Edit tour

Windows Analysis Report
http://52.113.191.172

Overview

General Information

Sample URL:	http://52.113.191.172
Analysis ID:	1558735
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected suspicious URL

Uses known network protocols on non-standard ports

Uses ping.exe to check the status of other devices and networks

Creates a process in suspended mode (likely to inject code)

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 5876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6824 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,14107596731685547058,14963332721071671440,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6440 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://52.113.191.172" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 7276 cmdline: "C:\Windows\system32\cmd.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 1172 cmdline: ping 52.113.191.172 MD5: 2F46799D79D22AC72C241EC0322B011D)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected suspicious URL

Source: Email

Joe Sandbox AI: AI detected IP in URL: http://52.113.191.172

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.84.254:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.254:443 -> 192.168.2.16:49758 version: TLS 1.2

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 3480
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 3480

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping 52.113.191.172

Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.191.172

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tXnUVM5hYNk3U4g&MD=41UwCCmF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=52.113.191.172&oit=3&cp=14&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tXnUVM5hYNk3U4g&MD=41UwCCmF HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=h52.113.191.172&oit=4&cp=1&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http52.113.191.172&oit=4&cp=4&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https52.113.191.172&oit=4&cp=5&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A52.113.191.172&oit=3&cp=6&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F52.113.191.172&oit=3&cp=7&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /manifest/threshold.appcache HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitOrigin: https://www.bing.comAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/17/jnc,nj/6aa-EF2IAVwnTTOiwAbhwI_VmCw.js?bu=DygxeIQBiQGMAYEBe37GAckBMbkBMcwB&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/f4st08wpuYBQ5KWRJ3MqAsJB8zg.css?bu=C8AJpQOBBJwKgQnrCPQGXV1dXQ&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/yy4SnZtT2-rfsZpLbcm-u8xyafQ.css?bu=B8YCSLQCmgFdXdEC&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET /rb/3H/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=58754d2a5304426fb0bdc1f695997ae4&ig=481bf3f68ea44adfb064393e1e193a2c HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2X-MSEdge-ExternalExpType: JointCoordAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cm&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=58754d2a5304426fb0bdc1f695997ae4&ig=57e0066d12a340a789feb61d3a2beada HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2X-MSEdge-ExternalExpType: JointCoordAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cmd&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=58754d2a5304426fb0bdc1f695997ae4&ig=001d750fe97140d2826d888f0e6902e1 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: /Accept-Language: en-CHX-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStoreX-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2X-MSEdge-ExternalExpType: JointCoordAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
Source: global traffic	HTTP traffic detected: GET /rb/6m/cir3,ortl,cc,nc/86nahuYhxjiWblppiNlDkKK2XLk.css?bu=M8IKvArICrwKrAu8CrILvAq8CrwKvQu8CsQLvArKC7wK0Au8CtYLvAraCrwK4Aq8CtQKvAq8CqMLvArvCrwK9Qq8CukKvAq8CoULiAu8CrwKoAuOC7wKlAuXC7wKggy8CtwLvAqwDA&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET /rb/6m/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AbwK&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?e3bfee56476065f0ab149b748f731e37 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: p-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rb/6m/ortl,cc,nc/_BjeFNPDJ-N9umMValublyrbq4Y.css?bu=CZ0MvAqiDLwKpgy8CrwKvAq8Cg&or=w HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET /apc/trans.gif?abf6b0b4363a8fb8ec7d6cce4a4b9cc3 HTTP/1.1Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: p-ring.msedge.netConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /rp/4LOD29hn59ewS6iMElp63s6iKoA.js HTTP/1.1Accept: /Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 52.113.191.172Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 52.113.191.172:3480Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 52.113.191.172:3480Connection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic

DNS traffic detected: DNS query: www.google.com

Source: unknown

HTTP traffic detected: POST /RST2.srf HTTP/1.0Connection: Keep-AliveContent-Type: application/soap+xmlAccept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})Content-Length: 3592Host: login.live.com

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49708 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.16:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.1.33.206:443 -> 192.168.2.16:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.16:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 51.104.15.253:443 -> 192.168.2.16:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.126.31.71:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.171.84.254:443 -> 192.168.2.16:49754 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.254:443 -> 192.168.2.16:49758 version: TLS 1.2

Source: classification engine

Classification label: mal52.troj.win@26/16@2/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Windows\System32\conhost.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,14107596731685547058,14963332721071671440,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://52.113.191.172"
Source: unknown	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 52.113.191.172
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,14107596731685547058,14963332721071671440,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\PING.EXE ping 52.113.191.172	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\PING.EXE	Section loaded: mswsock.dll	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 3480
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 3480

Source: C:\Windows\System32\PING.EXE

Last function: Thread delayed

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\PING.EXE ping 52.113.191.172

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	11 Process Injection	1 Masquerading	OS Credential Dumping	1 File and Directory Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	1 DLL Side-Loading	11 Process Injection	LSASS Memory	1 Remote System Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	1 Registry Run Keys / Startup Folder	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Security Account Manager	1 System Network Configuration Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
http://52.113.191.172	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://52.113.191.172:3480/	0%	Avira URL Cloud	safe
http://52.113.191.172/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	216.58.206.68	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=52.113.191.172&oit=3&cp=14&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=h52.113.191.172&oit=4&cp=1&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F52.113.191.172&oit=3&cp=7&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http52.113.191.172&oit=4&cp=4&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
http://52.113.191.172:3480/	true	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https52.113.191.172&oit=4&cp=5&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
http://52.113.191.172/	true	Avira URL Cloud: safe	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A52.113.191.172&oit=3&cp=6&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
52.113.191.172	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1558735
Start date and time:	2024-11-19 18:54:29 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://52.113.191.172
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.troj.win@26/16@2/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.186.46, 64.233.184.84, 34.104.35.123, 2.22.50.144, 172.217.16.195, 172.217.18.14
Excluded domains from analysis (whitelisted): clients1.google.com, p-ring.msedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, t-ring.msedge.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://52.113.191.172

