzXFETH1u4:Vw2ha05BHsLRGAwWeXFEL13
MD5:	EC26EC03FA7686EEAF5A8196210A5DE3
SHA1:	8C709EEB92221A9E3CAD865848C143144710AD1A
SHA-256:	4C106086EB4416CDB3219FBE4FEA37D1ADB2B2BB862883F01089902C0D81C50B
SHA-512:	3D28B0C6CE1DEAFD1B7004C30948DABF008228486415F5A695DCB72F6C89791C6A359BF28E303BC5DCF1AE1C5BC71E354C7C58C01A60F3C42A0E1EFD6E1C18EF
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.net&oit=3&cp=37&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z16.web.core.windows.net",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (742)
Category:	downloaded
Size (bytes):	747
Entropy (8bit):	5.024380012283379
Encrypted:	false
SSDEEP:	12:u2Em/dw/EdwxdwHpdwvdwDBHslriFDGXHvZk9wuZsd7kwuy9w4UwzC3:ikwswbwHzwFwDBHslgDGXHvZkGuZsd74
MD5:	B1000C629529D57C163E5E553DB225DE
SHA1:	A6D9A164F8BACBA48B6150112DBA621A3164A349
SHA-256:	0639F567C7A58D66E02B2A8CAA3227F90662EC98553226A7B195FA7D28BCBCF0
SHA-512:	3CE0C84DE6055B5E326BA6D827DBFEDA38A5D77D21102D2E8964BF6AB2744A4C3E07A941716FD5CB2F16CCFAB3C59B560342D8F23685689AF3826823BC32E49B
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.&oit=3&cp=26&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z16.web.core.",["https //xv15.z16.web.core.com","https //xv15.z16.web.core.windows.net","https //xv15.z16.web.core.com login","https //xv15.z16.web.core.org","https //xv15.z16.web.core.mil"],["","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.z16.web.core.com"},{"mp":"\u2026 ","t":"//xv15.z16.web.core.windows.net"},{"mp":"\u2026 ","t":"//xv15.z16.web.core.com login"},{"mp":"\u2026 ","t":"//xv15.z16.web.core.org"},{"mp":"\u2026 ","t":"//xv15.z16.web.core.mil"}],"google:suggestrelevance":[601,600,552,551,550],"google:suggestsubtypes":[[160],[160],[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	135
Entropy (8bit):	4.7718609679946535
Encrypted:	false
SSDEEP:	3:Vw2/JLR4NwwBHsLpHbGWjLwWkzXFETH1u4:Vw2hi5BHsLRGAwWeXFEL13
MD5:	F1B6C76CC109FAB08929DD05DDA5C4CB
SHA1:	E97A33C882BFC1007A4C1E452DA70039E25C2F51
SHA-256:	BF8F3A97BCBB55EFACAAC4D1B2E80FABC15508D1BCFDF26DA327B4DD3B26E23B
SHA-512:	1D7BB1ADF9B091CBCBD24EA3AA0015B201C8CF32E45BD505EC9FF1B10B9FC47AFA06DE520218AFF022A729975142469057BED027509EE7CA5B831059195CBFCF
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z1&oit=3&cp=15&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z1",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (766)
Category:	downloaded
Size (bytes):	771
Entropy (8bit):	5.11557681396866
Encrypted:	false
SSDEEP:	24:M1gnDvbBHslgT9lCuABuPg7HHHHHHHYqmffffffo:DbKlgZ01BuYEqmffffffo
MD5:	208A853575598EA16DFF6CB1832B405F
SHA1:	9AA04487179F52C5CFC5BAF4B566A0BFAE0F627B
SHA-256:	554AF352F7F08534AE012CDF1AC5AFD86B50605B78F32657501FB4609C2FA8CB
SHA-512:	C50EA01663E2B1FD26380DD8307811DAC932B77C74A906A141718EA68DE6608D88B94CCA802858F832C1ECA1936BE454CCC96E8098CD9B704077786DA4BA6E19
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["cicadas emerge","udio ai music generator","cod warzone high trip","dallas mavericks vs miami heat","mortgage interest rates","movie trailer civil war","detroit tigers postponed","burnet texas eclipse festival death"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1252,1251,1250,654,653,652,651,650],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (711)
Category:	downloaded
Size (bytes):	716
Entropy (8bit):	5.201590789819197
Encrypted:	false
SSDEEP:	12:u2F/BjhOLwNxL/LcnYpXLT8NXoBHslriFuZsPFVVDwuSESbJZw4/fffffffswzC3:phcSxH5qXoBHslguZsPF/k5EQcmffffA
MD5:	CBC6A1D2DAC8C36C1626CC31CDEB7AA1
SHA1:	7E20EBC84825488537DFA3822BBB99845DC3A645
SHA-256:	84B3892AABE272A4B812F74A399C99540DB921A0914D8686F4F5218AFE13D371
SHA-512:	3306F7460867E275C49EBA7B7EC262666ECB7B7C5742F1F3485020128C81E7805796EEDCDA1E1C4E77FF85071CEE24631621FBDDBA674D4A89EC4CE1ABCB756C
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A&oit=4&cp=6&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https:",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","https://www.facebook.com","https://aka.ms/remoteconnect"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,555,554,553,552,551,550,401,400],"google:suggestsubtypes":[[512,433,131],[512,433],[512],[512],[512],[512,433,131],[512,433],[512,433,131],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (678)
Category:	downloaded
Size (bytes):	683
Entropy (8bit):	5.205975657032551
Encrypted:	false
SSDEEP:	12:u2K2F6xwpanN/pPtNM/dCdlkdbp7c1mBHslriFuHig9kwuUXWWWCw4muff0wzC3:sq6xpPFN6eKbp74mBHslguH79FJWWW7H
MD5:	ACF36C9CEC2FA59F70DCED5383D69C07
SHA1:	B3849689995FBB4168C746CCAA6F87AC29065FD5
SHA-256:	9F0338E3443A6517EFA3DD5F3CBFD506FB69E2AE7C7458A7FD9304E926FFFBAF
SHA-512:	024F4238917DC30DA1181CC143E3086ABFE73D9AD7B901776E87562FAF88E6D42F9D722ACE2D2CD63B0CD2AEAFEA252F84BE44F9BC4C123D2105E5A4D1AC2FF2
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv",["https://xverge.cloud","https://xverge.cloud/account/dashboard","https://xvpn.io/products","https://xvpn.io","http://spaa.xyz/","https://xvcenso.gob.ve/","(https //xviz.com/pricing/","https //xv","https //xvcenso.gob.ve registro","https xview mx tv vivo"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[805,804,803,802,801,800,601,600,551,550],"google:suggestsubtypes":[[44],[44],[44],[44],[44,10],[44],[22,30],[22,30],[22,30],[22,30]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (602)
Category:	downloaded
Size (bytes):	607
Entropy (8bit):	4.856108084571262
Encrypted:	false
SSDEEP:	12:u24TQKLg0hpy1m9irPmAZGBHslriFuzPF7kwun9w4/ffffffff0wzC3:MQK00hpemEr+AZGBHslguzPF7FoGmffg
MD5:	5E683CE9DC1BCC8151D72768FD4814A7
SHA1:	4947893F6795B043A139ED7178805AC44749AAFC
SHA-256:	CC646DDA0720D778037564F2A2433EDF0CC01D293E863945E08D22DBE29F4A75
SHA-512:	C9CBBD0D256F18624D409944C2245E6BCD973A5B0D7C771C9B871E24060B6D9AC175E77128E44142947A8C1E5D1AF97412F68AEF302EDA0258D63721395FEB8F
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15&oit=3&cp=12&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15",["xv15","xv15 stealth suit","xv152-e6-10tvrc-10","xv15se","xv15 stealth suit stl","xv15 suit","xv15 vs xv25","xv15 stealth battlesuit","xv15 pickering","xv15 stealth suit conversion"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[852,800,601,600,555,554,553,552,551,550],"google:suggestsubtypes":[[512,13],[512,13],[512,13],[512,13],[512,13],[512,13],[512,13],[512,13],[512,13],[512,13]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	297
Entropy (8bit):	4.946865026106595
Encrypted:	false
SSDEEP:	6:Vw2h/j6/d954YNnBHsL2YriFGhRJ3CwGHLTwGRVCJrwGd0wWeXFEL13:u25W/dBnBHslriFZwuPwugw40wzC3
MD5:	6F768434770DE823E80DE2BB3EFC3265
SHA1:	AE469F0E088D4577CC235B51AEA214F69CB78CE1
SHA-256:	77C12BAE292201B260ABBD95FB18CCF9F7BC46BA99FB3F5BAA9F33F4C8528039
SHA-512:	BE3E598DFC2520F353229B0CFFB7EB2CE59FC7B68C3471DC0FBB06E62811CE0EBA221F06616935B559BD9368986C2F631A8ABE832B38A03FF6B072948A164A9D
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16&oit=3&cp=16&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z16",["https //xv15.z163.com"],[""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.z163.com"}],"google:suggestrelevance":[600],"google:suggestsubtypes":[[160]],"google:suggesttype":["TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (606)
Category:	downloaded
Size (bytes):	611
Entropy (8bit):	4.997416665345778
Encrypted:	false
SSDEEP:	12:u22/dwHdOFd2dM/BHslriFDdlCwuZs9kwuX9w4swzC3:mw9On6M/BHslgDdl7uZs9Fv++
MD5:	31CDCEEB640B41B205C835B12048B26F
SHA1:	1FA5F99A749D99915EB0C056401420E4C30D679C
SHA-256:	B9D2978CC9F46102D4391E9F0E762197F4616460B6D733483024725B15D3D69F
SHA-512:	5293F1F125D3002B059AFF97A4B30A7A529AF88062C37CB8FFEE9A051DB188A61DFE9908F3FA08AD3AE64BFD76939678C5A9A0FC24AD01ECC4059107FBBDACF4
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.&oit=3&cp=21&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z16.web.",["https //xv15.z16.web.com","https //xv15.z16.web.zoom.us","https //xv15.z16.web.telegram","https //xv15.z16.web.telegram.org"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.z16.web.com"},{"mp":"\u2026 ","t":"//xv15.z16.web.zoom.us"},{"mp":"\u2026 ","t":"//xv15.z16.web.telegram"},{"mp":"\u2026 ","t":"//xv15.z16.web.telegram.org"}],"google:suggestrelevance":[601,600,551,550],"google:suggestsubtypes":[[160],[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (486)
Category:	downloaded
Size (bytes):	491
Entropy (8bit):	5.007999585223081
Encrypted:	false
SSDEEP:	12:u20/dtEdJdO5BHslriFheDK9wuZsukwu69w4kwzC3:kaTO5BHslgIRuZsuFkw+
MD5:	9240677E0CA04EAB63A9673D78014C6F
SHA1:	DD918E1389D09AA36C4C90DEC977D3AD237AF153
SHA-256:	BFD8216191A4B8AE4FD7FE2E7CF353AC5796489CE65AE373DB6BFF1CE127EAD6
SHA-512:	8E15E303A38BEDD40A9E62ACD9D717CA9159798CDC7C30F28100A137AC6FFF9AF220AB791D21C39E98CE3E10585A28D4A647BED4DB1444DE63EDD09BD78CD0D5
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web&oit=3&cp=20&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xv15.z16.web",["https //xv15.z16.web/","https //xv15.z16.webex.com","https //xv15.z16.web.zoom.us"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.z16.web/"},{"mp":"\u2026 ","t":"//xv15.z16.webex.com"},{"mp":"\u2026 ","t":"//xv15.z16.web.zoom.us"}],"google:suggestrelevance":[601,600,550],"google:suggestsubtypes":[[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (681)
Category:	downloaded
Size (bytes):	686
Entropy (8bit):	5.2262801886874435
Encrypted:	false
SSDEEP:	12:u2NwKJN2NxL/BjhOLwlRuuOKhG94ZBHslriFuOlFVVowuSPJZw4/fffffswzyV:EKJ+xJhcGAulQkBHslgu0F/h5Pcmfffi
MD5:	0D855EA0C0F762239E25CD8A343129F3
SHA1:	497984B694E5CCE735C0A84E998E4E6885504D99
SHA-256:	511159FD96E21709874AED8136F43C5DBDECB4CE74C417ECC525A7DDA862204B
SHA-512:	9C3E6BBB92102102A11E756FF46EE4B9377D649E6E9934D33F782CFD76D4DC3B52780E232B7AE8DE9F2187C1F3CBFAC59CD6E76D0F89AAA9B71915A504BE6416
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https&oit=1&cp=5&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https",["https","chat openai","https //quizlet.com live","https //www.ny.gov login","https //dmahs-nj.my.site.come/familycare","https //kahoot..com","https://mail.google.com/mail/u/0/#inbox","https://www.facebook.com","https://www.youtube.com","https://www.google.com"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[1300,600,553,552,551,550,403,402,401,400],"google:suggestsubtypes":[[512,433,131],[512,433,131,10],[512],[512],[512],[512],[44],[44],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":1300}]

