Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Webex.exe

Overview

General Information

Sample name:Webex.exe
Analysis ID:1447078
MD5:f3fc04e607fddcda329f1d854def73d2
SHA1:a1c82af92d950ac6e1f9d92b8e73aeb23ce7fcce
SHA256:b55dbbf2b253c84d0502ae16db3e3f394a26356dd7f5a3971cfe2995def5b289
Infos:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Sample file is different than original file name gathered from version info
Stores files to the Windows start menu directory
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64_ra
  • Webex.exe (PID: 984 cmdline: "C:\Users\user\Desktop\Webex.exe" MD5: F3FC04E607FDDCDA329F1D854DEF73D2)
  • rundll32.exe (PID: 6928 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • Webex.exe (PID: 7000 cmdline: "C:\Users\user\Desktop\Webex.exe" MD5: F3FC04E607FDDCDA329F1D854DEF73D2)
  • Webex.exe (PID: 1836 cmdline: "C:\Users\user\Desktop\Webex.exe" MD5: F3FC04E607FDDCDA329F1D854DEF73D2)
  • chrome.exe (PID: 3364 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6056 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2004,i,8847488438381224337,2067994835853220120,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: Webex.exeVirustotal: Detection: 12%Perma Link
Source: Webex.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.187:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: Webex.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: chrome.exeMemory has grown: Private usage: 2MB later: 29MB
Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 2.18.97.153
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C2OWlAm7sasRCG2&MD=T4FUUZaM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A4109009A83X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAVHgmrRzQwhXDO4dkzsA/NqwvL9Q3xpbVhNJeJY6lsawhoawU4vnDp2XkKWb49XK1g5VPyYuGneWeuWNAYVJtgwmzKjKMcYr9MrK8rN7j2wxJtEyFqMcaTEQ5t/bnGsPF%2BGjvt%2B4bebpfB//V01UrRsuXYjFKV8MuOuI%2BCb2ZlIn37esIuhFp4WfoPehTAvRO06QGjWufiuU4AoVU4z03Szwy0rxXIxswOZw/zWa9DkHtTodO%2BtQEeVkf40aaUBC3%2BOn3HVB54VnC2Ni2WWI5F0lVXxcdxPXldfPl2DnqlwUlPo34epLu86kRORvEkNYWgUE1DeKMvNo0x4/iqKI0wsDZgAACDkw1y0hNYV2qAEJ7E0Ehzf8qdfXFM%2BlF/xIBcmVaa1/NvcTIXlGXSlXUGuF0Nl2XFqdVK7fGtM5ExoErrxoV0rjsIx2ThWBQ8WhQC8xDbibi7wccW9CxVtuAHfCtdeRLwI7N0nylN0C4VO1zcIrYm5idN4PDMFrMJG5OKCMsdYnpmPfpJdjZKP%2B7cR8WkVeG7OLOpdpab1yLJSgW6C7NcrbtbbnWvwDAxikTu33otl/TFmjaDdxgSRUodoLnyRLmrvTohVwCcZHdpP1kvW0UfcUHagjPN2w3JGNizxMYj43uguZNMk1aq0iru1OuA42cF9Cj6qFdzZgJIU3IDKTR5R7aRz8XTYZM3FRvmlNaIAIBedDFw4UvOUwPKZ4KcyTv8D5kJ2u8gX7ixVGh8EfaMopxiMkpXU0CTQuoBBG2qQlIrEp7rirbsE9XJPricimQwiTaqbaEgQnJxssDkqE7Xow2z3i3SVP2hh0GaT8aucOWRis3w4Fc30l7jaI7Awy43rLzAPstTI%2Bzpc4Yd2He3v6p6J7B5XbMB17ScpNqnxc1mOA2uGozAqYqbn6%2BrEV5QT02AE%3D%26p%3DX-Agent-DeviceId: 01000A4109009A83X-BM-CBT: 1716540550User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: F16875BDE8CA44FB8B9B5D9AEC438402X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C2OWlAm7sasRCG2&MD=T4FUUZaM HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: unknownHTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.18.97.153:443 -> 192.168.2.16:49701 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.32.72:443 -> 192.168.2.16:49703 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.187:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: Webex.exe, 00000000.00000000.1116504143.0000000000874000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameInstallerMaster.exeF vs Webex.exe
Source: Webex.exeBinary or memory string: OriginalFilenameInstallerMaster.exeF vs Webex.exe
Source: Webex.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engineClassification label: mal48.winEXE@19/12@6/3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: Webex.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\Webex.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: Webex.exeVirustotal: Detection: 12%
Source: unknownProcess created: C:\Users\user\Desktop\Webex.exe "C:\Users\user\Desktop\Webex.exe"
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Users\user\Desktop\Webex.exe "C:\Users\user\Desktop\Webex.exe"
Source: unknownProcess created: C:\Users\user\Desktop\Webex.exe "C:\Users\user\Desktop\Webex.exe"
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2004,i,8847488438381224337,2067994835853220120,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2004,i,8847488438381224337,2067994835853220120,262144 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\Webex.exeSection loaded: wintypes.dllJump to behavior
Source: Google Drive.lnk.19.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.19.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.19.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.19.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.19.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.19.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Webex.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: Webex.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: Webex.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: Webex.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Webex.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: Webex.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: Webex.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Webex.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Webex.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: Webex.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: Webex.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: Webex.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: Webex.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
DLL Side-Loading		1
Rundll32		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Registry Run Keys / Startup Folder		1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
Extra Window Memory Injection		1
DLL Side-Loading		NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Extra Window Memory Injection		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1447078 Sample: Webex.exe Startdate: 24/05/2024 Architecture: WINDOWS Score: 48 21 plus.l.google.com 2->21 23 play.google.com 2->23 25 apis.google.com 2->25 31 Multi AV Scanner detection for submitted file 2->31 7 chrome.exe 8 2->7         started        10 rundll32.exe 2->10         started        12 Webex.exe 2->12         started        14 2 other processes 2->14 signatures3 process4 dnsIp5 27 192.168.2.16, 138, 443, 49699 unknown unknown 7->27 29 239.255.255.250 unknown Reserved 7->29 16 chrome.exe 7->16         started        process6 dnsIp7 19 www.google.com 142.250.184.196, 443, 49712, 49713 GOOGLEUS United States 16->19

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
Webex.exe8%ReversingLabs
Webex.exe12%VirustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
plus.l.google.com0%VirustotalBrowse
play.google.com0%VirustotalBrowse
www.google.com0%VirustotalBrowse
apis.google.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_00%URL Reputationsafe
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:00%Avira URL Cloudsafe
https://www.google.com/async/newtab_promos0%Avira URL Cloudsafe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw0%Avira URL Cloudsafe
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw1%VirustotalBrowse
https://www.google.com/async/newtab_promos0%VirustotalBrowse
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:01%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
plus.l.google.com
142.250.185.238
truefalseunknown
play.google.com
142.250.186.110
truefalseunknown
www.google.com
142.250.184.196
truefalseunknown
apis.google.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0false
  • URL Reputation: safe
unknown
https://www.google.com/async/newtab_promosfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
142.250.184.196
www.google.comUnited States
15169GOOGLEUSfalse
239.255.255.250
unknownReserved
unknownunknownfalse

Private

IP
192.168.2.16

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1447078
Start date and time:2024-05-24 10:47:57 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 4m 5s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultwindowsinteractivecookbook.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:21
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:Webex.exe
Detection:MAL
Classification:mal48.winEXE@19/12@6/3
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 93.184.221.240, 142.250.185.195, 74.125.133.84, 142.250.184.206, 34.104.35.123, 142.250.185.99
  • Excluded domains from analysis (whitelisted): www.bing.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, login.live.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com
  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
  • Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
239.255.255.250http://photographcrushingsouvenirs.comGet hashmaliciousUnknownBrowse
    http://18.158.249.75Get hashmaliciousUnknownBrowse
      BI6oo9z4In.exeGet hashmaliciousCryptOne, Djvu, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, RisePro StealerBrowse
        https://auth-logservicekmfjnslepiuruamnbvoaprjlpwrjworsds.tropicalsce.com/Get hashmaliciousUnknownBrowse
          https://topnewsz66.com/super-bowl-includes-ads-about-jesus-as-part-of-multi-million-dollar-he-gets-us-campaign/Get hashmaliciousUnknownBrowse
            https://deref-mail.com/mail/client/j_iGygdK9BI/dereferrer/?redirectUrl=Get hashmaliciousUnknownBrowse
              sample.htmlGet hashmaliciousHTMLPhisherBrowse
                https://perspectivefunnel.co/664fc385b6e1a200142f71ee/664fc45e205ea60014803d49/Get hashmaliciousUnknownBrowse
                  https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.htmlGet hashmaliciousHTMLPhisherBrowse
                    http://qyt8pi.krestologs.comGet hashmaliciousUnknownBrowse