Simulations

Behavior and APIs

⊘No simulations

LLM Input / Output

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:55:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.98591392689348
Encrypted:	false
SSDEEP:	48:8q8dmTCmjHlidAKZdA1FehwiZUklqeh/y+3:8qVPzQy
MD5:	B487971A97D8B99A15B00A1DA2B8ADA1
SHA1:	BD90B281685A4E146A6EA86B98661D9B2620EE08
SHA-256:	CF7AD99E046B356759BA880BD57FB6F8969C9A9360A3AFC4391E2FB8BA580F8C
SHA-512:	4ABF14947674AC79725D1521131107C1D53B34AAE2F69F85313F2E1A49AFDA76BEEB3203E1706895C285DC1C47C11C7FD0676B2E0C171F3B649943830BC66B63
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......'.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........2.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:55:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.000762850862016
Encrypted:	false
SSDEEP:	48:8H8dmTCmjHlidAKZdA1seh/iZUkAQkqehAy+2:8HVPd9Qhy
MD5:	9452454F787F693226EBA3A632BF6904
SHA1:	B329F61EB9F1758C1111CB339C0306D75B914E58
SHA-256:	77A3B3791D53A4E29CEBCD837072725C8829AAEF30EA051B9B9BE62F6783D7B2
SHA-512:	D99979706A5E67162AA1701C65FD5041D528A4A1D62193A00256CD72ECBF544129CCCDCCB92B9E7D2F4564EBF6B48322537B420EECC47C1EDF86A540577FD601
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.......'.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........2.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.008847794376353
Encrypted:	false
SSDEEP:	48:8w8dmTCmAHlidAKZdA14meh7sFiZUkmgqeh7siy+BX:8wVPsnMy
MD5:	E44FC08656922D6AF7A9073FE6837BE9
SHA1:	D6DF5C1E6DBA8289E29EA10E53E48D3A8FD680E9
SHA-256:	52A1531D2A4B702053AFCC607277F1432A81BB8196046C63CC93CBCB34B4BB33
SHA-512:	2EF2EB6B847B9F853936122FDC2AD0BCCF2FB8E3490F76027F0AD18079472BBA94E022D5B555AEAFEB85E8069E64FC7A0883079AA42E3320B9E395988C4A2305
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........2.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:55:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9978676400616426
Encrypted:	false
SSDEEP:	48:8A8dmTCmjHlidAKZdA1TehDiZUkwqehEy+R:8AVPu6y
MD5:	2227FA7D92B33D517D0EBFFCEEA28708
SHA1:	A32C0620B849674873442DBC2141ED54B338AF7F
SHA-256:	BB8318E1352E572B0AC5ECCA8947A084B2D51447BB94D823B42DF8CDA102C959
SHA-512:	5C8C85F86C955A9702D3E8481076AE76C90DFD69CC5748D45D39E7B240C9C4F5DAEF22E69AE18129D1A42DA614C527046ACDCC5874917CC1CC9EAED1C42757CA
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....\..&.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........2.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:55:00 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9863752840434787
Encrypted:	false
SSDEEP:	48:8+b8dmTCmjHlidAKZdA1dehBiZUk1W1qehuy+C:8+bVP+9Oy
MD5:	570312F41D73D481C7966D96EC10DB01
SHA1:	219E21888D1676D120837E8702514C2E8667779D
SHA-256:	24F47C07E15494EBC9D01F46181308BAFFB1B7F039CA0E4FBDC8FEE777F912E4
SHA-512:	6A7AC6DCBAF9AA6854F719292B4E84FD3FF325E6F797F16B6FCD49B19C6440F8D8952CB4C80042043678534345EBC15BE0C35D24DD63C5C2C276B37B2A3111A5
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....yN.'.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........2.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Nov 19 16:54:59 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9969883800363033
Encrypted:	false
SSDEEP:	48:8A8dmTCmjHlidAKZdA1duTeehOuTbbiZUk5OjqehOuTbMy+yT+:8AVP0TfTbxWOvTbMy7T
MD5:	F01EA1EF7F7E68ABEA51D8C64CEC8E28
SHA1:	44311644F9F091F4D758FC1B6DA1AA28BE865916
SHA-256:	CBDF9EFBB4D5942A44C0905A7BA1CF497AAA4A9B0CA30C5682049DD2E42285D4
SHA-512:	A85AA1AC3138404D26A141556E7105051AEBB89D0A5525891EA38EBDAB800A8F4329F2E845A3E6DA52168988976BB8224D54F7F8A14F6C5CF71D379BC0EEB281
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....C.&.:..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IsY.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VsY.....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VsY.....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VsY............................"&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VsY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........2.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	140
Entropy (8bit):	4.81522219232678
Encrypted:	false
SSDEEP:	3:Vw2CpLjp+owwBHsLpYJWriFGWjLwWkzXFETH1u4:Vw2CpLNt5BHsL2YriFGAwWeXFEL13
MD5:	F0391DE5015F40540D0D3A9596EF24D2
SHA1:	3B044DF2FF70EE6C3DE590AED98B4D6E445A4FDE
SHA-256:	0593BF21D1067B2CCD3D51647C91EF75F6F7D8C6FA725281ACA87F7CCFFBD2BC
SHA-512:	007E6DE2E635205EF829619E530521023F9610F89E5F0D442DD96F5A6DB4AC620ED7386E3AF46EB7203DA4219AF0A069B45ABA301D84674C86F272BDDAB61A9F
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https52.113.191.172&oit=4&cp=5&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https52.113.191.172",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 60

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	134
Entropy (8bit):	4.793577273642928
Encrypted:	false
SSDEEP:	3:VwkLjp+owwBHsLpHbGWjLwWkzXFETH1u4:VwkLNt5BHsLRGAwWeXFEL13
MD5:	3F354A1D2AEABFE0C9411727D4333311
SHA1:	C4D7B23EB35019A7E4461AC177391DB598F7D18D
SHA-256:	9873A9DCB99B84521D3DA39707AC1CFFF20BFE50073BE41FCC9BB9CFAD294686
SHA-512:	830D1D89C0DFBF35E4E2EF0CC18B880835790B635911FFCEECAC62637A5D6142662686E07151DE739E1E835F62D7A743BFC5C6F7A4FC2DEDE4594325AA451DA6
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=52.113.191.172&oit=3&cp=14&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["52.113.191.172",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 61

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (6333)
Category:	downloaded
Size (bytes):	6338
Entropy (8bit):	5.794950281677864
Encrypted:	false
SSDEEP:	192:S+oN6666VezZNfCyicIUfQ915s1KkcFd66666oJxIYljdATmP:S+e66660zZNdjINQdK66666o8YljqSP
MD5:	D1459CCFBBC03E0E1AA13B4BE11A7CF3
SHA1:	585FD3074757D44CF45D161A9D401F7594149067
SHA-256:	836661F9C13AFDF2E7BAC5C578FA2A6B02C348012D1B6813289065D04DE7ED07
SHA-512:	CC5B4084355A40747A0E9603C773399FA1CD3FC7BB8E792B45CAAD42017605DBDA965F009DDE505ADE94268A680D20E9CF508EAB567FE75B1F7FC7E721A3C65B
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["the young and the restless spoilers","canadian football league streaker","cash app settlement class action lawsuit","motortrend roadkill","southern userfornia doomsday fish","victoria kjaer theilvig miss universe","mlb juan soto","what is bluesky app"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWJ3Mm1kamMxEhRSb2Fka2lsbCDigJQgVFYgc2hvdzKHEGRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFDQXdFQkFRQUFBQUFBQUFBQUFBQUNBd0FFQlFZQkIvL0VBRFlRQUFFRUFRTUNCQVVCQlFrQUFBQUFBQUVDQXdRUkJRQVNJUVl4RXlKQlVRY1V

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	136
Entropy (8bit):	4.814567528939509
Encrypted:	false
SSDEEP:	3:VwUzLjp+owwBHsLpYJWriFGWjLwWkzXFETH1u4:VwyLNt5BHsL2YriFGAwWeXFEL13
MD5:	609D945DED8CB5071F3A2D65BA33CC17
SHA1:	DC6DCF889769BA5D02AB3D490C261096AB4EC7F2
SHA-256:	6633B2CB66F7AFFC638B2A6D827AEE09BDAC58F891E5E6A235414DF3988783F1
SHA-512:	E5B6597FD4869C6B46899541B9D2E9F2E251F2349DE79CEF211D406FA6D13A7CFADA00A411883F8A144DB56D0FAB9E12633C0C703864C58BD45F1F26BBE0382F
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=h52.113.191.172&oit=4&cp=1&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["h52.113.191.172",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	141
Entropy (8bit):	4.809779434246119
Encrypted:	false
SSDEEP:	3:Vw2xyLjp+owwBHsLpYJWriFGWjLwWkzXFETH1u4:Vw2xyLNt5BHsL2YriFGAwWeXFEL13
MD5:	1B3BCEE435EC5FBE2E8BFB5CE3858112
SHA1:	A28CAE4158646D15D70D42E838750DABDCA6B22F
SHA-256:	9E355826C0F445B8F66EF09F50D6E453B22FEECE13EBA7A889EB0FF6CFC998B8
SHA-512:	6DB594C1026E617C43E0BA2455BF1F9948E446873548AED97C6AE68CDC10CC8E736E666BFDFB59EC871C04EF218B7D5D2B09C77EE462CD0CBB0FEDF8DFCB1E8B
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A52.113.191.172&oit=3&cp=6&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["https:52.113.191.172",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:verbatimrelevance":851}]