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (704)
Category:	downloaded
Size (bytes):	709
Entropy (8bit):	5.1760328512774265
Encrypted:	false
SSDEEP:	12:u2vZhS6nA9Kp9R76EKqw35pMJrpapU8EspbKT1BHslriFuyegd7kwu2w4mUfff0B:Xh/dpw8gKOuT1BHslguCd7FuIfffV+
MD5:	32FF027A190363958B67D72A1CB78624
SHA1:	D93843FE55DA68678F9DA121D4D210D06EA1456F
SHA-256:	1AD049D74A8E61A5EF31DF773F2A1F9CCF4DC200368077EB03E434A6FC3D1012
SHA-512:	1776C1FD42F9A48A12A9D64A51D4AC62A3FC849B7A4D034D734EBBEFB84DD93CF1F818CA42954F3CF5A50920A874536C9A13334A408DE01790C66617B70F22D2
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fv&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://v",["https://vantage.pwc.com","https://vportal.northwell.edu/","https://voice.google.com/","https://view.multiplan.com","https://vimeo.com/","https //venmo.com login","https //vimeo.com login","https //vanguard.com login","https //verizonadministrativechargesettlement.com legit","vrxpro covetrus"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[804,803,802,801,800,601,600,552,551,550],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[512],[512],[512],[512],[512,10]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (473)
Category:	downloaded
Size (bytes):	478
Entropy (8bit):	5.137978236516578
Encrypted:	false
SSDEEP:	12:u2VrmgJ4TEdnWGBHslriFuyehwuEQw4mPwzC3:CM7WGBHslgu4rM+
MD5:	32DD9BD40FF3D94352919E4A3115EDCE
SHA1:	E755ED617237119A0A0B50E8B4D932D5B5D8F2A8
SHA-256:	B84828C766F8F7634838F9316F813FC3501F52B5B5320378A5295456250EA2F6
SHA-512:	604D2026A8DD8130C0135C85B8FD8DE9087002C57F8D8AC1715133664982EDCBE508161205E543AF439E7D46B2BC1CDDE68A6F520D4C28810112B92E8A665322
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxr&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xr",["https://xrayhours.com","https://xrm.hoa-ir.com","http://www.preactor.org/","https://xrphash.com","https://xra.veloximaging.net","xrpscan"],["","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[804,803,802,801,800,600],"google:suggestsubtypes":[[44],[44],[44,10],[44],[44],[512,455,10]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (811)
Category:	downloaded
Size (bytes):	816
Entropy (8bit):	5.106955688196125
Encrypted:	false
SSDEEP:	12:u20mgJ+dnH+GCLQUxyUmrCYr7CDI7C1HOgVmBHslriFuBL0/wu5JZw4mFwzC3:jMQH+GCkX5CWCU7CgxBHslgudtGcK+
MD5:	503CFE86045D5D64084AD6C863D253DF
SHA1:	897C9E639AA3AC201A1BC842A08CA75FD5AB4894
SHA-256:	81CD64BBE861FAD817A41EDC0BB0024D7598CF6FAB1DC9C72FD4A49B1429ABF3
SHA-512:	43C99A909251C46D66F6E8ADABC8EF54C04DA55277C65C2A0270F0D8BD6C2A75A910EE0BB7BC81BC52C7EB13D470111470975173798ECF14911DE240F9357D82
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxra&oit=3&cp=11&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://xra",["https://xrayhours.com","https://xra.veloximaging.net","https://xrayhours.com/ie","https://xray.cloud.getxray.app/api/v2/authenticate","https://xray.web.health.state.mn.us","https://xray.cloud.getxray.app/api/v1/authenticate","https://xray.raymar.biz","https://xray.cloud.getxray.app/api/v2/import/execution","https://xray.cloud.getxray.app/api/v2","https://xray.floridahealth.gov"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[809,808,807,806,805,804,803,802,801,800],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[44],[44],[44]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}]