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      plus.l.google.comhttp://photographcrushingsouvenirs.comGet hashmaliciousUnknownBrowse
                      • 216.58.212.142
                      http://birchflarechurch.comGet hashmaliciousUnknownBrowse
                      • 142.250.184.206
                      http://birchflarechurch.comGet hashmaliciousUnknownBrowse
                      • 142.250.185.142
                      https://usw2.nyl.as/t1/211/9bl5nlgyxxdd19wwlu9zlj899/0/4f9515399b4920358d1e61769ae80a5f9d1a2ec7871dcf9ba4a7de6d8c500fdcGet hashmaliciousUnknownBrowse
                      • 142.250.181.238
                      http://css.cdntoswitchspirit.comGet hashmaliciousUnknownBrowse
                      • 142.250.184.206
                      https://sites.google.com/view/owl-statue-decor/home?gclid=EAIaIQobChMIpdj6orKkhgMVhtn1Ah3olwROEAEYASAAEgJxmvD_BwEGet hashmaliciousUnknownBrowse
                      • 142.250.184.206
                      https://freexxxth.linkGet hashmaliciousUnknownBrowse
                      • 142.250.185.206
                      https://freexxxth.linkGet hashmaliciousUnknownBrowse
                      • 216.58.206.46
                      https://sites.google.com/view/bakcsa3/?yj0&d=DwMFaQGet hashmaliciousUnknownBrowse
                      • 142.250.184.206
                      phish_alert_sp2_2.0.0.0-214.emlGet hashmaliciousUnknownBrowse
                      • 172.217.16.142
                      play.google.comhttp://photographcrushingsouvenirs.comGet hashmaliciousUnknownBrowse
                      • 142.250.186.142
                      http://birchflarechurch.comGet hashmaliciousUnknownBrowse
                      • 172.217.18.14
                      http://birchflarechurch.comGet hashmaliciousUnknownBrowse
                      • 142.250.185.78
                      https://usw2.nyl.as/t1/211/9bl5nlgyxxdd19wwlu9zlj899/0/4f9515399b4920358d1e61769ae80a5f9d1a2ec7871dcf9ba4a7de6d8c500fdcGet hashmaliciousUnknownBrowse
                      • 142.250.181.238
                      http://css.cdntoswitchspirit.comGet hashmaliciousUnknownBrowse
                      • 142.250.184.238
                      https://sites.google.com/view/owl-statue-decor/home?gclid=EAIaIQobChMIpdj6orKkhgMVhtn1Ah3olwROEAEYASAAEgJxmvD_BwEGet hashmaliciousUnknownBrowse
                      • 172.217.18.14
                      http://hxjmm.check-tl-ver-154-2.comGet hashmaliciousUnknownBrowse
                      • 142.250.185.174
                      https://freexxxth.linkGet hashmaliciousUnknownBrowse
                      • 142.250.185.174
                      https://freexxxth.linkGet hashmaliciousUnknownBrowse
                      • 142.250.186.110
                      https://sites.google.com/view/bakcsa3/?yj0&d=DwMFaQGet hashmaliciousUnknownBrowse
                      • 142.250.185.142

                      ASNs

                      No context

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      28a2c9bd18a11de089ef85a160da29e4https://deref-mail.com/mail/client/j_iGygdK9BI/dereferrer/?redirectUrl=Get hashmaliciousUnknownBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      sample.htmlGet hashmaliciousHTMLPhisherBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      https://perspectivefunnel.co/664fc385b6e1a200142f71ee/664fc45e205ea60014803d49/Get hashmaliciousUnknownBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      https://pub-a2527e0fc1774b399011ecd14755d452.r2.dev/0nlinedoc.htmlGet hashmaliciousHTMLPhisherBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      http://qyt8pi.krestologs.comGet hashmaliciousUnknownBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      http://birchflarechurch.comGet hashmaliciousUnknownBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      attach_request_478000006439785.zipGet hashmaliciousUnknownBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      https://www.unsubv1.site/Get hashmaliciousUnknownBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      https://filetransfer.io/data-package/sikJT8Pb/downloadGet hashmaliciousHTMLPhisherBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      https://url.au.m.mimecastprotect.com/s/uuv2CgZowrsOpyOOc26VTV?domain=in.xero.comGet hashmaliciousUnknownBrowse
                      • 2.18.97.153
                      • 40.126.32.72
                      • 20.114.59.183
                      6271f898ce5be7dd52b0fc260d0662b3Items.xlsGet hashmaliciousUnknownBrowse
                      • 2.23.209.187
                      https://u44668105.ct.sendgrid.net/ls/click?upn=u001.BTMESiTo6NsF48uIW4-2BrJkEc2YVFzyAaMWnWwgGT9cZqZS45ZZqu4Y-2FXJmZd8BXA8cja_AHV3UK6XjfrXMiZ9J4igW-2FDEUbICycoJ744IkX0PR6FoPBD5ixGfLkyQ9ofRFx1gjy-2BP-2BDUWqu7bhyffh6xflqZsbtNZtMLnpgQoCGrYBrKDAQCrs-2BXh7tVhTtmxcULJOM-2BKcO31hWTdcLyh6xHaFmrsv6JFsx6tjkxHhVyYzmDL2WjDZWPIbWyOCKFNxt29pnc1D6Wos9by2AU7AhdVB3KlHpWThOWm6-2FAP-2Buqng4Vq-2BmwndZ6wQGKVc-2FG51viAW-2FpPzuJOGK4hC-2FF-2FfgyonvDWvDkNa4J3BejflmN-2BuGCUZSHoW4H7oETlKRzn4f7VwMbU0WFOF9ZUfOI6CISxhvZQTsnMYzitMow1nPeu-2Flg0-2FzAaZA27HnZ5WdxtR2wKofgxyBDPpPjMUDCXBmEfEWtT8NXGmNaNpBvJDLI13EkOwRxoG67u0CqbvxxYYK-2F5eu2B-2Bg9JTJRxFbICA7lEJgDZLYhBS-2BbGjIrrRDvHg0hAvMhBJ54TVAoWNvYZYG-2FCqbCuzJrUBI0DoaRAGLq44smm73hnjeG06IT3WQV3A8KkhlXB3fqBFue-2Fd4ydFypfr1PkBzxIk-2FPd1H2pJdMYF-2B7HONDoFax8K-2BBkvfgdiIY-3DGet hashmaliciousHTMLPhisherBrowse
                      • 2.23.209.187
                      https://atualizar-cmd.com/Get hashmaliciousUnknownBrowse
                      • 2.23.209.187
                      fileEEE.batGet hashmaliciousUnknownBrowse
                      • 2.23.209.187
                      https://assets-fra.mkt.dynamics.com/0cc4a623-6510-ef11-9f83-002248da15fa/digitalassets/standaloneforms/6e39a88b-9710-ef11-9f89-002248d9c773Get hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                      • 2.23.209.187
                      phish_alert_sp2_2.0.0.0-214.emlGet hashmaliciousUnknownBrowse
                      • 2.23.209.187
                      https://mydhl.express.dhl$tracking_link/Get hashmaliciousUnknownBrowse
                      • 2.23.209.187
                      https://one.acme.si/sagecn/fr.htmlGet hashmaliciousUnknownBrowse
                      • 2.23.209.187
                      https://organic.mushroomstrade%5B.%5Dcom/?aNqBNW=Nm&rd_DyKZBUOXd0TNevGZu3_F7iSKU5CUSZG11cnJheUBtZXJjaGFudHNjYXBpdGFsLmNvbQ==Get hashmaliciousUnknownBrowse
                      • 2.23.209.187
                      https://url10.mailanyone.net/scanner?m=1s9Mri-0007hx-3T&d=4%7Cmail%2F90%2F1716287400%2F1s9Mri-0007hx-3T%7Cin10g%7C57e1b682%7C12862802%7C10019077%7C664C7952D245399BD4B163183C53C253&o=%2Fphte%3A%2Fdtsseedrontec.iuconsctomat%2Fku.&s=X3gWuPbJRU1Tmui7Qt2w30qEumEGet hashmaliciousHTMLPhisherBrowse
                      • 2.23.209.187

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.983173788486792
                      Encrypted:false
                      SSDEEP:48:83dYTcsHHJidAKZdA1FehwiZUklqehEJy+3:8Kvz/y
                      MD5:EF99A5FFEE625CBAFF14C483C1EFC6B6
                      SHA1:2B7A57556416A8833029428A255F6A3F99D6D980
                      SHA-256:E2B169E8680F20BAFD5832B8D1CA41E1402630CC88AB29710A47BFEB5584110D
                      SHA-512:C758D6955DA2E8F57EBF27FE0D2FE3986E0210B76AE9FC10035A0C3569CF01C5F7DA8F886AD09AD3BFEEB2273C761DB4490159CE51BEA8A2E87A4B35A0CC23C7
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,.......o....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XOF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XOF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XOF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XPF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):3.9984775515169733
                      Encrypted:false
                      SSDEEP:48:899dYTcsHHJidAKZdA1seh/iZUkAQkqeh1Jy+2:8yvd9QKy
                      MD5:75336C9ED4074BE346FA0E4BFF00767A
                      SHA1:0A28CE86F91FED21C37E5D29E5197F229FFAB128
                      SHA-256:00DB015284935173FA8BAB1703728B1351037B620943A6D8AE9DFDDB169E8A2E
                      SHA-512:6977AC8C9062480EE136F8BC997EA654BD406A6F4038CB265AC5E73E4B4715003073BC6B6688BACCAF90BF9D89D03D41F67A622FE7223B9FE99AD7C644CA6194
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,.......o....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XOF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XOF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XOF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XPF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.007596476573448
                      Encrypted:false
                      SSDEEP:48:8ZdYTcsAHJidAKZdA14meh7sFiZUkmgqeh7s/Jy+BX:8UvInDy
                      MD5:79238975185A0630A0FD4AE918BA54E1
                      SHA1:91DC90BBFD6D5A164C97CEDE4FD0436B8EA45504
                      SHA-256:67A5B5E1B91C11FACC541FB931A956057E7624CBF287B88328EEB3F70E369790
                      SHA-512:DBBD22B92BB35435E78FA0ABC2774366C774209AFE60DF153961AC85C3A580B09060E1924E7065AD0F811888C63F286F19E6F5836F0B4DBE9734A10C1819E229
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XOF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XOF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XOF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.998100536995955
                      Encrypted:false
                      SSDEEP:48:8sdYTcsHHJidAKZdA1TehDiZUkwqeh5Jy+R:87vuZy
                      MD5:91E574937E45B738494998BBCFA53F38
                      SHA1:FEFFD9E11C20C0D6EF216B316608D989A2CD015C
                      SHA-256:9A7B87266C8324940241E06AA3D8EB114B76C32990840D9B3DE53CDB9FA5F753
                      SHA-512:91D0788E1EC3E3CEB1B13847DCD3184BAAC7900A3E6831207B4C377278A0F23AA58E6D37C2BE8A6E7F4B5342A461E7B66036F29190A88A7117086150879AD2BA
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,....v..n....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XOF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XOF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XOF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XPF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.982642233073323
                      Encrypted:false
                      SSDEEP:48:85dYTcsHHJidAKZdA1dehBiZUk1W1qehbJy+C:80v+91y
                      MD5:84D8E66627C9407F5DB6D10A163AB33A
                      SHA1:FEB033DAED1837913ACCCCB6B98C8E6C943A21FF
                      SHA-256:9F690412411BF7F2836F23D80CD60DC5736BBCA2EBA832E77B8C275D9A0980B3
                      SHA-512:E02B54543910CA741A39799B3ACD53E4EA8003E3A5318216AB3630597FF93D52783DDDCC51D9B77C70F26313752697C943203639529E19882C3FC7DABF232595
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,.......o....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XOF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XOF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XOF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XPF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri May 24 07:50:31 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):3.9974464895613195
                      Encrypted:false
                      SSDEEP:48:8FdYTcsHHJidAKZdA1duTeehOuTbbiZUk5OjqehOuTbhJy+yT+:8Qv0TfTbxWOvTbDy7T
                      MD5:4863E513EEC9BA1FD134C55D044F85CF
                      SHA1:3D792F29B404E061EC0D46F280DD8B457671E202
                      SHA-256:470F6A61318B2A185140B75D4D517B946E7CF5C930FB20B524AEBAEB76D210B7
                      SHA-512:E7CA78D688037DC28EA63EE55D1557B0760355B7BD974CD8C613C0455001228B0CEB1279DB6CBD7ED6AC81A39F9126E008963B96F6E4CE193A251BC69B64CD82
                      Malicious:false
                      Reputation:low
                      Preview:L..................F.@.. ...$+.,......n....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X.F....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.XOF....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.XOF....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.XOF..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.XPF...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............V.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                      Chrome Cache Entry: 41