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 19, 2024 18:54:59.433866024 CET	49699	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:54:59.434207916 CET	49700	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:54:59.438841105 CET	80	49699	52.113.191.172	192.168.2.16
Nov 19, 2024 18:54:59.438990116 CET	49699	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:54:59.439133883 CET	80	49700	52.113.191.172	192.168.2.16
Nov 19, 2024 18:54:59.439214945 CET	49700	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:54:59.439321995 CET	49699	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:54:59.444164991 CET	80	49699	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:01.783797979 CET	49673	443	192.168.2.16	204.79.197.203
Nov 19, 2024 18:55:02.087023973 CET	49673	443	192.168.2.16	204.79.197.203
Nov 19, 2024 18:55:02.694165945 CET	49673	443	192.168.2.16	204.79.197.203
Nov 19, 2024 18:55:03.340212107 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:03.340256929 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:03.340363979 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:03.340658903 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:03.340673923 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:03.899998903 CET	49673	443	192.168.2.16	204.79.197.203
Nov 19, 2024 18:55:04.047931910 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:04.048310995 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:04.048343897 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:04.050003052 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:04.050102949 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:04.051361084 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:04.051487923 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:04.106009007 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:04.106021881 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:04.154118061 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:04.543378115 CET	49689	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:06.307336092 CET	49673	443	192.168.2.16	204.79.197.203
Nov 19, 2024 18:55:07.155591011 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:07.203347921 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.376692057 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.376768112 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.376804113 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.376847982 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.376931906 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.376983881 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:07.376983881 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:07.377010107 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.377067089 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:07.380737066 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.380891085 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:07.380949020 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:07.385873079 CET	49702	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:07.385894060 CET	443	49702	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:08.094502926 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:08.094561100 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:08.094657898 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:08.098140001 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:08.098159075 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:08.802799940 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:08.802891970 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:08.808804989 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:08.808836937 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:08.809109926 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:08.854836941 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:08.899333954 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.138953924 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.139031887 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.139156103 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.139200926 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.139200926 CET	49708	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.139220953 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.139233112 CET	443	49708	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.185298920 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.185350895 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.185477018 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.185744047 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.185755014 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.895371914 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.895471096 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.896778107 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.896792889 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.897222042 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.902708054 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:09.947335958 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:09.947597980 CET	49678	443	192.168.2.16	20.189.173.10
Nov 19, 2024 18:55:10.231960058 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:10.232054949 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:10.232122898 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:10.233006954 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:10.233036041 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:10.233083963 CET	49709	443	192.168.2.16	184.28.90.27
Nov 19, 2024 18:55:10.233091116 CET	443	49709	184.28.90.27	192.168.2.16
Nov 19, 2024 18:55:10.249037027 CET	49678	443	192.168.2.16	20.189.173.10
Nov 19, 2024 18:55:10.730757952 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:10.730827093 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:10.730902910 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:10.731177092 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:10.731199026 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:10.854060888 CET	49678	443	192.168.2.16	20.189.173.10
Nov 19, 2024 18:55:11.108161926 CET	49673	443	192.168.2.16	204.79.197.203
Nov 19, 2024 18:55:11.364274979 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:11.364958048 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:11.364995003 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:11.365467072 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:11.365917921 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:11.366005898 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:11.409030914 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:11.523565054 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:11.523603916 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:11.523880005 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:11.524827003 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:11.524842978 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.063083887 CET	49678	443	192.168.2.16	20.189.173.10
Nov 19, 2024 18:55:12.200277090 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.200613022 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.203814030 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.203836918 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.204135895 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.255175114 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.423595905 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.467340946 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642430067 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642492056 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642561913 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642580032 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642620087 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642636061 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.642638922 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642666101 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.642672062 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642693043 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.642693043 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.642715931 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.642837048 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.642929077 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.642940998 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.643167019 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.643233061 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.674964905 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.674964905 CET	49711	443	192.168.2.16	20.109.210.53
Nov 19, 2024 18:55:12.674994946 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:12.675015926 CET	443	49711	20.109.210.53	192.168.2.16
Nov 19, 2024 18:55:13.434221983 CET	49699	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:13.438723087 CET	49712	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:13.438929081 CET	49713	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:13.443702936 CET	3480	49712	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:13.443752050 CET	3480	49713	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:13.443799019 CET	49712	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:13.443833113 CET	49713	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:13.444045067 CET	49712	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:13.448929071 CET	3480	49712	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:13.484608889 CET	80	49699	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:14.420262098 CET	49680	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:14.468039036 CET	49678	443	192.168.2.16	20.189.173.10
Nov 19, 2024 18:55:14.722770929 CET	49680	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:15.324034929 CET	49680	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:16.536001921 CET	49680	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:18.945014954 CET	49680	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:19.281145096 CET	49678	443	192.168.2.16	20.189.173.10
Nov 19, 2024 18:55:20.720119953 CET	49673	443	192.168.2.16	204.79.197.203
Nov 19, 2024 18:55:20.814836979 CET	80	49699	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:20.814903021 CET	80	49700	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:20.814994097 CET	49699	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:20.815058947 CET	49700	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:20.866065025 CET	49700	80	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:20.871026993 CET	80	49700	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:21.271898985 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:21.272011995 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:21.272074938 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:22.862797022 CET	49710	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:22.862818956 CET	443	49710	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:23.755105972 CET	49680	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:28.896091938 CET	49678	443	192.168.2.16	20.189.173.10
Nov 19, 2024 18:55:33.363111973 CET	49680	80	192.168.2.16	192.229.211.108
Nov 19, 2024 18:55:34.813044071 CET	3480	49712	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:34.813127041 CET	49712	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:34.813637972 CET	49712	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:34.814940929 CET	3480	49713	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:34.815035105 CET	49713	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:34.818386078 CET	3480	49712	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:34.848107100 CET	49713	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:34.854283094 CET	3480	49713	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:35.848072052 CET	49714	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:35.848386049 CET	49715	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:35.853239059 CET	3480	49714	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:35.853288889 CET	3480	49715	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:35.853374004 CET	49714	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:35.853439093 CET	49715	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:35.853646040 CET	49715	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:35.859107971 CET	3480	49715	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:47.447340965 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:47.447402954 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:47.448937893 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:47.448937893 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:47.448981047 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:47.813924074 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:47.813963890 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:47.814066887 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:47.814449072 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:47.814462900 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.086371899 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.086846113 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.086868048 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.087357044 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.088109970 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.088109970 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.088126898 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.088201046 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.144277096 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.394273043 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.398886919 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.399132967 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.400207996 CET	49716	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.400239944 CET	443	49716	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.453454971 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.453860044 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.453879118 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.454210043 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.454611063 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:48.454679012 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:48.495146036 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:49.026458025 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.026503086 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.026612043 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.027138948 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.027152061 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.609415054 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.609606981 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.611474037 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.611484051 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.612009048 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.613980055 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.655375004 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.812453032 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.812482119 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.812503099 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.812550068 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.812566042 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.812685966 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.812685966 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.812912941 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.812973022 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.813005924 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.813013077 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.813273907 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.813385963 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.813476086 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.813508034 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.813540936 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.816279888 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.816298008 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:49.816319942 CET	49718	443	192.168.2.16	20.12.23.50
Nov 19, 2024 18:55:49.816324949 CET	443	49718	20.12.23.50	192.168.2.16
Nov 19, 2024 18:55:52.339848995 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.387337923 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:52.549704075 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:52.553397894 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:52.553498030 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.554346085 CET	49717	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.554367065 CET	443	49717	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:52.757148027 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.757183075 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:52.757293940 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.757919073 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.757936001 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:52.939999104 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.940027952 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:52.940139055 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.942292929 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:52.942307949 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.154397964 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.154505014 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.154609919 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.154931068 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.154984951 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.426271915 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.426657915 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.426671982 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.427145958 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.427540064 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.427625895 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.427711010 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.475337029 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.552346945 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.552503109 CET	443	49719	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.552629948 CET	49719	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.553673029 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.553750038 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.553863049 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.554091930 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.554125071 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.580782890 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.581192970 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.581218004 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.581574917 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.581897020 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.582032919 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.582045078 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.582120895 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.630151033 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.816390038 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.816797018 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.816848993 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.818329096 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.818423986 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.818734884 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.818826914 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.870099068 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.870126963 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.898377895 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.900031090 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.900109053 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.901369095 CET	49720	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:53.901401043 CET	443	49720	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:53.917366028 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.126764059 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.167371988 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.203238010 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.203593969 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.203627110 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.204782009 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.204875946 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.205183029 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.205264091 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.252094984 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.252115965 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.300088882 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.342082024 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.346364975 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.346470118 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.347354889 CET	49721	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.347398996 CET	443	49721	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.446743011 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.487351894 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.669101954 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.669238091 CET	443	49722	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.669322014 CET	49722	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.670757055 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.670802116 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:54.670888901 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.671188116 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:54.671204090 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:55.017039061 CET	49715	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:55.023412943 CET	49724	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:55.023462057 CET	443	49724	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:55.023567915 CET	49724	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:55.023729086 CET	49725	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:55.023783922 CET	443	49725	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:55.023857117 CET	49725	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:55.025607109 CET	49725	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:55.025648117 CET	443	49725	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:55.025789976 CET	49724	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:55.025810003 CET	443	49724	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:55.068447113 CET	3480	49715	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:55.298021078 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:55.298633099 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:55.298660994 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:55.299683094 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:55.299756050 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:55.300179958 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:55.300246000 