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (713)
Category:	downloaded
Size (bytes):	718
Entropy (8bit):	5.200925416249309
Encrypted:	false
SSDEEP:	12:u206/BjhOLwNxL/LcnYpXLT8NXoBHslriFuZsPFVVDwuSESbJZw4/fffffffswzy:HhcSxH5qXoBHslguZsPF/k5EQcmffffA
MD5:	8E2AFB2C3F3274E9718B80E00DB23CDC
SHA1:	F748E8F60162156CFCBF10B74D7721E004ABB024
SHA-256:	AFB986C279E1AA5BF803F3CAE177DF6D479060226765CB8232E2329672FB5EB8
SHA-512:	2C68FA336B4D79DCB035FFBD06638CF519904C52D5A8159636F058028CFD31CD27D42BA734E10428A88E3E4F0C1645177E7FFBDB26ECBA521682CE8B6378930F
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https://",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","https://www.facebook.com","https://aka.ms/remoteconnect"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,555,554,553,552,551,550,401,400],"google:suggestsubtypes":[[512,433,131],[512,433],[512],[512],[512],[512,433,131],[512,433],[512,433,131],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}]

Static File Info

⊘No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 440
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 11, 2024 22:20:26.494328976 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:26.494412899 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:26.494523048 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:26.494815111 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:26.494836092 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:26.689677954 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:26.690080881 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:26.690113068 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:26.691657066 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:26.691756010 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:26.693125010 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:26.693222046 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:26.741530895 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:26.741589069 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:26.789513111 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:30.541891098 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 11, 2024 22:20:30.856540918 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 11, 2024 22:20:31.461559057 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 11, 2024 22:20:32.673554897 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 11, 2024 22:20:35.077498913 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 11, 2024 22:20:36.454453945 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:36.454504013 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:36.454607964 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:36.456657887 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:36.456685066 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:36.682157993 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:36.682315111 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:36.682389975 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:36.833332062 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:36.833420038 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:36.833529949 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:36.834891081 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:36.834924936 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:36.923614979 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:36.923737049 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:36.928647995 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:36.928670883 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:36.928921938 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:36.978451014 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:36.987807035 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:37.017927885 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.018079996 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.020670891 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.020698071 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.021116972 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.028244019 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.056962967 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.100235939 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.185432911 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.185612917 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.185723066 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.185723066 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.185812950 CEST	49706	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.185854912 CEST	443	49706	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.252032042 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.252079010 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.252172947 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.252468109 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.252481937 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.374082088 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.374104023 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.374110937 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.374119997 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.374147892 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.374190092 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:37.374226093 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.374249935 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:37.374264002 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.374285936 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:37.374383926 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:37.386127949 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:37.386153936 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.386167049 CEST	49705	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:20:37.386173964 CEST	443	49705	20.114.59.183	192.168.2.16
Apr 11, 2024 22:20:37.432768106 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.432859898 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.434118032 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.434134960 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.434470892 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.435586929 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.476258993 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.660590887 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.660810947 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.660886049 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.661645889 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.661676884 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.661689043 CEST	49707	443	192.168.2.16	23.51.58.94
Apr 11, 2024 22:20:37.661695004 CEST	443	49707	23.51.58.94	192.168.2.16
Apr 11, 2024 22:20:37.870398998 CEST	49699	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:37.870440960 CEST	443	49699	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.382082939 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.382129908 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.382308006 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.382741928 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.382757902 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.570825100 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.571276903 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.571310997 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.571676016 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.572117090 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.572289944 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.572314978 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.618505001 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.618535995 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.714891911 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 11, 2024 22:20:38.765902996 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.766088963 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.766257048 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.766299963 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.768057108 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:38.768141985 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.768224955 CEST	49708	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:38.768243074 CEST	443	49708	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:39.017483950 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 11, 2024 22:20:39.631453991 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 11, 2024 22:20:39.887593985 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 11, 2024 22:20:40.842559099 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 11, 2024 22:20:43.186758041 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 11, 2024 22:20:43.250539064 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 11, 2024 22:20:43.490794897 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 11, 2024 22:20:44.096496105 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 11, 2024 22:20:44.452786922 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.452873945 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.452984095 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.453229904 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.453267097 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.561460018 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.561499119 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.561574936 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.561842918 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.561861038 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.640942097 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.641310930 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.641341925 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.641652107 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.641984940 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.642049074 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.642165899 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.684245110 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.704493046 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.704577923 CEST	443	49709	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.704636097 CEST	49709	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.705468893 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.705497980 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.705566883 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.705801964 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.705811977 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.744064093 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.744390011 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.744415045 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.744698048 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.744997978 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.745048046 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.745141029 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.792237043 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.800534010 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.800601006 CEST	443	49710	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.800647974 CEST	49710	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.806583881 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.806617022 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.806699038 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.806963921 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.806972027 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.890022039 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.890387058 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.890403986 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.891474009 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.891577005 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.891861916 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.891923904 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.892009974 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.892018080 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.928508043 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.928621054 CEST	443	49711	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.928687096 CEST	49711	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.931852102 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.931876898 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.931952000 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.932363987 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.932377100 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.985492945 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.985780001 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.985804081 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.986882925 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.986958981 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.987242937 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.987303972 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:44.987380981 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:44.987387896 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.037615061 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.120254993 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.120585918 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.120619059 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.121509075 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.121613979 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.121907949 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.122025013 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.163594961 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.163608074 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.190109015 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.190149069 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.190265894 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.190289021 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.193648100 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.193708897 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.193800926 CEST	49712	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.193811893 CEST	443	49712	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.215750933 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.297097921 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.310525894 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 11, 2024 22:20:45.340229988 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.413258076 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.413392067 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.413465023 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.413485050 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.418184996 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:45.418273926 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.418373108 CEST	49713	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:45.418386936 CEST	443	49713	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.222193003 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.222275019 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.222569942 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.222637892 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.222655058 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.332992077 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.333060026 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.333168030 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.333431959 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.333462000 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.405787945 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.406090975 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.406147957 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.406461954 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.406744957 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.406814098 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.406874895 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.448265076 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.510695934 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.511008978 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.511068106 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.511394024 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.511663914 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.511732101 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.554512978 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.604895115 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.605004072 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.605324984 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.605386019 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.608125925 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:46.608208895 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.608315945 CEST	49714	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:46.608346939 CEST	443	49714	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:47.719559908 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 11, 2024 22:20:48.055455923 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 11, 2024 22:20:49.493587017 CEST	49673	443	192.168.2.16	204.79.197.203
Apr 11, 2024 22:20:50.164814949 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.208278894 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.285721064 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.285758972 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.285840034 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.285872936 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.287636995 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.287729025 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.287807941 CEST	49715	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.287834883 CEST	443	49715	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.436319113 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.436357021 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.436480045 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.436702013 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.436717987 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.580049992 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.580085993 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.580174923 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.580415964 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.580434084 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.625279903 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.625675917 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.625705004 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.627260923 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.627655029 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.627824068 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.627830982 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.627851009 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.673470974 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.757483959 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.757833958 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.757860899 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.758162975 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.758480072 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.758538961 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.801475048 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.835571051 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.835680008 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.835741997 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.835768938 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.838613987 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:50.838689089 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.838759899 CEST	49716	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:50.838789940 CEST	443	49716	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.223490953 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.264266014 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.337661982 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.340977907 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.341144085 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.341892958 CEST	49717	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.341907024 CEST	443	49717	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.682301044 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.682395935 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.682508945 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.682737112 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.682773113 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.863025904 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.863497019 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.863529921 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.863835096 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.864146948 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.864304066 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:51.864310980 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.864968061 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:51.919584036 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.068367958 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.068408012 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.068491936 