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (778)
                      Category:downloaded
                      Size (bytes):783
                      Entropy (8bit):5.130792548768829
                      Encrypted:false
                      SSDEEP:24:MKshrcEE6BHslgT9lCuABuoB7HHHHHHHYqmffffffo:ahYz6KlgZ01BuSEqmffffffo
                      MD5:CC3609750A97A5445F40014606F25764
                      SHA1:3312A49FFB44A72A879B77F98B37830A8C08CC3C
                      SHA-256:F87C89B5D997912F0147D0D1409B1AC32A9EB38A9995E8A5B5D850DC58647BA5
                      SHA-512:2B00DBA505DCDDD38C15D66D787530EF508259CB010478B80A6F6347739085C724033A7509A697E129BAC76E80AB688B0D37CA062F72014784BA7BF1973AFA60
                      Malicious:false
                      Reputation:low
                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                      Preview:)]}'.["",["philadelphia phillies nike dunks","nyt connections hints","boeing planes explosion","map of fortunes monopoly go rewards","memorial day sales deals","temple texas tornadoes","nba 1st team","ghost rider movie jensen ackles"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]

                      Chrome Cache Entry: 42

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:downloaded
                      Size (bytes):29
                      Entropy (8bit):3.9353986674667634
                      Encrypted:false
                      SSDEEP:3:VQAOx/1n:VQAOd1n
                      MD5:6FED308183D5DFC421602548615204AF
                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                      Malicious:false
                      Reputation:moderate, very likely benign file
                      URL:https://www.google.com/async/newtab_promos
                      Preview:)]}'.{"update":{"promos":{}}}

                      Chrome Cache Entry: 43

                      Download File
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65531)
                      Category:downloaded
                      Size (bytes):137141
                      Entropy (8bit):5.440211348831228
                      Encrypted:false
                      SSDEEP:1536:jdGyEyZchLPOnWME4K8tqHgAzZ9VG04UMn9VFPizVEfKBC8JBxMkP+ezPXd:PrcqK8C5ZP09OfBxMkmwXd
                      MD5:B3DFCE92ECB86E24949BC8BF944B6759
                      SHA1:EE1ECFC52753FC5FFB9FF5F1118812FCFBE3CEFE
                      SHA-256:362F49ECC7C61F24DC1922D177D51C3AF295B8D54EF25665B9F1F06206640D5A
                      SHA-512:36E6CFA3DFD099DFEF75173DA865D200A95A86EB715A93378EFBD4C472F00C36D5017DD83573A2A410DF7C3BF0E3BBC534D7EF4D3BF362384F342050D6C5A2B9
                      Malicious:false
                      Reputation:low
                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Qa gb_hb gb_Td gb_nd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Hd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_rd gb_kd gb_xd gb_wd\"\u003e\u003cdiv class\u003d\"gb_qd gb_gd\"\u003e\u003cdiv class\u003d\"gb_Oc gb_q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Oc gb_Rc gb_q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):6.563609044556376
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 99.96%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:Webex.exe
                      File size:201'216 bytes
                      MD5:f3fc04e607fddcda329f1d854def73d2
                      SHA1:a1c82af92d950ac6e1f9d92b8e73aeb23ce7fcce
                      SHA256:b55dbbf2b253c84d0502ae16db3e3f394a26356dd7f5a3971cfe2995def5b289
                      SHA512:a16525e9571a0336fd655c4b06c416dbcc67bf23e5b8607c95b78b2cfe729f676ae358ad505b47994ddee12c63ddedcf9c03297bffc2c82fd6983b6cf64f8910
                      SSDEEP:6144:JBp4uGFHDcKw9LaH52h4/raX1VnbmFCSCmCF9Y:zpOFHYp922h4WF0F1CmCPY
                      TLSH:B1145C25E190D432DCB6057449E5C7BAD97ABE328F054CEF13AC2B3A8E347E09721667
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................................................................................................... .......H.............Rich...

                      File Icon

                      Icon Hash:2d2e3797b32b2b99

                      Static PE Info

                      General

                      Entrypoint:0x41281e
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                      Time Stamp:0x664C9C7B [Tue May 21 13:07:07 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:6
                      OS Version Minor:0
                      File Version Major:6
                      File Version Minor:0
                      Subsystem Version Major:6
                      Subsystem Version Minor:0
                      Import Hash:13fe41b65a7d517237699b0c8f8bd553

                      Entrypoint Preview

                      Instruction
                      call 00007F9AD8EADDAFh
                      jmp 00007F9AD8EAD82Fh
                      push ebp
                      mov ebp, esp
                      push 00000000h
                      call dword ptr [00427124h]
                      push dword ptr [ebp+08h]
                      call dword ptr [00427120h]
                      push C0000409h
                      call dword ptr [00427128h]
                      push eax
                      call dword ptr [0042712Ch]
                      pop ebp
                      ret
                      push ebp
                      mov ebp, esp
                      sub esp, 00000324h
                      push 00000017h
                      call dword ptr [00427130h]
                      test eax, eax
                      je 00007F9AD8EAD9B7h
                      push 00000002h
                      pop ecx
                      int 29h
                      mov dword ptr [00430CA8h], eax
                      mov dword ptr [00430CA4h], ecx
                      mov dword ptr [00430CA0h], edx
                      mov dword ptr [00430C9Ch], ebx
                      mov dword ptr [00430C98h], esi
                      mov dword ptr [00430C94h], edi
                      mov word ptr [00430CC0h], ss
                      mov word ptr [00430CB4h], cs
                      mov word ptr [00430C90h], ds
                      mov word ptr [00430C8Ch], es
                      mov word ptr [00430C88h], fs
                      mov word ptr [00430C84h], gs
                      pushfd
                      pop dword ptr [00430CB8h]
                      mov eax, dword ptr [ebp+00h]
                      mov dword ptr [00430CACh], eax
                      mov eax, dword ptr [ebp+04h]
                      mov dword ptr [00430CB0h], eax
                      lea eax, dword ptr [ebp+08h]
                      mov dword ptr [00430CBCh], eax
                      mov eax, dword ptr [ebp-00000324h]
                      mov dword ptr [00430BF8h], 00010001h

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2e3840xa0.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x340000xe95.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x350000x19b4.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x2d6c00x38.rdata
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2d6000x40.rdata
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x270000x228.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x255400x25600f5ea965026682cd8c1a598b54cfd4167False0.5377821906354515data6.565920300612511IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x270000x80040x82003d85c5e432fec6b528fed6d4263a8a3fFalse0.48482572115384615data5.281385357505723IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0x300000x31240xc00f03b52369e05f7d1d013f80a44210c38False0.2600911458333333data2.805021428351615IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0x340000xe950x100055f741dcc69424ad4ea6ca16b1961c17False0.41357421875data4.47072810622429IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x350000x19b40x1a0064bbdb79642f0a60a04f44b538696d13False0.7937199519230769data6.64534795106433IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0x341400x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors0.43185920577617326
                      RT_GROUP_ICON0x349e80x14data1.15
                      RT_VERSION0x349fc0x31cdataEnglishUnited States0.47110552763819097
                      RT_MANIFEST0x34d180x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                      Imports

                      DLLImport
                      KERNEL32.dllDecodePointer, HeapReAlloc, HeapSize, BackupRead, GetConsoleOutputCP, FlushFileBuffers, CreateFileW, SetFilePointerEx, GetFileSizeEx, GetStringTypeW, GetThreadGroupAffinity, GetProcessHeap, GetCurrentDirectoryW, HeapAlloc, LoadLibraryW, CloseHandle, DeleteFileW, GetUserDefaultLCID, EscapeCommFunction, GetLastError, ConvertThreadToFiberEx, FindActCtxSectionStringA, _lopen, CommConfigDialogA, GetCommTimeouts, GetTimeFormatA, GetLargePageMinimum, SetFilePointer, SetThreadPriority, ReleaseSemaphore, HeapFree, SetConsoleScreenBufferSize, GetConsoleMode, CreateDirectoryW, SetStdHandle, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte, GetCommandLineW, GetCommandLineA, GetCPInfo, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, WriteConsoleW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwind, RaiseException, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, GetFileType, MultiByteToWideChar, LCMapStringW
                      USER32.dllGetActiveWindow, SetCaretPos, MessageBoxW, OpenIcon, SetSysColors, CopyAcceleratorTableA, SetRect, LoadIconA, PaintDesktop, SetWindowPlacement, RedrawWindow, SetParent
                      GDI32.dllColorMatchToTarget, ModifyWorldTransform, GetDCPenColor, SetBoundsRect, CreateBitmapIndirect, CreateHatchBrush, SetWindowExtEx, GetLogColorSpaceA, CreateICA, EqualRgn, PolyPolygon, ChoosePixelFormat, LineTo, ExtCreatePen, SetStretchBltMode, RestoreDC, PtInRegion, EnumObjects, GetBrushOrgEx, ExtSelectClipRgn, GetViewportOrgEx
                      ADVAPI32.dllConvertSidToStringSidA
                      SHELL32.dllSHGetFolderPathW
                      ole32.dllCoUninitialize, CoCreateInstance, WriteClassStg, CoInitialize, OleNoteObjectVisible
                      UxTheme.dllGetThemeSysColorBrush, DrawThemeIcon, GetThemePartSize, GetThemeSysFont, GetBufferedPaintTargetRect, EndBufferedAnimation