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:55.354149103 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:55.354195118 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:55:55.401732922 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:55:56.107247114 CET	443	49724	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:56.107330084 CET	49724	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.107573986 CET	49724	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.107599974 CET	443	49724	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:56.108211994 CET	49726	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.108242989 CET	443	49726	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:56.108319998 CET	49726	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.108629942 CET	49726	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.108644009 CET	443	49726	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:56.162493944 CET	443	49725	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:56.162584066 CET	49725	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.162682056 CET	49725	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.162708998 CET	443	49725	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:56.162940025 CET	49727	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.162974119 CET	443	49727	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:56.163059950 CET	49727	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.163232088 CET	49727	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:56.163240910 CET	443	49727	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:57.198394060 CET	443	49726	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:57.198496103 CET	49726	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:57.198652983 CET	49726	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:57.198669910 CET	443	49726	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:57.218019009 CET	3480	49714	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:57.218166113 CET	49714	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:57.254831076 CET	3480	49715	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:57.254941940 CET	49715	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:57.283210039 CET	443	49727	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:57.283452988 CET	49727	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:57.283518076 CET	49727	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:57.283543110 CET	443	49727	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:58.232930899 CET	49714	3480	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:58.233268023 CET	49728	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:58.233319998 CET	443	49728	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:58.233393908 CET	49728	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:58.233597040 CET	49729	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:58.233639956 CET	443	49729	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:58.233700991 CET	49729	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:58.233864069 CET	49728	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:58.233880043 CET	443	49728	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:58.234229088 CET	49729	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:58.234260082 CET	443	49729	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:58.455709934 CET	3480	49714	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.570558071 CET	443	49729	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.570775986 CET	49729	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.570837975 CET	49729	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.570849895 CET	443	49729	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.571238995 CET	49731	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.571254969 CET	443	49731	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.571366072 CET	49731	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.571590900 CET	49731	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.571604013 CET	443	49731	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.682070017 CET	443	49728	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.682219982 CET	49728	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.682415009 CET	49728	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.682475090 CET	443	49728	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.682846069 CET	49732	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.682903051 CET	443	49732	52.113.191.172	192.168.2.16
Nov 19, 2024 18:55:59.683023930 CET	49732	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.683303118 CET	49732	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:55:59.683320999 CET	443	49732	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:00.737272024 CET	443	49731	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:00.737409115 CET	49731	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:00.737886906 CET	49731	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:00.737900019 CET	443	49731	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:00.798860073 CET	443	49732	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:00.798995972 CET	49732	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:00.799202919 CET	49732	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:00.799223900 CET	443	49732	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:05.204766035 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:56:05.204869032 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:56:05.204981089 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:56:05.756484032 CET	49723	443	192.168.2.16	216.58.206.68
Nov 19, 2024 18:56:05.756571054 CET	443	49723	216.58.206.68	192.168.2.16
Nov 19, 2024 18:56:05.756995916 CET	49733	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:05.757045031 CET	443	49733	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:05.757124901 CET	49733	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:05.757277966 CET	49734	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:05.757318974 CET	443	49734	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:05.757456064 CET	49734	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:05.757544994 CET	49733	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:05.757559061 CET	443	49733	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:05.757709980 CET	49734	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:05.757725000 CET	443	49734	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.841192007 CET	443	49734	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.841496944 CET	49734	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.841566086 CET	49734	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.841586113 CET	443	49734	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.842339039 CET	49735	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.842370033 CET	443	49735	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.842441082 CET	49735	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.842674017 CET	49735	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.842684031 CET	443	49735	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.897679090 CET	443	49733	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.897919893 CET	49733	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.898538113 CET	49733	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.898550034 CET	443	49733	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.898921967 CET	49736	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.898957968 CET	443	49736	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:06.899068117 CET	49736	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.899307013 CET	49736	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:06.899328947 CET	443	49736	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:07.942322969 CET	443	49735	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:07.942554951 CET	49735	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:07.942614079 CET	49735	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:07.942630053 CET	443	49735	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:08.009176970 CET	443	49736	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:08.009452105 CET	49736	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:08.009569883 CET	49736	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:08.009613991 CET	443	49736	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:12.529071093 CET	49674	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.529149055 CET	49675	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.529180050 CET	49677	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.529633045 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.529684067 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:12.529827118 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.530117035 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.530128002 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:12.842650890 CET	49674	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.842668056 CET	49675	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:12.842731953 CET	49677	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.111418009 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.111532927 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.112293005 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.112374067 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.133830070 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.133857012 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.133984089 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.133996010 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.134157896 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.134229898 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.215718031 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:13.215759039 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:13.215833902 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:13.216855049 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:13.216872931 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:13.262769938 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.262835979 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.262846947 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.262856007 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.262900114 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.262938023 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.263083935 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.263148069 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.263153076 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.263178110 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.263217926 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.263217926 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.263802052 CET	49737	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.263813972 CET	443	49737	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:13.283480883 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:13.283514977 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:13.283624887 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:13.283971071 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:13.283983946 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:13.446688890 CET	49675	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.446697950 CET	49674	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.446875095 CET	49677	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:13.545061111 CET	49681	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:13.545424938 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:13.545466900 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:13.545556068 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:13.545742989 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:13.545764923 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:13.775655985 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:13.775743008 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:13.780287027 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:13.780298948 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:13.780445099 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:13.780453920 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:13.780625105 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:13.780692101 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:13.905668020 CET	49681	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.009741068 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.009839058 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.056374073 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.056412935 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.057343960 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.058712959 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.058743000 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.058784962 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.115580082 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.115631104 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.115652084 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.115662098 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.115677118 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.115690947 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.115747929 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.146325111 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.146425962 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.146460056 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.146513939 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.159660101 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.159682035 CET	443	49739	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.159714937 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.159770012 CET	49739	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.182879925 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.182974100 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.183084011 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.184854031 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.184887886 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.317184925 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.317315102 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.320430994 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.320441961 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.320832968 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.320903063 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.321314096 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.321441889 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.321448088 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.439590931 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.439610958 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.439681053 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.439698935 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.439727068 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.439742088 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.439892054 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.439951897 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.440179110 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.440196037 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.440205097 CET	49738	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.440210104 CET	443	49738	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.491655111 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.491775036 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.491833925 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.491893053 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.491909981 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.491956949 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.492153883 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.492153883 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.492176056 CET	443	49740	51.104.15.253	192.168.2.16
Nov 19, 2024 18:56:14.492270947 CET	49740	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.621680975 CET	49681	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:14.653640032 CET	49674	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:14.653675079 CET	49675	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:14.653712034 CET	49677	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:14.681315899 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.681400061 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.681754112 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.681767941 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.681984901 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.681997061 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.709227085 CET	49683	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:14.709453106 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:14.709506989 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:14.709625959 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:14.709798098 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:14.709822893 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:14.750644922 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.750679016 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.750747919 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.751239061 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:14.751255035 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:14.903847933 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.903882980 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.903920889 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.903981924 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.904031992 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.904052973 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.904125929 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.904139996 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.904258966 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.905070066 CET	49741	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.905095100 CET	443	49741	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.906996965 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.907042980 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:14.907115936 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.907373905 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:14.907387018 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.018646955 CET	49683	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.321465015 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.321561098 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.325222969 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.325239897 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.325357914 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.325366974 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.325658083 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.325828075 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.413820028 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.413911104 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.414330006 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.414344072 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.414589882 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.414597034 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.477957010 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.477986097 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.478152037 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.478152037 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.478157043 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.478183031 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.478262901 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.478929996 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.478991985 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.479753971 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.479835987 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.517797947 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.517817974 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.517924070 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518204927 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518223047 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.518460035 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518511057 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.518584013 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518593073 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.518644094 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518681049 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518825054 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518888950 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518902063 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.518908978 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.518929005 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.518939972 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.519033909 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.519093990 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:15.519114017 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:15.532644987 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.532756090 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.542304039 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.542311907 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.542687893 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.543297052 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.543323994 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.543380976 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.552347898 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.552380085 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.552464962 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.552464962 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.552498102 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.552551031 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.552637100 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.552691936 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.552712917 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.552738905 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.553073883 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.553091049 CET	443	49744	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.553106070 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.553143978 CET	49744	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.555583954 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.555668116 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.555768967 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.556063890 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:15.556098938 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:15.568491936 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.568592072 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.568630934 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.568650007 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.568655968 CET	443	49742	204.79.197.222	192.168.2.16