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.068561077 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.071897030 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.072056055 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.072056055 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.242664099 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.242697954 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.242798090 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.243035078 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.243051052 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.383507967 CEST	49718	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.383553028 CEST	443	49718	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.429398060 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.429816961 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.429831028 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.430217981 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.430542946 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.430603027 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.430684090 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.472276926 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.527472973 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 11, 2024 22:20:52.636640072 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.636672974 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.636786938 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.636810064 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.640964985 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:52.641052008 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.641145945 CEST	49719	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:52.641160011 CEST	443	49719	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.234432936 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.234462023 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.234555006 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.234776974 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.234788895 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.414356947 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.414740086 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.414757013 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.415082932 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.415391922 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.415463924 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.415540934 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.460232973 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.612804890 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.612845898 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.612915993 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.612932920 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.616431952 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:53.616499901 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.616580009 CEST	49720	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:53.616592884 CEST	443	49720	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.479377985 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.479423046 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.479507923 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.479748964 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.479765892 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.668246984 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.668605089 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.668628931 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.670087099 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.670413017 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.670540094 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.670568943 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.716231108 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.716542006 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.870245934 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.870284081 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.870538950 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.870562077 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.873476982 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:54.873565912 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.873631001 CEST	49721	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:54.873648882 CEST	443	49721	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.439001083 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.439086914 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.439198971 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.439505100 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.439543962 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.627557039 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.628050089 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.628112078 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.629611015 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.629954100 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.630096912 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.630109072 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.630156040 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.674585104 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.821470976 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.821504116 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.821583986 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.821619987 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.824655056 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:55.824742079 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.824827909 CEST	49722	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:55.824870110 CEST	443	49722	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.156785011 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.156871080 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.156974077 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.157300949 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.157335997 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.335072041 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.335486889 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.335547924 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.335880995 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.336189032 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.336266994 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.336338997 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.384238005 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.549501896 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.549539089 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.549607038 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.549648046 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.554181099 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.554282904 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.554343939 CEST	49723	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.554361105 CEST	443	49723	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.597676039 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.597762108 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.597875118 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.598124981 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.598161936 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.777293921 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.777692080 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.777719021 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.778048992 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.778350115 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.778418064 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.778501987 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.820230007 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.931318045 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.931379080 CEST	443	49724	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.931442976 CEST	49724	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.932229042 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.932265043 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:56.932342052 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.932565928 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:56.932576895 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.117569923 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.117882013 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.117896080 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.119543076 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.119633913 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.119919062 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.119999886 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.120064974 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.120069981 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.168431044 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.434377909 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.437629938 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.437700987 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.437725067 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.437794924 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.437841892 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.438780069 CEST	49725	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:20:57.438798904 CEST	443	49725	142.250.80.36	192.168.2.16
Apr 11, 2024 22:20:57.662477016 CEST	49678	443	192.168.2.16	20.189.173.10
Apr 11, 2024 22:21:00.872359037 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:00.872407913 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:00.872494936 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:00.872807980 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:00.872818947 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.052406073 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.054261923 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.054280043 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.054754972 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.055100918 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.055175066 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.055278063 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.096239090 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.320971966 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.323324919 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.323452950 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.324244976 CEST	49726	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.324258089 CEST	443	49726	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.528181076 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.528202057 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.528312922 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.528614044 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.528625011 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.717818022 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.718185902 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.718204975 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.719399929 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.719898939 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.720088959 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.720114946 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.760238886 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.765471935 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.944207907 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.947052956 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:01.947130919 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.947952986 CEST	49727	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:01.947976112 CEST	443	49727	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.132564068 CEST	49680	80	192.168.2.16	192.229.211.108
Apr 11, 2024 22:21:02.295624971 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.295660973 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.295772076 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.296055079 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.296068907 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.480654955 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.481055975 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.481074095 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.481420994 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.481825113 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.481889963 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.482008934 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.524235010 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.727762938 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.729522943 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.729703903 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.730703115 CEST	49728	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.730722904 CEST	443	49728	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.791752100 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.791780949 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.791877031 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.792180061 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.792197943 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.981201887 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.981583118 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.981661081 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.982218027 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.982705116 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:02.982836008 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:02.982836962 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:03.024247885 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:03.028554916 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:03.206376076 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:03.208848953 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:03.212954998 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:03.214313030 CEST	49729	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:03.214371920 CEST	443	49729	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:04.689857960 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:04.689940929 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:04.690057993 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:04.690433979 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:04.690469027 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:04.868038893 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:04.868540049 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:04.868602991 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:04.868927002 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:04.869337082 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:04.869462967 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:04.869523048 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:04.910716057 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:04.910775900 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.008382082 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.008517027 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.008699894 CEST	443	49730	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.008759975 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.008759975 CEST	49730	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.009448051 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.009531975 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.009789944 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.009907007 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.009938002 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.121017933 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.121099949 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.121203899 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.121417046 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.121448994 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.187989950 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.188455105 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.188517094 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.189611912 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.189834118 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.190201998 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.190282106 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.190306902 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.190332890 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.245634079 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.245692015 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.291569948 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.306334019 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.306828022 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.306853056 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.307550907 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.308064938 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.308324099 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.354445934 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.387866020 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.388083935 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.388283014 CEST	443	49731	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.388315916 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.388391018 CEST	49731	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.388664007 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.436227083 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.542890072 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.546150923 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:05.546228886 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.547147989 CEST	49732	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:05.547163963 CEST	443	49732	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:06.838861942 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:06.838908911 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:06.839025974 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:06.839266062 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:06.839282990 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.018002987 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.018403053 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.018424034 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.019121885 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.019566059 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.019649982 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.019745111 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.064271927 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.256464005 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.259320974 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.259412050 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.259474039 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.259660006 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.259717941 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.260752916 CEST	49733	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.260787964 CEST	443	49733	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.734461069 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.734507084 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.734586000 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.734937906 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.734949112 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.845810890 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.845846891 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.845916033 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.846232891 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.846251965 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.921559095 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.922029018 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.922058105 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.922631979 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.923033953 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.923110962 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.923188925 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.964250088 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.972726107 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.972809076 CEST	443	49734	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.972877026 CEST	49734	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.974005938 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.974036932 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:07.974173069 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.974370003 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:07.974385977 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.030172110 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.030524015 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.030548096 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.032007933 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.032104015 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.032494068 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.032572985 