                      Possible Origin

                      Language of compilation systemCountry where language is spokenMap
                      EnglishUnited States

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      May 24, 2024 10:48:34.060858965 CEST49673443192.168.2.16204.79.197.203
                      May 24, 2024 10:48:34.364455938 CEST49673443192.168.2.16204.79.197.203
                      May 24, 2024 10:48:34.973375082 CEST49673443192.168.2.16204.79.197.203
                      May 24, 2024 10:48:36.174432993 CEST49673443192.168.2.16204.79.197.203
                      May 24, 2024 10:48:38.586385012 CEST49673443192.168.2.16204.79.197.203
                      May 24, 2024 10:48:40.290136099 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:40.290174007 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:40.290287971 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:40.291888952 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:40.291904926 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:40.939100981 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:40.939202070 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:40.943975925 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:40.943984985 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:40.944272041 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:40.985311031 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:40.990466118 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:41.001482010 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:41.001517057 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:41.001586914 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:41.002731085 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:41.002756119 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:41.034504890 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:41.251306057 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:41.251385927 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:41.251432896 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:41.251516104 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:41.251530886 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:41.251540899 CEST49699443192.168.2.162.18.97.153
                      May 24, 2024 10:48:41.251545906 CEST443496992.18.97.153192.168.2.16
                      May 24, 2024 10:48:41.293659925 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:41.293757915 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:41.293855906 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:41.294254065 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:41.294291019 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:41.924014091 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:41.924221992 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:41.927018881 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:41.927026987 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:41.927341938 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:41.975282907 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.003225088 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.039923906 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.040031910 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:42.043729067 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:42.043746948 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.044004917 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.045381069 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:42.046500921 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.090498924 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.231714964 CEST49678443192.168.2.1620.189.173.10
                      May 24, 2024 10:48:42.257911921 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.258006096 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.258027077 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.258093119 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.258095980 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.258095980 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.258136034 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.258151054 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.258171082 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.258171082 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.258498907 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.271194935 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.271308899 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.271316051 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.271445990 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.271470070 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.271507025 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.271537066 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.271537066 CEST49700443192.168.2.1620.114.59.183
                      May 24, 2024 10:48:42.271550894 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.271559000 CEST4434970020.114.59.183192.168.2.16
                      May 24, 2024 10:48:42.439641953 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.439698935 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.439964056 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:42.449889898 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:42.449903011 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.449923038 CEST49701443192.168.2.162.18.97.153
                      May 24, 2024 10:48:42.449928999 CEST443497012.18.97.153192.168.2.16
                      May 24, 2024 10:48:42.533284903 CEST49678443192.168.2.1620.189.173.10
                      May 24, 2024 10:48:43.140283108 CEST49678443192.168.2.1620.189.173.10
                      May 24, 2024 10:48:43.394365072 CEST49673443192.168.2.16204.79.197.203
                      May 24, 2024 10:48:44.352313042 CEST49678443192.168.2.1620.189.173.10
                      May 24, 2024 10:48:46.700397015 CEST4968080192.168.2.16192.229.211.108
                      May 24, 2024 10:48:46.763334036 CEST49678443192.168.2.1620.189.173.10
                      May 24, 2024 10:48:47.003319025 CEST4968080192.168.2.16192.229.211.108
                      May 24, 2024 10:48:47.609232903 CEST4968080192.168.2.16192.229.211.108
                      May 24, 2024 10:48:48.824198008 CEST4968080192.168.2.16192.229.211.108
                      May 24, 2024 10:48:51.236295938 CEST4968080192.168.2.16192.229.211.108
                      May 24, 2024 10:48:51.572207928 CEST49678443192.168.2.1620.189.173.10
                      May 24, 2024 10:48:53.006273031 CEST49673443192.168.2.16204.79.197.203
                      May 24, 2024 10:48:56.040282965 CEST4968080192.168.2.16192.229.211.108
                      May 24, 2024 10:49:01.186188936 CEST49678443192.168.2.1620.189.173.10
                      May 24, 2024 10:49:05.643039942 CEST4968080192.168.2.16192.229.211.108
                      May 24, 2024 10:49:11.508315086 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:11.508338928 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:11.508409977 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:11.509656906 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:11.509670973 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.345746040 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.345838070 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.380001068 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.380017996 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.380994081 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.382236004 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.382292986 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.382402897 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.758414030 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.758439064 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.758488894 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.758522987 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.758541107 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.758559942 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.758611917 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.758611917 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.759131908 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.759131908 CEST49703443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.759150982 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.759164095 CEST4434970340.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.979195118 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.979223967 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:12.979348898 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.979615927 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:12.979628086 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:13.873281956 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:13.874140978 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:13.874212027 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:13.875572920 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:13.875592947 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:13.875678062 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:13.875695944 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.255749941 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.255868912 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.255918980 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.256001949 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.256014109 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.256035089 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.256174088 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.256230116 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.256445885 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.256458044 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.256469011 CEST49704443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.256474018 CEST4434970440.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.342967033 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.342983007 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:14.343075991 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.343266010 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:14.343270063 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.196069956 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.196825981 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.196846962 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.197623014 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.197628021 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.197655916 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.197662115 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.480998993 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.481053114 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.481096983 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.481149912 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.481164932 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.481177092 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.481333017 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.481333017 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.481688976 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.481699944 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.481709957 CEST49705443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.481714010 CEST4434970540.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.536526918 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.536540031 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:15.536619902 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.536828995 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:15.536833048 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.404706955 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.405435085 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.405461073 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.406517982 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.406522989 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.406593084 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.406601906 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.785293102 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.785379887 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.785433054 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.785470963 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.785499096 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.785536051 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.785640001 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.785696983 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.786052942 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.786072969 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.786087036 CEST49706443192.168.2.1640.126.32.72
                      May 24, 2024 10:49:16.786093950 CEST4434970640.126.32.72192.168.2.16
                      May 24, 2024 10:49:16.857486963 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:16.857516050 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:16.857598066 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:16.859649897 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:16.859668970 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.528538942 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.528712988 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.579119921 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.579149008 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.580322027 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.580420017 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.581358910 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.581397057 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.901464939 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.901535988 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.901549101 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.901592970 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.905317068 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.905381918 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.905405045 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.905453920 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.905473948 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.905489922 CEST443497072.23.209.187192.168.2.16
                      May 24, 2024 10:49:17.905500889 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:17.905548096 CEST49707443192.168.2.162.23.209.187
                      May 24, 2024 10:49:18.731251955 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:18.731275082 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:18.731375933 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:18.731730938 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:18.731736898 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:19.712529898 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:19.712668896 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:19.714391947 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:19.714401007 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:19.714653015 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:19.722327948 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:19.766494036 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.099268913 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.099337101 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.099381924 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.099422932 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.099440098 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.099474907 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.099525928 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.103105068 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.103153944 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.103182077 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.103185892 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.103229046 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.103234053 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.103317976 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.103368998 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.103820086 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.103831053 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:49:20.103852034 CEST49708443192.168.2.1620.114.59.183
                      May 24, 2024 10:49:20.103856087 CEST4434970820.114.59.183192.168.2.16
                      May 24, 2024 10:50:29.673656940 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:29.673702955 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:29.673758030 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:29.674694061 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:29.674709082 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.193375111 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.193406105 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.193459988 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.194073915 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.194081068 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.240741968 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.240752935 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.240838051 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.241347075 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.241354942 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.272619009 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.272629976 CEST44349715142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.272696018 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.272980928 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.272991896 CEST44349715142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.325265884 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.325512886 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.325521946 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.326422930 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.326493979 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.327450991 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.327523947 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.327615976 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.327620983 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.382419109 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.639143944 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.639300108 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.639404058 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.640217066 CEST49712443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.640230894 CEST44349712142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.886032104 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.886432886 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.886445999 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.887223005 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.887320995 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.887620926 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.887665987 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.887768030 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.887772083 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.902431965 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.902755976 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.902774096 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.906275988 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.906419992 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.906677008 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.906801939 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.906846046 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.934798956 CEST44349715142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.935089111 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.935102940 CEST44349715142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.938637018 CEST44349715142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.938741922 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.939007044 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.939110041 CEST44349715142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.939318895 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.955545902 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.955568075 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:30.987401962 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:30.987423897 CEST44349715142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.003411055 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.035551071 CEST49715443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.204452038 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.204509974 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.204689026 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.204704046 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.207333088 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.207413912 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.207420111 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.210371971 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.210447073 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.210453033 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.214282990 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.214353085 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.214358091 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.217266083 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.217348099 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.217353106 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.259417057 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.289139032 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.291945934 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.292007923 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.292011976 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.293778896 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.294118881 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.294181108 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.294982910 CEST49714443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.294994116 CEST44349714142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.296035051 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.296094894 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.296098948 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.300785065 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.300838947 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.300844908 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.305696964 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.305753946 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.305758953 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.311048985 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.311103106 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.311106920 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.321052074 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.321110964 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.321115971 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.325994968 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.326093912 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.326098919 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.330681086 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.330734015 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.330739021 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.333744049 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.333798885 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.333802938 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.339330912 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.339397907 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.339402914 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.344887018 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.344952106 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.344960928 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.378155947 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.378268957 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.378281116 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.382122993 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.382170916 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.382180929 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.382190943 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.382226944 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.384560108 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.387046099 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.387095928 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.387103081 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.389054060 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.389101982 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.389108896 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.394462109 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.394530058 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.394536972 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.395467043 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.395519018 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.395524979 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.400399923 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.400453091 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.400461912 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.408860922 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.408934116 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.408941031 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.410696030 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.410748959 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.410756111 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.416304111 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.416362047 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.416369915 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.421237946 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.421309948 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.421318054 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.425982952 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.426040888 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.426048040 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.433008909 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.433069944 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.433075905 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.435719013 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.435774088 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.435781956 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.439677954 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.439734936 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.439740896 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.443481922 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.443536997 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.443551064 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.447350979 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.447418928 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.447427034 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.450928926 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.450994015 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.450999975 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.454845905 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.454906940 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.454914093 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.458726883 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.458785057 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.458791018 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.462646961 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.462698936 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.462707043 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.466078997 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.466147900 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.466155052 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.469901085 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.469959021 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.469965935 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.472040892 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.472093105 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.472100019 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.474308968 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.474360943 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.474368095 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.476618052 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.476675034 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.476681948 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.478806019 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.478862047 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.478868961 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.481173038 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.481225967 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.481232882 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.483624935 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.483678102 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.483685017 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.485594988 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.485622883 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.485642910 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.485651016 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.485697031 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.487379074 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.490036011 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.490061998 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.490082979 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.490092993 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.490143061 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.497066021 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.497221947 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:31.497284889 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.497423887 CEST49713443192.168.2.16142.250.184.196
                      May 24, 2024 10:50:31.497432947 CEST44349713142.250.184.196192.168.2.16
                      May 24, 2024 10:50:32.921351910 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:32.921386003 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:32.921461105 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:32.921677113 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:32.921693087 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.604768991 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.605137110 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.605159044 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.606146097 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.606229067 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.607089996 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.607156992 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.607234001 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.607243061 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.654330969 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.875761032 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.877346992 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.877367973 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.877528906 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.877563953 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.877756119 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.880702019 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.884063959 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.884129047 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.884143114 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.887079954 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.887233973 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.887243032 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.889389038 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.889456987 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.889466047 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.893347979 CEST49720443192.168.2.16142.250.186.110
                      May 24, 2024 10:50:33.893435955 CEST44349720142.250.186.110192.168.2.16
                      May 24, 2024 10:50:33.893533945 CEST49720443192.168.2.16142.250.186.110
                      May 24, 2024 10:50:33.893699884 CEST49720443192.168.2.16142.250.186.110
                      May 24, 2024 10:50:33.893723011 CEST44349720142.250.186.110192.168.2.16
                      May 24, 2024 10:50:33.894742966 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.894804001 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:33.894814014 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:33.941313982 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.242446899 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.245590925 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.245615959 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.245639086 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.245666981 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.245712996 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.247787952 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.250070095 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.250119925 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.250130892 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.252254963 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.252320051 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.252327919 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.254061937 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.254121065 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.254128933 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.254209995 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.254272938 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.254281998 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.255839109 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.255906105 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.255914927 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.260850906 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.260946989 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.260956049 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.262377024 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.262423992 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.262432098 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.263906956 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.263973951 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.263983965 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.265415907 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.265485048 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.265495062 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.267678022 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.267700911 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.267740011 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.267750025 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.267790079 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.269201994 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.270668030 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.270699978 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.270740986 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.270750046 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.270792007 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.272058010 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.273369074 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.273391008 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.273422003 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.273431063 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.273482084 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.275717974 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.276643991 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.276711941 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.276721001 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.277924061 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.277973890 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.277982950 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.279778004 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.279831886 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.279840946 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.280917883 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.281003952 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.281009912 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.281033993 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.281080961 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.281115055 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.282653093 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.282701969 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.282711029 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.284415007 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.284465075 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.284472942 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.285561085 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.285640001 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.285659075 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.285667896 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.285711050 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.286746979 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.287831068 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.287884951 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.287893057 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.288819075 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.288872004 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.288880110 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.289647102 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.289699078 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.289707899 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.290584087 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.290636063 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.290646076 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.291302919 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.291347980 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.291357994 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.292146921 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.292222977 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.292232037 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.292674065 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.292741060 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.292748928 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.293503046 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.293556929 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.293565989 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.294820070 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.294950962 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.294960976 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.295629978 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.295675039 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.295684099 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.296407938 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.296463013 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.296471119 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.297297955 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.297355890 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.297365904 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.297615051 CEST44349719142.250.185.238192.168.2.16
                      May 24, 2024 10:50:34.297663927 CEST49719443192.168.2.16142.250.185.238
                      May 24, 2024 10:50:34.547576904 CEST44349720142.250.186.110192.168.2.16
                      May 24, 2024 10:50:34.594341993 CEST49720443192.168.2.16142.250.186.110