Nov 19, 2024 18:56:15.568669081 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.568669081 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.568702936 CET	49742	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.625664949 CET	49683	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:15.976375103 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.976438999 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.976492882 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.976551056 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.976563931 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.976608992 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.976635933 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.976716042 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.977025032 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.977042913 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:15.977082968 CET	49743	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:15.977091074 CET	443	49743	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:16.052620888 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:16.052664042 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:16.052783012 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:16.052972078 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:16.052984953 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:16.055696011 CET	49681	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:16.071294069 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.071405888 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.071944952 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.071954966 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.072165966 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.072171926 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.091764927 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.091855049 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.092339993 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.092346907 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.092597008 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.092605114 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.098090887 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.098284006 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.098709106 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.098722935 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.098817110 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.098824978 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.099023104 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.099044085 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.099184990 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.099200010 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.100172043 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.100254059 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.100620031 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.100625038 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.100832939 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.100840092 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.107774973 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.107855082 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.108405113 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.108405113 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.108414888 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.108429909 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.243541002 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.243567944 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.243602037 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.243648052 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.243665934 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.243702888 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.243829012 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.243871927 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.243926048 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.244466066 CET	49745	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.244481087 CET	443	49745	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.253176928 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.253235102 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.253263950 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.253274918 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.253300905 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.253355980 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.253418922 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.253500938 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.253561020 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.253627062 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.253681898 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.254002094 CET	49747	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.254007101 CET	443	49747	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.260735035 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.260817051 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.260833979 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.260902882 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.260986090 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.260992050 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.261096954 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.261101961 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.261159897 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.261163950 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.261248112 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.261269093 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.261312008 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.261518955 CET	49746	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.261534929 CET	443	49746	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.300879955 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.300916910 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.300945997 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.300972939 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.301012993 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.301026106 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.301060915 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.301064014 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.301084042 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.301112890 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.301979065 CET	49749	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.301995039 CET	443	49749	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.304111004 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.304141998 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.304276943 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.304553986 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.304569960 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.323530912 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.323774099 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.323786974 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.323786974 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.323824883 CET	443	49748	204.79.197.200	192.168.2.16
Nov 19, 2024 18:56:16.323976994 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.323976994 CET	49748	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:16.817311049 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.817420006 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.817923069 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.817933083 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.818114996 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:16.818119049 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:16.825841904 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:16.826589108 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:16.826625109 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:16.827605009 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:16.827611923 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:16.827775955 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:16.827791929 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:16.838747025 CET	49683	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:17.062678099 CET	49675	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:17.062678099 CET	49674	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:17.062746048 CET	49677	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:17.084062099 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.084105968 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.084131002 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.084157944 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.084203005 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.084223032 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.084310055 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.084322929 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.084378004 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.086297035 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.086324930 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.086385965 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.086400032 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.086430073 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.086460114 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.152298927 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.152385950 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.152447939 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.152534008 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.152534008 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.152550936 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.152880907 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.152949095 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.152949095 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.152971029 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.153006077 CET	49750	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.153014898 CET	443	49750	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.172476053 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.172610998 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.172673941 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.172749996 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.173252106 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.173275948 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.173341036 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.173357010 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.173389912 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.173408985 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.173816919 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.173888922 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.174860001 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.174880028 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.174959898 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.174977064 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.175043106 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.176645041 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.176668882 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.176726103 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.176739931 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.176775932 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.176794052 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.221339941 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.221364021 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.221451044 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.221652031 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:17.221663952 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:17.261322021 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.261349916 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.261483908 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.261483908 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.261523008 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.261593103 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.261830091 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.261910915 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.261924028 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.262005091 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.262456894 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.262481928 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.262532949 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.262546062 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.262578011 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.262599945 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.262955904 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.263031006 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.263041973 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.263115883 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.263825893 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.263847113 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.263902903 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.263914108 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.263942003 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.263991117 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.264132977 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.264208078 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.264219046 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.264303923 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.264944077 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.265002966 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.265026093 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.265038013 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.265067101 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.265116930 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.265116930 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.265136003 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.265229940 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.265240908 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.265311003 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.266062975 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.266082048 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.266151905 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.266165018 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.266267061 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.349720955 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.349879026 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.349905968 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.349977016 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.350080013 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.350100040 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.350192070 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.350207090 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.350266933 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.350316048 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.350419044 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.350430965 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.350492001 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.350893974 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.350913048 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.350972891 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.350985050 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.351013899 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.351037979 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.351073027 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.351145983 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.351156950 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.351237059 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.354635954 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.354656935 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.354743004 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.354756117 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.354814053 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.354846954 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.354857922 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.354883909 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.354924917 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.355353117 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.355371952 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.355453968 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.355467081 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.355503082 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.355550051 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.355581999 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.355648041 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.355694056 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.356020927 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.356057882 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.356096983 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.356108904 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.356139898 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.356184006 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.356408119 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.356489897 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.356499910 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.356585979 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.438852072 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.438877106 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.438944101 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.438960075 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.438990116 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.438996077 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.439008951 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.439026117 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.439054012 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.439090967 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.440238953 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.440262079 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.440361977 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.440361977 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.440377951 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.440444946 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.441183090 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.441267967 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.441279888 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.441433907 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442496061 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442517042 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442598104 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442601919 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442615986 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442677975 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442689896 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442771912 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442800045 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442827940 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442871094 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442889929 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442907095 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442934036 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442953110 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.442977905 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442979097 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.442995071 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.443030119 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.443034887 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.443078041 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.443082094 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.443129063 CET	49751	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.443157911 CET	443	49751	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.445281029 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.445329905 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.445542097 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.445780039 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.445795059 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.601804972 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:17.601893902 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:17.602019072 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:17.602401018 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:17.602432966 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:17.954132080 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.954217911 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.954675913 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.954682112 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:17.954930067 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:17.954936028 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.008208036 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.008829117 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.008847952 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.009865999 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.009872913 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.009917021 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.009927988 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.095079899 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.095266104 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.095282078 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.095360041 CET	443	49753	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.095391035 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.097454071 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.097454071 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.097454071 CET	49753	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.098220110 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.098257065 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.098351955 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.098604918 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.098619938 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.246542931 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.246650934 