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.032644033 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.032655954 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.036756992 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.036799908 CEST	443	49735	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.036856890 CEST	49735	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.083756924 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.083796024 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.083908081 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.084189892 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.084208965 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.156817913 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.157231092 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.157257080 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.158690929 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.158814907 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.159420013 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.159420013 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.159445047 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.159507990 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.210592985 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.210618019 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.257505894 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.263683081 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.264009953 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.264036894 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.265681982 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.265784025 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.266158104 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.266238928 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.277304888 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.277508020 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.277733088 CEST	443	49736	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.277757883 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.277823925 CEST	49736	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.277915001 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.277944088 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.321645975 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.500139952 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.500181913 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.500296116 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.500325918 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.504528046 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.504664898 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.504704952 CEST	49737	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.504726887 CEST	443	49737	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.548202038 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.548248053 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.548475027 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.548640013 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.548657894 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.676455021 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.676537037 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.676799059 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.676912069 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.676942110 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.738302946 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.738766909 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.738799095 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.740305901 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.740737915 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.740842104 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.785571098 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.786603928 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.832240105 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.857331038 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.857691050 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.857748985 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.858237028 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.858572960 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.858661890 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.898377895 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.898463964 CEST	443	49738	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.898531914 CEST	49738	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.899149895 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.944231987 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.962450027 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:08.962526083 CEST	443	49739	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:08.962603092 CEST	49739	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.009849072 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.009892941 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.009988070 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.010262966 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.010282040 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.120666981 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.120712996 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.120816946 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.121119022 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.121131897 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.190545082 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.190901995 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.190929890 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.192405939 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.192487001 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.192873001 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.192950964 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.231353998 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.231373072 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.277458906 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.301093102 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.301356077 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.301419020 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.302931070 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.303023100 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.303277016 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.303365946 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.343444109 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.343554020 CEST	443	49740	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.343626022 CEST	49740	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.344547987 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.344569921 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.389873981 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.537677050 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.537729979 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.537914991 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.537977934 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.541738987 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.541817904 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.541897058 CEST	49741	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.541927099 CEST	443	49741	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.552783012 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.552867889 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.552985907 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.553256989 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.553280115 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.662483931 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.662517071 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.662589073 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.662873983 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.662894964 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.740056038 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.740557909 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.740587950 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.741154909 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.741602898 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.741688967 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.741764069 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.759629011 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.759654045 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.759713888 CEST	443	49742	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.759793043 CEST	49742	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.764236927 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.764272928 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.764632940 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.764755964 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.764774084 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.842327118 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.842672110 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.842689037 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.843149900 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.843461990 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.843545914 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.843605995 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.888237953 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.952064037 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.952501059 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.952528000 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.954166889 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.954297066 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.954679966 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.954771996 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:09.996644020 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:09.996654987 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:10.044614077 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:10.055663109 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:10.058301926 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:10.058374882 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:10.059098959 CEST	49743	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:10.059120893 CEST	443	49743	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:13.685173988 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:13.685230970 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:13.685318947 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:13.685843945 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:13.685861111 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.155601025 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.155755043 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:14.158111095 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:14.158123970 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.158525944 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.160293102 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:14.204231024 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.610096931 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.610129118 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.610148907 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.610327959 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:14.610363007 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.610462904 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:14.613303900 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:14.613322020 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:14.613338947 CEST	49745	443	192.168.2.16	20.114.59.183
Apr 11, 2024 22:21:14.613347054 CEST	443	49745	20.114.59.183	192.168.2.16
Apr 11, 2024 22:21:19.946024895 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:19.946111917 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:19.946166039 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:20.500982046 CEST	49744	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:20.501018047 CEST	443	49744	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:26.468851089 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:26.468939066 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:26.469084024 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:26.469362020 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:26.469402075 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:26.658574104 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:26.659060001 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:26.659096003 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:26.661060095 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:26.661380053 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:26.661484957 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:26.706600904 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:33.277504921 CEST	49688	443	192.168.2.16	204.79.197.200
Apr 11, 2024 22:21:36.647248030 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:36.647418976 CEST	443	49747	142.250.80.36	192.168.2.16
Apr 11, 2024 22:21:36.647500992 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:37.866137028 CEST	49747	443	192.168.2.16	142.250.80.36
Apr 11, 2024 22:21:37.866173983 CEST	443	49747	142.250.80.36	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 11, 2024 22:20:21.670258045 CEST	53	52415	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:21.676913977 CEST	53	61284	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:21.677066088 CEST	53	64173	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:21.723683119 CEST	53	50031	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:21.846307039 CEST	53	57682	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:21.871898890 CEST	62662	53	192.168.2.16	8.8.8.8
Apr 11, 2024 22:20:21.872262955 CEST	58889	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:20:21.955955029 CEST	53	58889	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:21.963121891 CEST	53	62662	8.8.8.8	192.168.2.16
Apr 11, 2024 22:20:22.261934996 CEST	53	53337	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:22.974318027 CEST	53	53978	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:22.974459887 CEST	53	60309	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:26.408493042 CEST	64577	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:20:26.409013033 CEST	57390	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:20:26.493052006 CEST	53	57390	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:26.493089914 CEST	53	64577	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:28.084903002 CEST	53	62843	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:28.085625887 CEST	53	64236	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:28.178363085 CEST	53	65461	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:39.317620039 CEST	53	53511	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:58.124777079 CEST	53	58925	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:58.289621115 CEST	53	50211	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:58.289680958 CEST	53	53004	1.1.1.1	192.168.2.16
Apr 11, 2024 22:20:58.383529902 CEST	53	57245	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:13.207438946 CEST	53	61087	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:20.585233927 CEST	53	58651	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:21.640930891 CEST	53	63931	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:34.272280931 CEST	53	56287	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:34.881928921 CEST	138	138	192.168.2.16	192.168.2.255
Apr 11, 2024 22:21:48.796150923 CEST	53	64753	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:58.486713886 CEST	53	58954	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:58.487133026 CEST	53	55013	1.1.1.1	192.168.2.16
Apr 11, 2024 22:21:58.578516006 CEST	53	53425	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:11.690259933 CEST	52091	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:11.690308094 CEST	52776	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:11.867916107 CEST	53	52091	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:11.868937016 CEST	53	52776	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:11.869833946 CEST	63720	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:12.869558096 CEST	63720	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:12.988435030 CEST	53	63720	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:12.988492966 CEST	53	63720	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:13.002120018 CEST	59750	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:13.002573967 CEST	49338	53	192.168.2.16	8.8.8.8
Apr 11, 2024 22:22:13.086194992 CEST	53	59750	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:13.093663931 CEST	53	49338	8.8.8.8	192.168.2.16
Apr 11, 2024 22:22:14.008913994 CEST	64212	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:14.009088993 CEST	60209	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:14.186863899 CEST	53	64212	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:14.187298059 CEST	53	60209	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:19.199645042 CEST	54289	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:19.199781895 CEST	55090	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:19.379683971 CEST	53	55090	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:19.708976030 CEST	53	54289	1.1.1.1	192.168.2.16
Apr 11, 2024 22:22:19.710024118 CEST	52024	53	192.168.2.16	1.1.1.1
Apr 11, 2024 22:22:19.887536049 CEST	53	52024	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 11, 2024 22:20:21.871898890 CEST	192.168.2.16	8.8.8.8	0xcc15	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:20:21.872262955 CEST	192.168.2.16	1.1.1.1	0xa455	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:20:26.408493042 CEST	192.168.2.16	1.1.1.1	0x39af	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:20:26.409013033 CEST	192.168.2.16	1.1.1.1	0x73bb	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 11, 2024 22:22:11.690259933 CEST	192.168.2.16	1.1.1.1	0xc7c4	Standard query (0)	xv15.z16.web.core.windows.ne	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:11.690308094 CEST	192.168.2.16	1.1.1.1	0xb4fa	Standard query (0)	xv15.z16.web.core.windows.ne	65	IN (0x0001)	false
Apr 11, 2024 22:22:11.869833946 CEST	192.168.2.16	1.1.1.1	0xb590	Standard query (0)	xv15.z16.web.core.windows.ne	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:12.869558096 CEST	192.168.2.16	1.1.1.1	0xb590	Standard query (0)	xv15.z16.web.core.windows.ne	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:13.002120018 CEST	192.168.2.16	1.1.1.1	0xa8af	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:13.002573967 CEST	192.168.2.16	8.8.8.8	0x4eb9	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:14.008913994 CEST	192.168.2.16	1.1.1.1	0x35b9	Standard query (0)	xv15.z16.web.core.windows.ne	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:14.009088993 CEST	192.168.2.16	1.1.1.1	0xf098	Standard query (0)	xv15.z16.web.core.windows.ne	65	IN (0x0001)	false
Apr 11, 2024 22:22:19.199645042 CEST	192.168.2.16	1.1.1.1	0x476a	Standard query (0)	xv15.z16.web.core.windows.ne	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:19.199781895 CEST	192.168.2.16	1.1.1.1	0x39fb	Standard query (0)	xv15.z16.web.core.windows.ne	65	IN (0x0001)	false
Apr 11, 2024 22:22:19.710024118 CEST	192.168.2.16	1.1.1.1	0xad2	Standard query (0)	xv15.z16.web.core.windows.ne	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 11, 2024 22:20:21.955955029 CEST	1.1.1.1	192.168.2.16	0xa455	No error (0)	google.com		142.250.64.110	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:20:21.963121891 CEST	8.8.8.8	192.168.2.16	0xcc15	No error (0)	google.com		142.250.80.78	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:20:26.493052006 CEST	1.1.1.1	192.168.2.16	0x73bb	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 11, 2024 22:20:26.493089914 CEST	1.1.1.1	192.168.2.16	0x39af	No error (0)	www.google.com		142.250.80.36	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:11.867916107 CEST	1.1.1.1	192.168.2.16	0xc7c4	Name error (3)	xv15.z16.web.core.windows.ne	none	none	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:11.868937016 CEST	1.1.1.1	192.168.2.16	0xb4fa	Name error (3)	xv15.z16.web.core.windows.ne	none	none	65	IN (0x0001)	false
Apr 11, 2024 22:22:12.988435030 CEST	1.1.1.1	192.168.2.16	0xb590	Name error (3)	xv15.z16.web.core.windows.ne	none	none	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:12.988492966 CEST	1.1.1.1	192.168.2.16	0xb590	Name error (3)	xv15.z16.web.core.windows.ne	none	none	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:13.086194992 CEST	1.1.1.1	192.168.2.16	0xa8af	No error (0)	google.com		142.251.41.14	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:13.093663931 CEST	8.8.8.8	192.168.2.16	0x4eb9	No error (0)	google.com		142.250.80.78	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:14.186863899 CEST	1.1.1.1	192.168.2.16	0x35b9	Name error (3)	xv15.z16.web.core.windows.ne	none	none	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:14.187298059 CEST	1.1.1.1	192.168.2.16	0xf098	Name error (3)	xv15.z16.web.core.windows.ne	none	none	65	IN (0x0001)	false
Apr 11, 2024 22:22:19.379683971 CEST	1.1.1.1	192.168.2.16	0x39fb	Name error (3)	xv15.z16.web.core.windows.ne	none	none	65	IN (0x0001)	false
Apr 11, 2024 22:22:19.708976030 CEST	1.1.1.1	192.168.2.16	0x476a	Name error (3)	xv15.z16.web.core.windows.ne	none	none	A (IP address)	IN (0x0001)	false
Apr 11, 2024 22:22:19.887536049 CEST	1.1.1.1	192.168.2.16	0xad2	Name error (3)	xv15.z16.web.core.windows.ne	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