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      May 24, 2024 10:49:38.386240959 CEST138138192.168.2.16192.168.2.255
                      May 24, 2024 10:50:29.599083900 CEST53554491.1.1.1192.168.2.16
                      May 24, 2024 10:50:29.618556023 CEST5744853192.168.2.161.1.1.1
                      May 24, 2024 10:50:29.618720055 CEST6107753192.168.2.161.1.1.1
                      May 24, 2024 10:50:29.656820059 CEST53574481.1.1.1192.168.2.16
                      May 24, 2024 10:50:29.656856060 CEST53640391.1.1.1192.168.2.16
                      May 24, 2024 10:50:29.656912088 CEST53610771.1.1.1192.168.2.16
                      May 24, 2024 10:50:30.756642103 CEST53580551.1.1.1192.168.2.16
                      May 24, 2024 10:50:31.604856968 CEST53541851.1.1.1192.168.2.16
                      May 24, 2024 10:50:32.878096104 CEST6234453192.168.2.161.1.1.1
                      May 24, 2024 10:50:32.878096104 CEST6351753192.168.2.161.1.1.1
                      May 24, 2024 10:50:32.920698881 CEST53623441.1.1.1192.168.2.16
                      May 24, 2024 10:50:32.920717001 CEST53635171.1.1.1192.168.2.16
                      May 24, 2024 10:50:33.881645918 CEST6344853192.168.2.161.1.1.1
                      May 24, 2024 10:50:33.881645918 CEST5973253192.168.2.161.1.1.1
                      May 24, 2024 10:50:33.892848969 CEST53597321.1.1.1192.168.2.16
                      May 24, 2024 10:50:33.892888069 CEST53634481.1.1.1192.168.2.16

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      May 24, 2024 10:50:29.618556023 CEST192.168.2.161.1.1.10x6d68Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      May 24, 2024 10:50:29.618720055 CEST192.168.2.161.1.1.10xd12eStandard query (0)www.google.com65IN (0x0001)false
                      May 24, 2024 10:50:32.878096104 CEST192.168.2.161.1.1.10x2286Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                      May 24, 2024 10:50:32.878096104 CEST192.168.2.161.1.1.10xaeb1Standard query (0)apis.google.com65IN (0x0001)false
                      May 24, 2024 10:50:33.881645918 CEST192.168.2.161.1.1.10xdea4Standard query (0)play.google.comA (IP address)IN (0x0001)false
                      May 24, 2024 10:50:33.881645918 CEST192.168.2.161.1.1.10x36baStandard query (0)play.google.com65IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      May 24, 2024 10:50:29.656820059 CEST1.1.1.1192.168.2.160x6d68No error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                      May 24, 2024 10:50:29.656912088 CEST1.1.1.1192.168.2.160xd12eNo error (0)www.google.com65IN (0x0001)false
                      May 24, 2024 10:50:32.920698881 CEST1.1.1.1192.168.2.160x2286No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                      May 24, 2024 10:50:32.920698881 CEST1.1.1.1192.168.2.160x2286No error (0)plus.l.google.com142.250.185.238A (IP address)IN (0x0001)false
                      May 24, 2024 10:50:32.920717001 CEST1.1.1.1192.168.2.160xaeb1No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                      May 24, 2024 10:50:33.892888069 CEST1.1.1.1192.168.2.160xdea4No error (0)play.google.com142.250.186.110A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • slscr.update.microsoft.com
                      • fs.microsoft.com
                      • login.live.com
                      • www.bing.com
                      • www.google.com
                      • apis.google.com

                      HTTPS Proxied Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.16496992.18.97.153443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:48:40 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-05-24 08:48:41 UTC515INHTTP/1.1 200 OK
                      Content-Type: application/octet-stream
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                      Cache-Control: public, max-age=199271
                      Date: Fri, 24 May 2024 08:48:41 GMT
                      Connection: close
                      X-CID: 2