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.250228882 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.250245094 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.250400066 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.250417948 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.250595093 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.250672102 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.344738007 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.344906092 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.344928026 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.344991922 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.345390081 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.345455885 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.345477104 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.345520973 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.345778942 CET	49754	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.345808029 CET	443	49754	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.348270893 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.348318100 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.348391056 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.348711014 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:18.348722935 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:18.401488066 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.401556969 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.401654005 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.401670933 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.401731014 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.402014017 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.402144909 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.402169943 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.402187109 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.402199030 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.402199030 CET	49752	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.402209044 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.402219057 CET	443	49752	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.495040894 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.495095968 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.495172977 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.495482922 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:18.495498896 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:18.585223913 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.585499048 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.585978031 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.585985899 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.586249113 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.586255074 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.748472929 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.748513937 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.748539925 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.748563051 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.748599052 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.748606920 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.748696089 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.831573963 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.831687927 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.831701994 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.831751108 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.832509041 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.832534075 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.832602978 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.832612038 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.832664967 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.833348989 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.833473921 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.833483934 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.833532095 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.913758993 CET	49681	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:18.918035984 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.918061972 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.918134928 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.918153048 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.918194056 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.918210030 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.918828011 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.918849945 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.918901920 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.918910980 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.918948889 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.918948889 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.958343983 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.958364964 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.958450079 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:18.958467007 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:18.958558083 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005059958 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005090952 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005142927 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005160093 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005172968 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005250931 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005311012 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005317926 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005359888 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005533934 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005548000 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005608082 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005614996 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005645037 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005883932 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.005950928 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.005958080 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.006064892 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.006614923 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.006628990 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.006690979 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.006701946 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.006742954 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.009002924 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.009073019 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.009095907 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.009103060 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.009191990 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.009879112 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.009893894 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.009948015 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.009955883 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.010026932 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.010066032 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.010114908 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.010695934 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.010700941 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.010951042 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.010955095 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.045365095 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.045442104 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.045454025 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.045512915 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.045578957 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.045605898 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.045665026 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.045670986 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.045715094 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.090993881 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091067076 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091080904 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091217995 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091232061 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091248989 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091262102 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091284037 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091310024 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091438055 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091506004 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091514111 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091568947 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091782093 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091795921 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091852903 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091859102 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.091902971 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.091986895 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092050076 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.092056036 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092114925 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.092434883 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092447996 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092515945 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.092520952 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092575073 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.092587948 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092648029 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.092655897 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092885017 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.092961073 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.092973948 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.093028069 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.093034983 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.093060970 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.093070984 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.093295097 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.093364954 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.093370914 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.093414068 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.107238054 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.107301950 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.107321024 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.107367992 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.107548952 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.107595921 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.107608080 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.107656956 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.108125925 CET	49756	443	192.168.2.16	150.171.84.254
Nov 19, 2024 18:56:19.108135939 CET	443	49756	150.171.84.254	192.168.2.16
Nov 19, 2024 18:56:19.122890949 CET	49758	443	192.168.2.16	13.107.246.254
Nov 19, 2024 18:56:19.122909069 CET	443	49758	13.107.246.254	192.168.2.16
Nov 19, 2024 18:56:19.123034954 CET	49758	443	192.168.2.16	13.107.246.254
Nov 19, 2024 18:56:19.123342037 CET	49758	443	192.168.2.16	13.107.246.254
Nov 19, 2024 18:56:19.123353958 CET	443	49758	13.107.246.254	192.168.2.16
Nov 19, 2024 18:56:19.133636951 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.133655071 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.133696079 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.133718967 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.133729935 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.133753061 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.133781910 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.178306103 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.178324938 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.178412914 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.178423882 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.178431988 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.178442001 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.178466082 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.178498983 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.178788900 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.178802013 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.178941965 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.178941965 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.178951979 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179039955 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179085016 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.179090977 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179153919 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.179155111 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.179395914 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179409981 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179472923 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.179478884 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179528952 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.179621935 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179678917 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.179685116 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.179738045 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180020094 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.180035114 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.180090904 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180095911 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.180135965 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180146933 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.180146933 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180157900 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.180195093 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180212021 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180216074 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.180260897 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.180318117 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180366039 CET	49755	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.180387020 CET	443	49755	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.182885885 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.182939053 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.183121920 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.183429003 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.183445930 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.248707056 CET	49683	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:19.277648926 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.278363943 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:19.278402090 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.279220104 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:19.279226065 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.279367924 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:19.279382944 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.631922960 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.631951094 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.631988049 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.632059097 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.632090092 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:19.632131100 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:19.632508993 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:19.632545948 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.632564068 CET	49757	443	192.168.2.16	40.126.31.71
Nov 19, 2024 18:56:19.632572889 CET	443	49757	40.126.31.71	192.168.2.16
Nov 19, 2024 18:56:19.674407005 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.674571991 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.675015926 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.675034046 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.675282955 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.675290108 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.817922115 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.817949057 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.817964077 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.818017960 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.818028927 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.818140984 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.818140984 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.901118040 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.901143074 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.901232958 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.901252031 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.901607990 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.901716948 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.901792049 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.988364935 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.988384962 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.988473892 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.988488913 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.988600969 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.989254951 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.989301920 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.989435911 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.989435911 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.989444971 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.989893913 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.990710974 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.990725994 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.990979910 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.990988016 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.991045952 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.991756916 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.991771936 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.991895914 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.991903067 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.992793083 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:19.993077993 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:19.993208885 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:20.075965881 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:20.076040983 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:20.076097012 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:20.076111078 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:20.076172113 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:20.076188087 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:20.076219082 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:20.076354980 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:20.076375961 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:20.076524019 CET	443	49759	23.1.33.206	192.168.2.16
Nov 19, 2024 18:56:20.076659918 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:20.076659918 CET	49759	443	192.168.2.16	23.1.33.206
Nov 19, 2024 18:56:20.209141016 CET	443	49758	13.107.246.254	192.168.2.16
Nov 19, 2024 18:56:20.209268093 CET	49758	443	192.168.2.16	13.107.246.254
Nov 19, 2024 18:56:21.868714094 CET	49674	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:21.868716002 CET	49675	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:21.870884895 CET	49677	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:24.054975033 CET	49683	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:24.638730049 CET	49681	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:24.881645918 CET	443	49758	13.107.246.254	192.168.2.16
Nov 19, 2024 18:56:24.881746054 CET	49758	443	192.168.2.16	13.107.246.254
Nov 19, 2024 18:56:31.481758118 CET	49674	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:31.481759071 CET	49675	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:31.484049082 CET	49677	443	192.168.2.16	204.79.197.200
Nov 19, 2024 18:56:33.669853926 CET	49683	443	192.168.2.16	204.79.197.222
Nov 19, 2024 18:56:36.063746929 CET	49681	443	192.168.2.16	51.104.15.253
Nov 19, 2024 18:56:38.818273067 CET	49761	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:38.818315029 CET	443	49761	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:38.818408012 CET	49761	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:38.818674088 CET	49762	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:38.818717003 CET	443	49762	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:38.818794012 CET	49762	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:38.818972111 CET	49761	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:38.818985939 CET	443	49761	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:38.819169998 CET	49762	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:38.819186926 CET	443	49762	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.899710894 CET	443	49761	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.899846077 CET	49761	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.900048018 CET	49761	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.900058985 CET	443	49761	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.900544882 CET	49763	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.900561094 CET	443	49763	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.900636911 CET	49763	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.900882959 CET	49763	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.900893927 CET	443	49763	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.962995052 CET	443	49762	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.963131905 CET	49762	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.963309050 CET	49762	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.963340044 CET	443	49762	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.963649035 CET	49764	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.963696003 CET	443	49764	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:39.963880062 CET	49764	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.963979006 CET	49764	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:39.963994980 CET	443	49764	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:40.970010042 CET	443	49763	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:40.970113039 CET	49763	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:40.970308065 CET	49763	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:40.970323086 CET	443	49763	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:41.032190084 CET	443	49764	52.113.191.172	192.168.2.16
Nov 19, 2024 18:56:41.032278061 CET	49764	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:41.032469034 CET	49764	443	192.168.2.16	52.113.191.172
Nov 19, 2024 18:56:41.032485008 CET	443	49764	52.113.191.172	192.168.2.16