fs.microsoft.com

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49705	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:36 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MsH4nwFO8+RpMSK&MD=arBo7F6t HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-11 20:20:37 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: dc78ef4b-87a3-414c-99a4-45586efe687a MS-RequestId: 05e9a82a-afc6-4230-9b2e-02dd4e0ee67c MS-CV: VNJVYJWsfU6ErJyA.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 11 Apr 2024 20:20:36 GMT Connection: close Content-Length: 24490
2024-04-11 20:20:37 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-11 20:20:37 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49706	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:37 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-11 20:20:37 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/073D) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Cache-Control: public, max-age=38557 Date: Thu, 11 Apr 2024 20:20:37 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49707	23.51.58.94	443

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:37 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-11 20:20:37 UTC	455	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0778) X-CID: 11 Cache-Control: public, max-age=38607 Date: Thu, 11 Apr 2024 20:20:37 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-11 20:20:37 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49708	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:38 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:38 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:38 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-GWVUn_E-lshwvppT4HstZg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:38 UTC	778	IN	Data Raw: 33 30 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 63 69 63 61 64 61 73 20 65 6d 65 72 67 65 22 2c 22 75 64 69 6f 20 61 69 20 6d 75 73 69 63 20 67 65 6e 65 72 61 74 6f 72 22 2c 22 63 6f 64 20 77 61 72 7a 6f 6e 65 20 68 69 67 68 20 74 72 69 70 22 2c 22 64 61 6c 6c 61 73 20 6d 61 76 65 72 69 63 6b 73 20 76 73 20 6d 69 61 6d 69 20 68 65 61 74 22 2c 22 6d 6f 72 74 67 61 67 65 20 69 6e 74 65 72 65 73 74 20 72 61 74 65 73 22 2c 22 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 20 63 69 76 69 6c 20 77 61 72 22 2c 22 64 65 74 72 6f 69 74 20 74 69 67 65 72 73 20 70 6f 73 74 70 6f 6e 65 64 22 2c 22 62 75 72 6e 65 74 20 74 65 78 61 73 20 65 63 6c 69 70 73 65 20 66 65 73 74 69 76 61 6c 20 64 65 61 74 68 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c Data Ascii: 303)]}'["",["cicadas emerge","udio ai music generator","cod warzone high trip","dallas mavericks vs miami heat","mortgage interest rates","movie trailer civil war","detroit tigers postponed","burnet texas eclipse festival death"],["","","","","","","",
2024-04-11 20:20:38 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49709	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:44 UTC	648	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=ht&oit=1&cp=2&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49710	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:44 UTC	649	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=htt&oit=1&cp=3&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49711	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:44 UTC	650	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http&oit=1&cp=4&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49712	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:44 UTC	651	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https&oit=1&cp=5&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:45 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:45 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-saUFAS-pFJevFZSe0sdirA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:45 UTC	693	IN	Data Raw: 32 61 65 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 22 2c 5b 22 68 74 74 70 73 22 2c 22 63 68 61 74 20 6f 70 65 6e 61 69 22 2c 22 68 74 74 70 73 20 2f 2f 71 75 69 7a 6c 65 74 2e 63 6f 6d 20 6c 69 76 65 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 6e 79 2e 67 6f 76 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 64 6d 61 68 73 2d 6e 6a 2e 6d 79 2e 73 69 74 65 2e 63 6f 6d 65 2f 66 61 6d 69 6c 79 63 61 72 65 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 6d 61 69 6c 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 6d 61 69 6c 2f 75 2f 30 2f 23 69 6e 62 6f 78 22 2c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 22 Data Ascii: 2ae)]}'["https",["https","chat openai","https //quizlet.com live","https //www.ny.gov login","https //dmahs-nj.my.site.come/familycare","https //kahoot..com","https://mail.google.com/mail/u/0/#inbox","https://www.facebook.com","https://www.youtube.com"
2024-04-11 20:20:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49713	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:45 UTC	654	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A&oit=4&cp=6&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:45 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:45 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-JqBz9LhtV2sCues3A-2bzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:45 UTC	723	IN	Data Raw: 32 63 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 22 2c 5b 22 68 74 74 70 73 20 2f 2f 64 6d 61 68 73 2d 6e 6a 2e 6d 79 2e 73 69 74 65 2e 63 6f 6d 65 2f 66 61 6d 69 6c 79 63 61 72 65 22 2c 22 68 74 74 70 73 20 2f 2f 71 75 69 7a 6c 65 74 2e 63 6f 6d 20 6c 69 76 65 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 6e 79 2e 67 6f 76 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 31 76 31 2e 6c 6f 6c 20 75 6e 62 6c 6f 63 6b 65 64 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 69 74 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 67 69 6d 6b 69 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 74 70 Data Ascii: 2cc)]}'["https:",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","http
2024-04-11 20:20:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49714	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:46 UTC	660	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:46 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:46 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-5dWB3_WnPUrPNr42p3aHzA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:46 UTC	725	IN	Data Raw: 32 63 65 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 22 2c 5b 22 68 74 74 70 73 20 2f 2f 64 6d 61 68 73 2d 6e 6a 2e 6d 79 2e 73 69 74 65 2e 63 6f 6d 65 2f 66 61 6d 69 6c 79 63 61 72 65 22 2c 22 68 74 74 70 73 20 2f 2f 71 75 69 7a 6c 65 74 2e 63 6f 6d 20 6c 69 76 65 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 6e 79 2e 67 6f 76 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 31 76 31 2e 6c 6f 6c 20 75 6e 62 6c 6f 63 6b 65 64 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 69 74 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 67 69 6d 6b 69 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 Data Ascii: 2ce)]}'["https://",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","ht
2024-04-11 20:20:46 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49715	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:50 UTC	661	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:50 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:50 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-JvpkuYDY6bxfwqroU524oA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:50 UTC	675	IN	Data Raw: 32 39 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 78 74 72 61 6d 61 74 68 2e 6f 72 67 22 2c 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 61 75 74 68 6f 72 69 7a 65 22 2c 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 70 61 73 73 77 6f 72 64 22 2c 22 68 74 74 70 73 3a 2f 2f 78 62 6f 78 2e 63 6f 6d 2f 67 65 74 61 70 70 22 2c 22 68 74 74 70 73 20 2f 2f 78 62 6f 78 2e 31 31 34 34 33 22 2c 22 68 74 74 70 73 20 2f 2f 78 63 65 6c 73 6f 6c 75 74 69 6f 6e 73 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 78 62 6f 78 2e 63 6f 6d 20 67 65 74 61 70 70 22 Data Ascii: 29c)]}'["https://x",["https://xfinity.com","https://xtramath.org","https://xfinity.com/authorize","https://xfinity.com/password","https://xbox.com/getapp","https //xbox.11443","https //xcelsolutions..com","https //x.com login","https //xbox.com getapp"
2024-04-11 20:20:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49716	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:50 UTC	664	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxra&oit=3&cp=11&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:50 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:50 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-STfCa8LqozhZLpsmu5EtCg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:50 UTC	823	IN	Data Raw: 33 33 30 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 72 61 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 78 72 61 79 68 6f 75 72 73 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 61 2e 76 65 6c 6f 78 69 6d 61 67 69 6e 67 2e 6e 65 74 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 61 79 68 6f 75 72 73 2e 63 6f 6d 2f 69 65 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 61 79 2e 63 6c 6f 75 64 2e 67 65 74 78 72 61 79 2e 61 70 70 2f 61 70 69 2f 76 32 2f 61 75 74 68 65 6e 74 69 63 61 74 65 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 61 79 2e 77 65 62 2e 68 65 61 6c 74 68 2e 73 74 61 74 65 2e 6d 6e 2e 75 73 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 61 79 2e 63 6c 6f 75 64 2e 67 65 74 78 72 61 79 2e 61 70 70 2f 61 70 69 2f 76 31 2f 61 75 74 68 65 6e 74 69 63 61 74 65 22 2c 22 68 74 Data Ascii: 330)]}'["https://xra",["https://xrayhours.com","https://xra.veloximaging.net","https://xrayhours.com/ie","https://xray.cloud.getxray.app/api/v2/authenticate","https://xray.web.health.state.mn.us","https://xray.cloud.getxray.app/api/v1/authenticate","ht
2024-04-11 20:20:50 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49717	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:51 UTC	663	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxr&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:51 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:51 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-udUL8-OH7I1erme6TGHbew' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:51 UTC	485	IN	Data Raw: 31 64 65 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 72 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 78 72 61 79 68 6f 75 72 73 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 6d 2e 68 6f 61 2d 69 72 2e 63 6f 6d 22 2c 22 68 74 74 70 3a 2f 2f 77 77 77 2e 70 72 65 61 63 74 6f 72 2e 6f 72 67 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 70 68 61 73 68 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 78 72 61 2e 76 65 6c 6f 78 69 6d 61 67 69 6e 67 2e 6e 65 74 22 2c 22 78 72 70 73 63 61 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 Data Ascii: 1de)]}'["https://xr",["https://xrayhours.com","https://xrm.hoa-ir.com","http://www.preactor.org/","https://xrphash.com","https://xra.veloximaging.net","xrpscan"],["","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelev