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.164970020.114.59.183443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:48:41 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C2OWlAm7sasRCG2&MD=T4FUUZaM HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-05-24 08:48:42 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                      MS-CorrelationId: 5f06479a-891c-46bf-a4c0-7fddd3cefc5e
                      MS-RequestId: d58f6d5d-748a-49bd-a2c6-d15a1c885c06
                      MS-CV: uEqzSUVASkWNDyA+.0
                      X-Microsoft-SLSClientCache: 2880
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Fri, 24 May 2024 08:48:41 GMT
                      Connection: close
                      Content-Length: 24490
                      2024-05-24 08:48:42 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                      Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                      2024-05-24 08:48:42 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                      Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.16497012.18.97.153443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:48:42 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      Accept-Encoding: identity
                      If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                      Range: bytes=0-2147483646
                      User-Agent: Microsoft BITS/7.8
                      Host: fs.microsoft.com
                      2024-05-24 08:48:42 UTC535INHTTP/1.1 200 OK
                      Content-Type: application/octet-stream
                      Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                      ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                      ApiVersion: Distribute 1.1
                      Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                      X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                      Cache-Control: public, max-age=199270
                      Date: Fri, 24 May 2024 08:48:42 GMT
                      Content-Length: 55
                      Connection: close
                      X-CID: 2
                      2024-05-24 08:48:42 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                      Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.164970340.126.32.72443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:49:12 UTC422OUTPOST /RST2.srf HTTP/1.0
                      Connection: Keep-Alive
                      Content-Type: application/soap+xml
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                      Content-Length: 3592
                      Host: login.live.com
                      2024-05-24 08:49:12 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                      2024-05-24 08:49:12 UTC569INHTTP/1.1 200 OK
                      Cache-Control: no-store, no-cache
                      Pragma: no-cache
                      Content-Type: application/soap+xml; charset=utf-8
                      Expires: Fri, 24 May 2024 08:48:12 GMT
                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                      Referrer-Policy: strict-origin-when-cross-origin
                      x-ms-route-info: C538_SN1
                      x-ms-request-id: 3a38c2c4-10e4-45e5-9dd3-cfa3a1f4cd54
                      PPServer: PPV: 30 H: SN1PEPF0002F917 V: 0
                      X-Content-Type-Options: nosniff
                      Strict-Transport-Security: max-age=31536000
                      X-XSS-Protection: 1; mode=block
                      Date: Fri, 24 May 2024 08:49:12 GMT
                      Connection: close
                      Content-Length: 11390
                      2024-05-24 08:49:12 UTC11390INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.164970440.126.32.72443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:49:13 UTC422OUTPOST /RST2.srf HTTP/1.0
                      Connection: Keep-Alive
                      Content-Type: application/soap+xml
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                      Content-Length: 4775
                      Host: login.live.com
                      2024-05-24 08:49:13 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                      2024-05-24 08:49:14 UTC569INHTTP/1.1 200 OK
                      Cache-Control: no-store, no-cache
                      Pragma: no-cache
                      Content-Type: application/soap+xml; charset=utf-8
                      Expires: Fri, 24 May 2024 08:48:14 GMT
                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                      Referrer-Policy: strict-origin-when-cross-origin
                      x-ms-route-info: C538_SN1
                      x-ms-request-id: 6500f59d-f4e5-44f4-929f-182ef07f693c
                      PPServer: PPV: 30 H: SN1PEPF0002F104 V: 0
                      X-Content-Type-Options: nosniff
                      Strict-Transport-Security: max-age=31536000
                      X-XSS-Protection: 1; mode=block
                      Date: Fri, 24 May 2024 08:49:13 GMT
                      Connection: close
                      Content-Length: 11370
                      2024-05-24 08:49:14 UTC11370INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      5192.168.2.164970540.126.32.72443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:49:15 UTC422OUTPOST /RST2.srf HTTP/1.0
                      Connection: Keep-Alive
                      Content-Type: application/soap+xml
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                      Content-Length: 4775
                      Host: login.live.com
                      2024-05-24 08:49:15 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                      2024-05-24 08:49:15 UTC569INHTTP/1.1 200 OK
                      Cache-Control: no-store, no-cache
                      Pragma: no-cache
                      Content-Type: application/soap+xml; charset=utf-8
                      Expires: Fri, 24 May 2024 08:48:15 GMT
                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                      Referrer-Policy: strict-origin-when-cross-origin
                      x-ms-route-info: C538_BL2
                      x-ms-request-id: 5bff3c1a-199c-4727-9f80-30fee7bf395c
                      PPServer: PPV: 30 H: BL02EPF0001D9F9 V: 0
                      X-Content-Type-Options: nosniff
                      Strict-Transport-Security: max-age=31536000
                      X-XSS-Protection: 1; mode=block
                      Date: Fri, 24 May 2024 08:49:14 GMT
                      Connection: close
                      Content-Length: 11370
                      2024-05-24 08:49:15 UTC11370INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      6192.168.2.164970640.126.32.72443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:49:16 UTC422OUTPOST /RST2.srf HTTP/1.0
                      Connection: Keep-Alive
                      Content-Type: application/soap+xml
                      Accept: */*
                      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                      Content-Length: 4788
                      Host: login.live.com
                      2024-05-24 08:49:16 UTC4788OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                      Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                      2024-05-24 08:49:16 UTC569INHTTP/1.1 200 OK
                      Cache-Control: no-store, no-cache
                      Pragma: no-cache
                      Content-Type: application/soap+xml; charset=utf-8
                      Expires: Fri, 24 May 2024 08:48:16 GMT
                      P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                      Referrer-Policy: strict-origin-when-cross-origin
                      x-ms-route-info: C538_BAY
                      x-ms-request-id: eb87ff4e-3bd4-4676-a6d8-7dabc707412f
                      PPServer: PPV: 30 H: PH1PEPF00011ED6 V: 0
                      X-Content-Type-Options: nosniff
                      Strict-Transport-Security: max-age=31536000
                      X-XSS-Protection: 1; mode=block
                      Date: Fri, 24 May 2024 08:49:16 GMT
                      Connection: close
                      Content-Length: 11153
                      2024-05-24 08:49:16 UTC11153INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                      Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      7192.168.2.16497072.23.209.187443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:49:17 UTC2665OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                      X-Search-CortanaAvailableCapabilities: None
                      X-Search-SafeSearch: Moderate
                      Accept-Encoding: gzip, deflate
                      X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                      X-UserAgeClass: Unknown
                      X-BM-Market: CH
                      X-BM-DateFormat: dd/MM/yyyy
                      X-Device-OSSKU: 48
                      X-BM-DTZ: -240
                      X-DeviceID: 01000A4109009A83
                      X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124117A5,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E,FX:12CDE644,FX:12D1574C,FX:12D281C4,FX:12E8312D,FX:12E85C75
                      X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
                      X-BM-Theme: 000000;0078d7
                      X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAVHgmrRzQwhXDO4dkzsA/NqwvL9Q3xpbVhNJeJY6lsawhoawU4vnDp2XkKWb49XK1g5VPyYuGneWeuWNAYVJtgwmzKjKMcYr9MrK8rN7j2wxJtEyFqMcaTEQ5t/bnGsPF%2BGjvt%2B4bebpfB//V01UrRsuXYjFKV8MuOuI%2BCb2ZlIn37esIuhFp4WfoPehTAvRO06QGjWufiuU4AoVU4z03Szwy0rxXIxswOZw/zWa9DkHtTodO%2BtQEeVkf40aaUBC3%2BOn3HVB54VnC2Ni2WWI5F0lVXxcdxPXldfPl2DnqlwUlPo34epLu86kRORvEkNYWgUE1DeKMvNo0x4/iqKI0wsDZgAACDkw1y0hNYV2qAEJ7E0Ehzf8qdfXFM%2BlF/xIBcmVaa1/NvcTIXlGXSlXUGuF0Nl2XFqdVK7fGtM5ExoErrxoV0rjsIx2ThWBQ8WhQC8xDbibi7wccW9CxVtuAHfCtdeRLwI7N0nylN0C4VO1zcIrYm5idN4PDMFrMJG5OKCMsdYnpmPfpJdjZKP%2B7cR8WkVeG7OLOpdpab1yLJSgW6C7NcrbtbbnWvwDAxikTu33otl/TFmjaDdxgSRUodoLnyRLmrvTohVwCcZHdpP1kvW0UfcUHagjPN2w3JGNizxMYj43uguZNMk1aq0iru1OuA42cF9Cj6qFdzZgJIU3IDKTR5R7aRz8XTYZM3FRvmlNaIAIBedDFw4UvOUwPKZ4KcyTv8D5kJ2u8gX7ixVGh8EfaMopxiMkpXU0CTQuoBBG2qQlIrEp7rirbsE9XJPricimQwiTaqbaEgQnJxssDkqE7Xow2z3i3SVP2hh0GaT8aucOWRis3w4Fc30l7jaI7Awy43rLzAPstTI%2Bzpc4Yd2He3v6p6J7B5XbMB17ScpNqnxc1mOA2uGozAqYqbn6%2BrEV5QT02AE%3D%26p%3D
                      X-Agent-DeviceId: 01000A4109009A83
                      X-BM-CBT: 1716540550
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                      X-Device-isOptin: false
                      Accept-language: en-GB, en, en-US
                      X-Device-Touch: false
                      X-Device-ClientSession: F16875BDE8CA44FB8B9B5D9AEC438402
                      X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                      Host: www.bing.com
                      Connection: Keep-Alive
                      Cookie: SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUID=5047E5942BB2460EA35B53CCF78DDB3D; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
                      2024-05-24 08:49:17 UTC1319INHTTP/1.1 200 OK
                      Content-Length: 2215
                      Content-Type: application/json; charset=utf-8
                      Cache-Control: private
                      X-EventID: 6650548de16e4b0eb480ed57ac740f32
                      X-AS-SetSessionMarket: de-ch
                      UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                      X-XSS-Protection: 0
                      P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                      Date: Fri, 24 May 2024 08:49:17 GMT
                      Connection: close
                      Set-Cookie: _EDGE_S=SID=08A90B5878CB628A2E011FD179996388&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                      Set-Cookie: SRCHHPGUSR=SRCHLANG=en&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; domain=.bing.com; expires=Wed, 18-Jun-2025 08:49:17 GMT; path=/; secure; SameSite=None
                      Set-Cookie: ANON=A=6167974D1A7C78361D9CC53BFFFFFFFF; domain=.bing.com; expires=Wed, 18-Jun-2025 08:49:17 GMT; path=/; secure; SameSite=None
                      Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                      Set-Cookie: _SS=SID=08A90B5878CB628A2E011FD179996388; domain=.bing.com; path=/; secure; SameSite=None
                      Alt-Svc: h3=":443"; ma=93600
                      X-CDN-TraceID: 0.3bd01702.1716540557.40a34c1
                      2024-05-24 08:49:17 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                      Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      8192.168.2.164970820.114.59.183443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:49:19 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=C2OWlAm7sasRCG2&MD=T4FUUZaM HTTP/1.1
                      Connection: Keep-Alive
                      Accept: */*
                      User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                      Host: slscr.update.microsoft.com
                      2024-05-24 08:49:20 UTC560INHTTP/1.1 200 OK
                      Cache-Control: no-cache
                      Pragma: no-cache
                      Content-Type: application/octet-stream
                      Expires: -1
                      Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                      ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_1440"
                      MS-CorrelationId: 7ed5c5e8-1f93-42e5-a8da-3230a137afde
                      MS-RequestId: 46f93833-3e4c-4a60-814d-6b066e687745
                      MS-CV: NZn4txEbQUeFniGj.0
                      X-Microsoft-SLSClientCache: 1440
                      Content-Disposition: attachment; filename=environment.cab
                      X-Content-Type-Options: nosniff
                      Date: Fri, 24 May 2024 08:49:19 GMT
                      Connection: close
                      Content-Length: 25457
                      2024-05-24 08:49:20 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                      Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                      2024-05-24 08:49:20 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                      Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      9192.168.2.1649712142.250.184.1964436056C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:50:30 UTC627OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                      Host: www.google.com
                      Connection: keep-alive
                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-05-24 08:50:30 UTC1191INHTTP/1.1 200 OK
                      Date: Fri, 24 May 2024 08:50:30 GMT
                      Pragma: no-cache
                      Expires: -1
                      Cache-Control: no-cache, must-revalidate
                      Content-Type: text/javascript; charset=UTF-8
                      Strict-Transport-Security: max-age=31536000
                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-6SHrDXWXuCXrMNsZOXxSwQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                      Accept-CH: Sec-CH-UA-Platform
                      Accept-CH: Sec-CH-UA-Platform-Version
                      Accept-CH: Sec-CH-UA-Full-Version
                      Accept-CH: Sec-CH-UA-Arch
                      Accept-CH: Sec-CH-UA-Model
                      Accept-CH: Sec-CH-UA-Bitness
                      Accept-CH: Sec-CH-UA-Full-Version-List
                      Accept-CH: Sec-CH-UA-WoW64
                      Permissions-Policy: unload=()
                      Content-Disposition: attachment; filename="f.txt"
                      Server: gws
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2024-05-24 08:50:30 UTC199INData Raw: 33 30 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 68 69 6c 61 64 65 6c 70 68 69 61 20 70 68 69 6c 6c 69 65 73 20 6e 69 6b 65 20 64 75 6e 6b 73 22 2c 22 6e 79 74 20 63 6f 6e 6e 65 63 74 69 6f 6e 73 20 68 69 6e 74 73 22 2c 22 62 6f 65 69 6e 67 20 70 6c 61 6e 65 73 20 65 78 70 6c 6f 73 69 6f 6e 22 2c 22 6d 61 70 20 6f 66 20 66 6f 72 74 75 6e 65 73 20 6d 6f 6e 6f 70 6f 6c 79 20 67 6f 20 72 65 77 61 72 64 73 22 2c 22 6d 65 6d 6f 72 69 61 6c 20 64 61 79 20 73 61 6c 65 73 20 64 65 61 6c 73 22 2c 22 74 65 6d 70 6c 65 20 74 65 78 61 73 20 74 6f 72 6e 61 64 6f 65 73 22 2c 22 6e 62 61 20 31 73 74 20
                      Data Ascii: 30f)]}'["",["philadelphia phillies nike dunks","nyt connections hints","boeing planes explosion","map of fortunes monopoly go rewards","memorial day sales deals","temple texas tornadoes","nba 1st
                      2024-05-24 08:50:30 UTC591INData Raw: 74 65 61 6d 22 2c 22 67 68 6f 73 74 20 72 69 64 65 72 20 6d 6f 76 69 65 20 6a 65 6e 73 65 6e 20 61 63 6b 6c 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32
                      Data Ascii: team","ghost rider movie jensen ackles"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002
                      2024-05-24 08:50:30 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      10192.168.2.1649713142.250.184.1964436056C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:50:30 UTC530OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                      Host: www.google.com
                      Connection: keep-alive
                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-05-24 08:50:31 UTC1059INHTTP/1.1 200 OK
                      Version: 635704319
                      Content-Type: application/json; charset=UTF-8
                      X-Content-Type-Options: nosniff
                      Strict-Transport-Security: max-age=31536000
                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                      Accept-CH: Sec-CH-Viewport-Width
                      Accept-CH: Sec-CH-Viewport-Height
                      Accept-CH: Sec-CH-DPR
                      Accept-CH: Sec-CH-UA-Platform
                      Accept-CH: Sec-CH-UA-Platform-Version
                      Accept-CH: Sec-CH-UA-Full-Version
                      Accept-CH: Sec-CH-UA-Arch
                      Accept-CH: Sec-CH-UA-Model
                      Accept-CH: Sec-CH-UA-Bitness
                      Accept-CH: Sec-CH-UA-Full-Version-List
                      Accept-CH: Sec-CH-UA-WoW64
                      Permissions-Policy: unload=()
                      Content-Disposition: attachment; filename="f.txt"
                      Date: Fri, 24 May 2024 08:50:31 GMT
                      Server: gws
                      Cache-Control: private
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2024-05-24 08:50:31 UTC331INData Raw: 65 33 31 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 51 61 20 67 62 5f 68 62 20 67 62 5f 54 64 20 67 62 5f 6e 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c
                      Data Ascii: e31)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Qa gb_hb gb_Td gb_nd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\
                      2024-05-24 08:50:31 UTC1390INData Raw: 62 5f 72 64 20 67 62 5f 6b 64 20 67 62 5f 78 64 20 67 62 5f 77 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 71 64 20 67 62 5f 67 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4f 63 20 67 62 5f 71 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78
                      Data Ascii: b_rd gb_kd gb_xd gb_wd\"\u003e\u003cdiv class\u003d\"gb_qd gb_gd\"\u003e\u003cdiv class\u003d\"gb_Oc gb_q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox
                      2024-05-24 08:50:31 UTC1390INData Raw: 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 71 64 20 67 62 5f 65 64 20 67 62 5f 66 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 69 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 71 64 20 67 62 5f 41 64
                      Data Ascii: u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_qd gb_ed gb_fd\"\u003e\u003cspan class\u003d\"gb_id\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_qd gb_Ad
                      2024-05-24 08:50:31 UTC529INData Raw: 67 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 38 2e 35 2d 32 31 2e 35 54 33 35 30 2d
                      Data Ascii: g\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13 8.5-21.5T350-
                      2024-05-24 08:50:31 UTC624INData Raw: 32 36 39 0d 0a 6c 2d 37 38 2d 31 31 37 71 2d 31 35 2d 32 31 2d 32 32 2e 35 2d 34 36 74 2d 37 2e 35 2d 35 32 76 2d 31 31 30 48 34 33 30 5a 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 70 61 74 68 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 76 67 5c 75 30 30 33 65 20 20 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 20 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 6b 20 67 62 5f 78 20 67 62 5f 4b 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 66 62 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 77 61 5c 22 5c 75 30 30
                      Data Ascii: 269l-78-117q-15-21-22.5-46t-7.5-52v-110H430Z\"\u003e\u003c\/path\u003e \u003c\/svg\u003e \u003c\/a\u003e \u003c\/div\u003e \u003c\/div\u003e \u003cdiv class\u003d\"gb_k gb_x gb_K\" data-ogsr-fb\u003d\"true\" data-ogsr-alt\u003d\"\" id\u003d\"gbwa\"\u00
                      2024-05-24 08:50:31 UTC1390INData Raw: 38 30 30 30 0d 0a 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73
                      Data Ascii: 80009 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,20c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s
                      2024-05-24 08:50:31 UTC1390INData Raw: 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 32 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 22 7d 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 5b 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d
                      Data Ascii: v\u003e\u003cdiv class\u003d\"gb_2c\"\u003e\u003c\/div\u003e\u003c\/div\u003e"},"left_product_control_placeholder_label":["left_product_control-label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","m
                      2024-05-24 08:50:31 UTC1390INData Raw: 76 61 72 20 6d 64 3b 5f 2e 6a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 5c 75 30 30 33 64 74 79 70 65 6f 66 20 61 3b 72 65 74 75 72 6e 5c 22 6f 62 6a 65 63 74 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 62 5c 75 30 30 32 36 5c 75 30 30 32 36 6e 75 6c 6c 21 5c 75 30 30 33 64 61 7c 7c 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 5c 75 30 30 33 64 5c 75 30 30 33 64 62 7d 3b 5f 2e 6b 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 69 7c 7c 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2e 6a 29 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 42 5c 22 29 3b 61 2e 6a 5c 75 30 30 33 64 62 3b 5f 2e 48 63 28 61 29 7d 3b 5f 2e 6c 64 5c 75 30 30 33 64 63
                      Data Ascii: var md;_.jd\u003dfunction(a){var b\u003dtypeof a;return\"object\"\u003d\u003db\u0026\u0026null!\u003da||\"function\"\u003d\u003db};_.kd\u003dfunction(a,b){if(void 0!\u003d\u003da.i||void 0!\u003d\u003da.j)throw Error(\"B\");a.j\u003db;_.Hc(a)};_.ld\u003dc
                      2024-05-24 08:50:31 UTC1390INData Raw: 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 31 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 64 5c 75 30 30 33 64 63 2e 73 6c 69 63 65 28 29 3b 64 2e 70 75 73 68 2e 61 70 70 6c 79 28 64 2c 61 72 67 75 6d 65 6e 74 73 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 64 29 7d 7d 3b 5f 2e 42 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 30 21 5c 75 30 30 33 64 5c 75 30 30 33 64 5f 2e 6a 62 28 61 2c 62 2c 63 2c 21 31 29 7d 3b 5f 2e 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 70 64 28 5f 2e 6f 63 28 61 2c 62 29 29 7d 3b 5c 6e 5f 2e 52 5c 75 30 30 33
                      Data Ascii: rray.prototype.slice.call(arguments,1);return function(){var d\u003dc.slice();d.push.apply(d,arguments);return a.apply(this,d)}};_.Bd\u003dfunction(a,b,c){return void 0!\u003d\u003d_.jb(a,b,c,!1)};_.Cd\u003dfunction(a,b){return _.pd(_.oc(a,b))};\n_.R\u003
                      2024-05-24 08:50:31 UTC1390INData Raw: 33 64 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4c 64 28 61 2c 4e 64 29 7d 3b 5f 2e 72 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 50 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 72 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 76 61 72 20 74 64 2c 78 64 3b 74 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 65 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 76 64 5c 75 30 30 33 64 5b 75 64 28 5c 22 64 61 74 61 5c 22 29 2c 75 64 28 5c 22
                      Data Ascii: 3db?b.createScriptURL(a):a;return new _.Ld(a,Nd)};_.rd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Pd\u003dnew _.rd(\"about:invalid#zClosurez\");var td,xd;td\u003dclass{constructor(a){this.eh\u003da}};_.vd\u003d[ud(\"data\"),ud(\"