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 19, 2024 18:54:58.576940060 CET	53	52356	1.1.1.1	192.168.2.16
Nov 19, 2024 18:54:58.626229048 CET	53	58101	1.1.1.1	192.168.2.16
Nov 19, 2024 18:54:59.694467068 CET	53	55081	1.1.1.1	192.168.2.16
Nov 19, 2024 18:55:03.332089901 CET	57588	53	192.168.2.16	1.1.1.1
Nov 19, 2024 18:55:03.332319021 CET	63005	53	192.168.2.16	1.1.1.1
Nov 19, 2024 18:55:03.339122057 CET	53	57588	1.1.1.1	192.168.2.16
Nov 19, 2024 18:55:03.339170933 CET	53	63005	1.1.1.1	192.168.2.16
Nov 19, 2024 18:55:16.588561058 CET	53	57510	1.1.1.1	192.168.2.16
Nov 19, 2024 18:55:35.352135897 CET	53	62124	1.1.1.1	192.168.2.16
Nov 19, 2024 18:55:58.456782103 CET	53	50689	1.1.1.1	192.168.2.16
Nov 19, 2024 18:55:58.566550016 CET	53	54233	1.1.1.1	192.168.2.16
Nov 19, 2024 18:56:06.123344898 CET	138	138	192.168.2.16	192.168.2.255
Nov 19, 2024 18:56:26.194264889 CET	53	49766	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Nov 19, 2024 18:56:28.020924091 CET	192.168.2.16	52.113.191.172	4d5a		Echo
Nov 19, 2024 18:56:33.015958071 CET	192.168.2.16	52.113.191.172	4d59		Echo