2024-04-11 20:20:51 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49718	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:51 UTC	661	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:52 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:52 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-dJJaGMCh0Pt0y4eld4bkPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:52 UTC	675	IN	Data Raw: 32 39 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 78 74 72 61 6d 61 74 68 2e 6f 72 67 22 2c 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 61 75 74 68 6f 72 69 7a 65 22 2c 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 70 61 73 73 77 6f 72 64 22 2c 22 68 74 74 70 73 3a 2f 2f 78 62 6f 78 2e 63 6f 6d 2f 67 65 74 61 70 70 22 2c 22 68 74 74 70 73 20 2f 2f 78 62 6f 78 2e 31 31 34 34 33 22 2c 22 68 74 74 70 73 20 2f 2f 78 63 65 6c 73 6f 6c 75 74 69 6f 6e 73 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 78 62 6f 78 2e 63 6f 6d 20 67 65 74 61 70 70 22 Data Ascii: 29c)]}'["https://x",["https://xfinity.com","https://xtramath.org","https://xfinity.com/authorize","https://xfinity.com/password","https://xbox.com/getapp","https //xbox.11443","https //xcelsolutions..com","https //x.com login","https //xbox.com getapp"
2024-04-11 20:20:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.16	49719	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:52 UTC	660	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:52 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:52 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-5NYj3znfANidgNTH_w5GtQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:52 UTC	725	IN	Data Raw: 32 63 65 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 22 2c 5b 22 68 74 74 70 73 20 2f 2f 64 6d 61 68 73 2d 6e 6a 2e 6d 79 2e 73 69 74 65 2e 63 6f 6d 65 2f 66 61 6d 69 6c 79 63 61 72 65 22 2c 22 68 74 74 70 73 20 2f 2f 71 75 69 7a 6c 65 74 2e 63 6f 6d 20 6c 69 76 65 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 6e 79 2e 67 6f 76 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 31 76 31 2e 6c 6f 6c 20 75 6e 62 6c 6f 63 6b 65 64 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 69 74 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 67 69 6d 6b 69 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 Data Ascii: 2ce)]}'["https://",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","ht
2024-04-11 20:20:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.16	49720	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:53 UTC	661	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fv&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:53 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:53 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-1GfKNK9xC6IIcH6_W0eSpA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:53 UTC	716	IN	Data Raw: 32 63 35 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 76 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 76 61 6e 74 61 67 65 2e 70 77 63 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 76 70 6f 72 74 61 6c 2e 6e 6f 72 74 68 77 65 6c 6c 2e 65 64 75 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 76 6f 69 63 65 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 76 69 65 77 2e 6d 75 6c 74 69 70 6c 61 6e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 76 69 6d 65 6f 2e 63 6f 6d 2f 22 2c 22 68 74 74 70 73 20 2f 2f 76 65 6e 6d 6f 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 76 69 6d 65 6f 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 76 61 6e 67 75 61 72 64 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 76 65 72 69 Data Ascii: 2c5)]}'["https://v",["https://vantage.pwc.com","https://vportal.northwell.edu/","https://voice.google.com/","https://view.multiplan.com","https://vimeo.com/","https //venmo.com login","https //vimeo.com login","https //vanguard.com login","https //veri
2024-04-11 20:20:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.16	49721	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:54 UTC	660	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:54 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:54 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-tVscJsQaaUEFKk1YweWVdw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:54 UTC	725	IN	Data Raw: 32 63 65 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 22 2c 5b 22 68 74 74 70 73 20 2f 2f 64 6d 61 68 73 2d 6e 6a 2e 6d 79 2e 73 69 74 65 2e 63 6f 6d 65 2f 66 61 6d 69 6c 79 63 61 72 65 22 2c 22 68 74 74 70 73 20 2f 2f 71 75 69 7a 6c 65 74 2e 63 6f 6d 20 6c 69 76 65 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 6e 79 2e 67 6f 76 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 31 76 31 2e 6c 6f 6c 20 75 6e 62 6c 6f 63 6b 65 64 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 69 74 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6b 61 68 6f 6f 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 67 69 6d 6b 69 74 2e 63 6f 6d 20 6a 6f 69 6e 22 2c 22 68 74 Data Ascii: 2ce)]}'["https://",["https //dmahs-nj.my.site.come/familycare","https //quizlet.com live","https //www.ny.gov login","https //kahoot..com","https //1v1.lol unblocked","https //kahoot.it login","https //kahoot.com join","https //www.gimkit.com join","ht
2024-04-11 20:20:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.16	49722	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:55 UTC	661	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fx&oit=3&cp=9&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:55 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:55 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-OcXrvpZVOK-ebLAh6VSuUw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:55 UTC	675	IN	Data Raw: 32 39 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 78 74 72 61 6d 61 74 68 2e 6f 72 67 22 2c 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 61 75 74 68 6f 72 69 7a 65 22 2c 22 68 74 74 70 73 3a 2f 2f 78 66 69 6e 69 74 79 2e 63 6f 6d 2f 70 61 73 73 77 6f 72 64 22 2c 22 68 74 74 70 73 3a 2f 2f 78 62 6f 78 2e 63 6f 6d 2f 67 65 74 61 70 70 22 2c 22 68 74 74 70 73 20 2f 2f 78 62 6f 78 2e 31 31 34 34 33 22 2c 22 68 74 74 70 73 20 2f 2f 78 63 65 6c 73 6f 6c 75 74 69 6f 6e 73 2e 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 78 62 6f 78 2e 63 6f 6d 20 67 65 74 61 70 70 22 Data Ascii: 29c)]}'["https://x",["https://xfinity.com","https://xtramath.org","https://xfinity.com/authorize","https://xfinity.com/password","https://xbox.com/getapp","https //xbox.11443","https //xcelsolutions..com","https //x.com login","https //xbox.com getapp"
2024-04-11 20:20:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.16	49723	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:56 UTC	663	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv&oit=3&cp=10&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:56 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:56 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-T1sXkN1xlBjYAVvgoheIEA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:56 UTC	690	IN	Data Raw: 32 61 62 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 78 76 65 72 67 65 2e 63 6c 6f 75 64 22 2c 22 68 74 74 70 73 3a 2f 2f 78 76 65 72 67 65 2e 63 6c 6f 75 64 2f 61 63 63 6f 75 6e 74 2f 64 61 73 68 62 6f 61 72 64 22 2c 22 68 74 74 70 73 3a 2f 2f 78 76 70 6e 2e 69 6f 2f 70 72 6f 64 75 63 74 73 22 2c 22 68 74 74 70 73 3a 2f 2f 78 76 70 6e 2e 69 6f 22 2c 22 68 74 74 70 3a 2f 2f 73 70 61 61 2e 78 79 7a 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 78 76 63 65 6e 73 6f 2e 67 6f 62 2e 76 65 2f 22 2c 22 28 68 74 74 70 73 20 2f 2f 78 76 69 7a 2e 63 6f 6d 2f 70 72 69 63 69 6e 67 2f 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 63 65 6e 73 6f 2e 67 6f 62 2e 76 65 20 72 65 67 69 73 74 72 6f 22 2c Data Ascii: 2ab)]}'["https://xv",["https://xverge.cloud","https://xverge.cloud/account/dashboard","https://xvpn.io/products","https://xvpn.io","http://spaa.xyz/","https://xvcenso.gob.ve/","(https //xviz.com/pricing/","https //xv","https //xvcenso.gob.ve registro",
2024-04-11 20:20:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.16	49724	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:56 UTC	664	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv1&oit=3&cp=11&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.16	49725	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:20:57 UTC	665	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15&oit=3&cp=12&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:20:57 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:20:57 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ffrwdJQUywCWrAj32ueUWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:20:57 UTC	614	IN	Data Raw: 32 35 66 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 22 2c 5b 22 78 76 31 35 22 2c 22 78 76 31 35 20 73 74 65 61 6c 74 68 20 73 75 69 74 22 2c 22 78 76 31 35 32 2d 65 36 2d 31 30 74 76 72 63 2d 31 30 22 2c 22 78 76 31 35 73 65 22 2c 22 78 76 31 35 20 73 74 65 61 6c 74 68 20 73 75 69 74 20 73 74 6c 22 2c 22 78 76 31 35 20 73 75 69 74 22 2c 22 78 76 31 35 20 76 73 20 78 76 32 35 22 2c 22 78 76 31 35 20 73 74 65 61 6c 74 68 20 62 61 74 74 6c 65 73 75 69 74 22 2c 22 78 76 31 35 20 70 69 63 6b 65 72 69 6e 67 22 2c 22 78 76 31 35 20 73 74 65 61 6c 74 68 20 73 75 69 74 20 63 6f 6e 76 65 72 73 69 6f 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 Data Ascii: 25f)]}'["https://xv15",["xv15","xv15 stealth suit","xv152-e6-10tvrc-10","xv15se","xv15 stealth suit stl","xv15 suit","xv15 vs xv25","xv15 stealth battlesuit","xv15 pickering","xv15 stealth suit conversion"],["","","","","","","","","",""],[],{"google:c
2024-04-11 20:20:57 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.16	49726	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:01 UTC	666	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.&oit=3&cp=13&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:01 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:01 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-pCy-IeZQsA1dYuzA8kHThg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:01 UTC	138	IN	Data Raw: 38 34 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 74 72 75 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: 84)]}'["https://xv15.",[],[],[],{"google:clientdata":{"bpc":true,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]
2024-04-11 20:21:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.16	49727	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:01 UTC	667	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z&oit=3&cp=14&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:01 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:01 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-wGWi419roFkziF-f3fTrXw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:01 UTC	393	IN	Data Raw: 31 38 32 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 22 2c 5b 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 6f 6f 6d 2e 75 73 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 6f 6f 6d 2e 75 73 20 6c 6f 67 69 6e 22 5d 2c 5b 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 78 76 31 35 2e 7a 6f 6f 6d 2e 75 73 22 7d 2c 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 78 76 31 35 2e 7a 6f 6f 6d 2e 75 73 20 6c 6f 67 69 6e 22 7d 5d 2c 22 67 6f 6f 67 6c 65 3a Data Ascii: 182)]}'["https://xv15.z",["https //xv15.zoom.us","https //xv15.zoom.us login"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.zoom.us"},{"mp":"\u2026 ","t":"//xv15.zoom.us login"}],"google:
2024-04-11 20:21:01 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.16	49728	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:02 UTC	668	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z1&oit=3&cp=15&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:02 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:02 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-qtLplmZEQEFaNxve69WIPg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:02 UTC	141	IN	Data Raw: 38 37 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 31 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: 87)]}'["https://xv15.z1",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]
2024-04-11 20:21:02 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.16	49729	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:02 UTC	669	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16&oit=3&cp=16&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:03 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:03 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-0G-7jW6gXPXJ56NrlnNKcw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:03 UTC	304	IN	Data Raw: 31 32 39 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 31 36 22 2c 5b 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 33 2e 63 6f 6d 22 5d 2c 5b 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 78 76 31 35 2e 7a 31 36 33 2e 63 6f 6d 22 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 36 30 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 31 36 30 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 Data Ascii: 129)]}'["https://xv15.z16",["https //xv15.z163.com"],[""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.z163.com"}],"google:suggestrelevance":[600],"google:suggestsubtypes":[[160]],"google:suggest
2024-04-11 20:21:03 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.16	49730	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:04 UTC	670	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.&oit=3&cp=17&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.16	49731	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:05 UTC	672	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.we&oit=3&cp=19&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.16	49732	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:05 UTC	673	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web&oit=3&cp=20&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:05 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:05 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-djF-CLOCR8jrMm_lLdU5kw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:05 UTC	498	IN	Data Raw: 31 65 62 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 22 2c 5b 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2f 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 65 78 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 7a 6f 6f 6d 2e 75 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2f 22 7d 2c 7b 22 6d 70 22 3a 22 5c 75 32 30 Data Ascii: 1eb)]}'["https://xv15.z16.web",["https //xv15.z16.web/","https //xv15.z16.webex.com","https //xv15.z16.web.zoom.us"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//xv15.z16.web/"},{"mp":"\u20
2024-04-11 20:21:05 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.16	49733	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:07 UTC	674	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.&oit=3&cp=21&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:07 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:07 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-bntl35VRns0PHLPCqsAFPw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:07 UTC	618	IN	Data Raw: 32 36 33 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 22 2c 5b 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 7a 6f 6f 6d 2e 75 73 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 74 65 6c 65 67 72 61 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 Data Ascii: 263)]}'["https://xv15.z16.web.",["https //xv15.z16.web.com","https //xv15.z16.web.zoom.us","https //xv15.z16.web.telegram","https //xv15.z16.web.telegram.org"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp
2024-04-11 20:21:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.16	49734	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:07 UTC	676	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.co&oit=3&cp=23&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.16	49735	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:08 UTC	677	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.cor&oit=3&cp=24&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.16	49736	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:08 UTC	678	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core&oit=3&cp=25&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.16	49737	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:08 UTC	679	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.&oit=3&cp=26&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:08 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:08 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-AP_OYLHV4wI7rwG6j4CKsQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:08 UTC	754	IN	Data Raw: 32 65 62 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 22 2c 5b 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 77 69 6e 64 6f 77 73 2e 6e 65 74 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 6f 72 67 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 6d 69 6c 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 Data Ascii: 2eb)]}'["https://xv15.z16.web.core.",["https //xv15.z16.web.core.com","https //xv15.z16.web.core.windows.net","https //xv15.z16.web.core.com login","https //xv15.z16.web.core.org","https //xv15.z16.web.core.mil"],["","","","",""],[],{"google:clientdata
2024-04-11 20:21:08 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.16	49738	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:08 UTC	682	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.win&oit=3&cp=29&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.16	49739	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:08 UTC	683	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.wind&oit=3&cp=30&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.16	49740	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:09 UTC	686	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows&oit=3&cp=33&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.16	49741	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:09 UTC	687	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.&oit=3&cp=34&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:09 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:09 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-LMofSftM8SfGzGrVINfKTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:09 UTC	723	IN	Data Raw: 32 63 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 77 69 6e 64 6f 77 73 2e 22 2c 5b 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 77 69 6e 64 6f 77 73 2e 6e 65 74 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 77 69 6e 64 6f 77 73 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 77 69 6e 64 6f 77 73 2e 6e 65 74 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 77 69 6e 64 6f 77 73 2e 63 6f 6d 20 6c 6f 67 69 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 Data Ascii: 2cc)]}'["https://xv15.z16.web.core.windows.",["https //xv15.z16.web.core.windows.net","https //xv15.z16.web.core.windows.com","https //xv15.z16.web.core.windows.net login","https //xv15.z16.web.core.windows.com login"],["","","",""],[],{"google:clientd
2024-04-11 20:21:09 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.16	49742	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:09 UTC	689	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.ne&oit=3&cp=36&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.16	49743	142.250.80.36	443	6152	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:09 UTC	690	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fxv15.z16.web.core.windows.net&oit=3&cp=37&pgcl=4&gs_rn=42&psi=nguWTBgnIgWLLzJa&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-11 20:21:10 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 11 Apr 2024 20:21:10 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-OJXuCFZpfQzSXyQV_8_eIQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-04-11 20:21:10 UTC	163	IN	Data Raw: 39 64 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 78 76 31 35 2e 7a 31 36 2e 77 65 62 2e 63 6f 72 65 2e 77 69 6e 64 6f 77 73 2e 6e 65 74 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: 9d)]}'["https://xv15.z16.web.core.windows.net",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]
2024-04-11 20:21:10 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.16	49745	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-11 20:21:14 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=MsH4nwFO8+RpMSK&MD=arBo7F6t HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-11 20:21:14 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 752cc2bf-c32b-4279-af60-3d505a0e16fe MS-RequestId: b0da80bf-9c00-45ff-ab3e-9a7b07636b56 MS-CV: 1N7hQ9CZCkmKWIWv.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 11 Apr 2024 20:21:13 GMT Connection: close Content-Length: 25457
2024-04-11 20:21:14 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-11 20:21:14 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

• chrome.exe
• chrome.exe

Click to jump to process

Memory Usage

• chrome.exe
• chrome.exe

Click to jump to process

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 7008, Parent PID: 5872

Function Logs

General

Target ID:	0
Start time:	22:20:19
Start date:	11/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://web.core.windows.net/
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Registry Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Activities

Process Created

Process Terminated

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Timing Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Windows UI Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Process Token Activities

Token Adjusted

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6152, Parent PID: 7008

Function Logs

General

Target ID:	1
Start time:	22:20:20
Start date:	11/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1948,i,8709819896451024238,16471427870947536288,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

File Activities

File Opened

Show Windows behavior

Thread Activities

There is hidden Windows Behavior. Click on Show Windows Behavior to show it.

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://web.core.windows.net

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Static File Info

Network Behavior

Network Port Distribution

Windows Analysis Report
http://web.core.windows.net