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      11192.168.2.1649714142.250.184.1964436056C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:50:30 UTC353OUTGET /async/newtab_promos HTTP/1.1
                      Host: www.google.com
                      Connection: keep-alive
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-05-24 08:50:31 UTC922INHTTP/1.1 200 OK
                      Version: 635704319
                      Content-Type: application/json; charset=UTF-8
                      X-Content-Type-Options: nosniff
                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                      Accept-CH: Sec-CH-UA-Platform
                      Accept-CH: Sec-CH-UA-Platform-Version
                      Accept-CH: Sec-CH-UA-Full-Version
                      Accept-CH: Sec-CH-UA-Arch
                      Accept-CH: Sec-CH-UA-Model
                      Accept-CH: Sec-CH-UA-Bitness
                      Accept-CH: Sec-CH-UA-Full-Version-List
                      Accept-CH: Sec-CH-UA-WoW64
                      Permissions-Policy: unload=()
                      Content-Disposition: attachment; filename="f.txt"
                      Date: Fri, 24 May 2024 08:50:31 GMT
                      Server: gws
                      Cache-Control: private
                      X-XSS-Protection: 0
                      X-Frame-Options: SAMEORIGIN
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2024-05-24 08:50:31 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                      2024-05-24 08:50:31 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination Port
                      12192.168.2.1649719142.250.185.238443
                      TimestampBytes transferredDirectionData
                      2024-05-24 08:50:33 UTC737OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0 HTTP/1.1
                      Host: apis.google.com
                      Connection: keep-alive
                      sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: */*
                      X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==
                      Sec-Fetch-Site: cross-site
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: script
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2024-05-24 08:50:33 UTC915INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Access-Control-Allow-Origin: *
                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
                      Cross-Origin-Resource-Policy: cross-origin
                      Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
                      Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
                      Content-Length: 121628
                      X-Content-Type-Options: nosniff
                      Server: sffe
                      X-XSS-Protection: 0
                      Date: Thu, 23 May 2024 11:14:17 GMT
                      Expires: Fri, 23 May 2025 11:14:17 GMT
                      Cache-Control: public, max-age=31536000
                      Last-Modified: Mon, 15 Apr 2024 17:34:54 GMT
                      Content-Type: text/javascript; charset=UTF-8
                      Vary: Accept-Encoding
                      Age: 77776
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close
                      2024-05-24 08:50:33 UTC475INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 63 61 2c 64 61 2c 6e 61 2c 70 61 2c 76 61 2c 77 61 2c 7a 61 3b 62 61 3d 66 75 6e 63
                      Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);var ba,ca,da,na,pa,va,wa,za;ba=func
                      2024-05-24 08:50:33 UTC1390INData Raw: 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72
                      Data Ascii: a;a[b]=c.value;return a};da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Er
                      2024-05-24 08:50:33 UTC1390INData Raw: 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 62 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 76 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 77 61 3d 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3f 4f 62 6a 65 63 74 2e 61
                      Data Ascii: Symbol&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if("number"==typeof a.length)return{next:ba(a)};throw Error("b`"+String(a));};va=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};wa="function"==typeof Object.assign?Object.a
                      2024-05-24 08:50:33 UTC1390INData Raw: 74 68 69 73 2e 6c 73 3d 5b 5d 3b 74 68 69 73 2e 73 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 44 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 44 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 59 64 61 29 2c 72 65 6a 65 63 74 3a 68 28 74 68 69 73 2e 6a 4b 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 59 64 61 3d 66 75 6e 63 74 69 6f
                      Data Ascii: this.ls=[];this.sV=!1;var k=this.DF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.DF=function(){function h(m){return function(n){l||(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Yda),reject:h(this.jK)}};e.prototype.Yda=functio
                      2024-05-24 08:50:33 UTC1390INData Raw: 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6e 75 6c 6c 21 3d 74 68 69 73 2e 6c 73 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 6c 73 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 73 50 28 74 68 69 73 2e 6c 73 5b 68 5d 29 3b 0a 74 68 69 73 2e 6c 73 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 41 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 44 46 28 29 3b 68 2e 42 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 42 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 76 61 72 20 6c 3d 74 68 69 73 2e 44 46 28 29 3b 74 72 79 7b 68 2e 63 61 6c 6c 28 6b 2c 6c 2e 72 65 73 6f 6c 76 65 2c
                      Data Ascii: otype.G7=function(){if(null!=this.ls){for(var h=0;h<this.ls.length;++h)f.sP(this.ls[h]);this.ls=null}};var f=new b;e.prototype.Afa=function(h){var k=this.DF();h.By(k.resolve,k.reject)};e.prototype.Bfa=function(h,k){var l=this.DF();try{h.call(k,l.resolve,
                      2024-05-24 08:50:33 UTC1390INData Raw: 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 49 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 66 26 26 63 3c 65 3b 29 69 66 28 64 5b 63 2b 2b 5d 21 3d 62 5b 68 2b 2b 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 68 3e 3d 66 7d 7d 29 3b
                      Data Ascii: ular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ia(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c|0,d.length));for(var h=0;h<f&&c<e;)if(d[c++]!=b[h++])return!1;return h>=f}});
                      2024-05-24 08:50:33 UTC1390INData Raw: 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 61 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 6b 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6c 3d 6e 65 77 20 61 28 5f 2e 75 61 28 5b 5b 6b 2c 22 73 22 5d 5d 29 29 3b 69 66 28 22 73 22 21 3d 6c 2e 67 65 74 28 6b 29 7c 7c 31 21 3d 6c 2e 73 69 7a 65 7c 7c 6c 2e 67 65 74 28 7b 78 3a 34 7d 29 7c 7c 6c 2e 73 65 74 28 7b 78 3a 34 7d 2c 22 74 22 29 21 3d 6c 7c 7c 32 21 3d 6c 2e 73 69 7a 65 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 6d 3d
                      Data Ascii: ion(a){if(function(){if(!a||"function"!=typeof a||!a.prototype.entries||"function"!=typeof Object.seal)return!1;try{var k=Object.seal({x:4}),l=new a(_.ua([[k,"s"]]));if("s"!=l.get(k)||1!=l.size||l.get({x:4})||l.set({x:4},"t")!=l||2!=l.size)return!1;var m=
                      2024-05-24 08:50:33 UTC1390INData Raw: 6f 74 79 70 65 2e 76 61 6c 75 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 6b 2e 76 61 6c 75 65 7d 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 66 6f 72 45 61 63 68 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b 66 6f 72 28 76 61 72 20 6d 3d 74 68 69 73 2e 65 6e 74 72 69 65 73 28 29 2c 0a 6e 3b 21 28 6e 3d 6d 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6e 3d 6e 2e 76 61 6c 75 65 2c 6b 2e 63 61 6c 6c 28 6c 2c 6e 5b 31 5d 2c 6e 5b 30 5d 2c 74 68 69 73 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3b 76 61 72 20 64 3d 66 75 6e 63 74 69 6f 6e 28 6b 2c 6c 29 7b
                      Data Ascii: otype.values=function(){return e(this,function(k){return k.value})};c.prototype.forEach=function(k,l){for(var m=this.entries(),n;!(n=m.next()).done;)n=n.value,k.call(l,n[1],n[0],this)};c.prototype[Symbol.iterator]=c.prototype.entries;var d=function(k,l){
                      2024-05-24 08:50:33 UTC1390INData Raw: 74 72 69 65 73 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 21 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 75 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 31 21 3d 64 2e 73 69 7a 65 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 31 21 3d 64 2e 73 69 7a 65 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 32 21 3d 64 2e 73 69 7a 65 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e
                      Data Ascii: tries||"function"!=typeof Object.seal)return!1;try{var c=Object.seal({x:4}),d=new a(_.ua([c]));if(!d.has(c)||1!=d.size||d.add(c)!=d||1!=d.size||d.add({x:4})!=d||2!=d.size)return!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)return
                      2024-05-24 08:50:33 UTC1390INData Raw: 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4b 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 20 63 7d 29 7d 7d 29 3b 0a 6e 61 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 6e 75 6c 6c 21 3d 63 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 6b 7d 3b 76 61 72 20 65 3d 5b 5d 2c 66 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 62 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 66 29 7b 62 3d 66 2e 63 61 6c 6c 28 62 29
                      Data Ascii: function(){return Ka(this,function(b,c){return c})}});na("Array.from",function(a){return a?a:function(b,c,d){c=null!=c?c:function(k){return k};var e=[],f="undefined"!=typeof Symbol&&Symbol.iterator&&b[Symbol.iterator];if("function"==typeof f){b=f.call(b)


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:04:48:26
                      Start date:24/05/2024
                      Path:C:\Users\user\Desktop\Webex.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Webex.exe"
                      Imagebase:0x840000
                      File size:201'216 bytes
                      MD5 hash:F3FC04E607FDDCDA329F1D854DEF73D2
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:12
                      Start time:04:48:55
                      Start date:24/05/2024
                      Path:C:\Windows\System32\rundll32.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      Imagebase:0x7ff7281e0000
                      File size:71'680 bytes
                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:13
                      Start time:04:49:03
                      Start date:24/05/2024
                      Path:C:\Users\user\Desktop\Webex.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Webex.exe"
                      Imagebase:0x840000
                      File size:201'216 bytes
                      MD5 hash:F3FC04E607FDDCDA329F1D854DEF73D2
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:16
                      Start time:04:49:10
                      Start date:24/05/2024
                      Path:C:\Users\user\Desktop\Webex.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Webex.exe"
                      Imagebase:0x840000
                      File size:201'216 bytes
                      MD5 hash:F3FC04E607FDDCDA329F1D854DEF73D2
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:false

                      General

                      Target ID:19
                      Start time:04:50:28
                      Start date:24/05/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe"
                      Imagebase:0x7ff7f9810000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      General

                      Target ID:20
                      Start time:04:50:28
                      Start date:24/05/2024
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 --field-trial-handle=2004,i,8847488438381224337,2067994835853220120,262144 /prefetch:8
                      Imagebase:0x7ff7f9810000
                      File size:3'242'272 bytes
                      MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:false

                      Disassembly

                      No disassembly