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 19, 2024 18:55:03.332089901 CET	192.168.2.16	1.1.1.1	0x689c	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 19, 2024 18:55:03.332319021 CET	192.168.2.16	1.1.1.1	0x3152	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 19, 2024 18:55:03.339122057 CET	1.1.1.1	192.168.2.16	0x689c	No error (0)	www.google.com		216.58.206.68	A (IP address)	IN (0x0001)	false
Nov 19, 2024 18:55:03.339170933 CET	1.1.1.1	192.168.2.16	0x3152	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

fs.microsoft.com

slscr.update.microsoft.com

https:

www.bing.com

r.bing.com

browser.pipe.aria.microsoft.com

fp.msedge.net

p-ring.msedge.net

52.113.191.172

52.113.191.172:3480

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49699	52.113.191.172	80	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 19, 2024 18:54:59.439321995 CET	429	OUT	GET / HTTP/1.1 Host: 52.113.191.172 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49712	52.113.191.172	3480	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 19, 2024 18:55:13.444045067 CET	434	OUT	GET / HTTP/1.1 Host: 52.113.191.172:3480 Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49715	52.113.191.172	3480	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Nov 19, 2024 18:55:35.853646040 CET	460	OUT	GET / HTTP/1.1 Host: 52.113.191.172:3480 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49702	216.58.206.68	443	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:07 UTC	613	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-19 17:55:07 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 17:55:07 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-vAspKJGJAts6A4jDG-5K7A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-19 17:55:07 UTC	124	IN	Data Raw: 31 38 63 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 68 65 20 79 6f 75 6e 67 20 61 6e 64 20 74 68 65 20 72 65 73 74 6c 65 73 73 20 73 70 6f 69 6c 65 72 73 22 2c 22 63 61 6e 61 64 69 61 6e 20 66 6f 6f 74 62 61 6c 6c 20 6c 65 61 67 75 65 20 73 74 72 65 61 6b 65 72 22 2c 22 63 61 73 68 20 61 70 70 20 73 65 74 74 6c 65 6d 65 6e 74 20 63 6c 61 73 73 20 61 63 74 69 6f 6e 20 Data Ascii: 18c2)]}'["",["the young and the restless spoilers","canadian football league streaker","cash app settlement class action
2024-11-19 17:55:07 UTC	1390	IN	Data Raw: 6c 61 77 73 75 69 74 22 2c 22 6d 6f 74 6f 72 74 72 65 6e 64 20 72 6f 61 64 6b 69 6c 6c 22 2c 22 73 6f 75 74 68 65 72 6e 20 63 61 6c 69 66 6f 72 6e 69 61 20 64 6f 6f 6d 73 64 61 79 20 66 69 73 68 22 2c 22 76 69 63 74 6f 72 69 61 20 6b 6a 61 65 72 20 74 68 65 69 6c 76 69 67 20 6d 69 73 73 20 75 6e 69 76 65 72 73 65 22 2c 22 6d 6c 62 20 6a 75 61 6e 20 73 6f 74 6f 22 2c 22 77 68 61 74 20 69 73 20 62 6c 75 65 73 6b 79 20 61 70 70 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 Data Ascii: lawsuit","motortrend roadkill","southern userfornia doomsday fish","victoria kjaer theilvig miss universe","mlb juan soto","what is bluesky app"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoR
2024-11-19 17:55:07 UTC	1390	IN	Data Raw: 47 4d 55 31 69 65 45 56 6f 56 48 6c 73 56 57 55 30 55 30 35 76 4c 30 64 70 55 6b 4d 7a 64 45 59 34 62 6d 74 77 55 6d 64 4e 59 30 56 34 57 56 56 76 63 45 4a 4c 56 48 70 78 53 30 70 49 63 48 42 79 64 6d 74 58 63 45 70 77 56 6b 68 31 52 44 4d 76 62 32 46 58 63 6e 52 33 53 7a 46 46 55 46 70 48 55 56 70 42 51 6d 59 76 51 55 78 79 56 33 64 6a 55 32 5a 4e 61 6c 4e 6f 51 6d 56 6a 59 56 6c 56 63 45 74 49 61 57 6c 78 55 45 4e 70 54 48 59 77 4e 7a 6c 32 5a 6c 64 61 61 6e 4e 6f 51 30 52 78 52 56 4e 5a 4e 30 73 35 65 57 64 72 63 55 6c 6a 54 6c 64 68 64 6a 68 42 5a 6b 45 76 52 7a 4e 59 55 6c 70 36 53 33 46 71 64 55 6c 71 57 6b 4e 56 62 46 6c 6a 4c 33 6c 74 61 32 4a 56 5a 30 51 78 63 32 52 32 64 48 42 70 57 6c 56 36 54 7a 56 6b 63 54 4e 4c 51 6d 64 35 54 54 6c 44 53 6c Data Ascii: GMU1ieEVoVHlsVWU0U05vL0dpUkMzdEY4bmtwUmdNY0V4WVVvcEJLVHpxS0pIcHBydmtXcEpwVkh1RDMvb2FXcnR3SzFFUFpHUVpBQmYvQUxyV3djU2ZNalNoQmVjYVlVcEtIaWlxUENpTHYwNzl2ZldaanNoQ0RxRVNZN0s5eWdrcUljTldhdjhBZkEvRzNYUlp6S3FqdUlqWkNVbFljL3lta2JVZ0Qxc2R2dHBpWlV6TzVkcTNLQmd5TTlDSl
2024-11-19 17:55:07 UTC	1390	IN	Data Raw: 32 6c 6b 61 6a 68 54 4f 57 70 76 63 30 52 49 55 45 78 34 61 30 4e 42 63 55 30 79 61 6a 56 6f 51 6d 56 58 63 33 46 53 4e 57 78 42 4d 45 39 35 52 44 49 35 56 6b 68 71 56 31 5a 4a 4b 30 6f 77 62 56 4a 6f 4e 46 52 49 56 55 39 49 56 6b 78 73 55 6e 42 76 62 45 31 54 61 57 39 4f 63 57 4a 6a 55 54 56 31 55 6d 46 6b 64 6c 42 73 4f 48 52 70 63 6b 4a 51 63 6e 46 50 4e 6e 6c 6d 56 46 68 49 65 45 74 6a 64 6d 38 78 62 6e 42 79 51 7a 6c 55 56 45 70 4e 63 33 5a 36 54 56 52 4f 57 57 70 53 65 55 46 46 64 48 5a 69 4f 57 68 50 4e 55 70 32 4c 30 46 42 64 56 68 57 4f 45 56 6c 64 57 31 6b 57 46 6b 78 64 55 6f 77 5a 6a 41 72 63 55 39 71 65 48 42 31 55 6b 78 6f 61 33 4a 68 56 31 68 46 63 6c 4e 47 56 32 70 68 54 33 64 47 52 47 64 6e 51 33 64 50 5a 45 63 7a 4d 58 70 70 53 6d 4a 6c Data Ascii: 2lkajhTOWpvc0RIUEx4a0NBcU0yajVoQmVXc3FSNWxBME95RDI5VkhqV1ZJK0owbVJoNFRIVU9IVkxsUnBvbE1TaW9OcWJjUTV1UmFkdlBsOHRpckJQcnFPNnlmVFhIeEtjdm8xbnByQzlUVEpNc3Z6TVROWWpSeUFFdHZiOWhPNUp2L0FBdVhWOEVldW1kWFkxdUowZjArcU9qeHB1Ukxoa3JhV1hFclNGV2phT3dGRGdnQ3dPZEczMXppSmJl
2024-11-19 17:55:07 UTC	1390	IN	Data Raw: 61 7a 5a 32 63 6e 68 32 63 6e 59 33 5a 33 52 59 4f 57 74 30 52 6a 5a 47 4d 57 4e 6b 52 6b 64 4d 52 6d 78 35 56 55 68 51 4c 33 46 43 4d 30 74 71 64 56 51 31 56 6c 56 49 4d 32 70 6a 63 6b 6c 54 4e 6b 6c 36 4f 48 42 59 4f 46 4a 4e 61 32 56 31 54 7a 4a 68 63 32 56 51 55 6b 78 72 51 6d 78 30 4f 46 42 52 57 45 4e 51 53 46 5a 30 63 6b 31 7a 5a 47 70 78 51 33 67 79 4d 6d 39 50 63 58 4e 76 55 6e 4e 34 65 54 56 59 54 7a 4e 72 5a 6c 45 31 4f 55 4e 68 54 55 52 59 62 58 70 6f 55 46 68 69 55 31 42 70 54 46 52 77 59 6a 46 51 57 6e 56 56 65 48 68 74 55 56 6c 4c 59 33 64 61 59 30 39 6a 4e 44 56 6d 65 57 6f 77 4e 32 35 68 64 6c 4e 73 53 7a 68 70 65 46 51 30 61 44 52 30 65 46 70 70 52 46 64 57 54 6d 6c 75 63 46 6c 53 63 6e 41 34 63 31 56 69 62 45 6c 45 57 54 4a 36 4e 54 42 Data Ascii: azZ2cnh2cnY3Z3RYOWt0RjZGMWNkRkdMRmx5VUhQL3FCM0tqdVQ1VlVIM2pjcklTNkl6OHBYOFJNa2V1TzJhc2VQUkxrQmx0OFBRWENQSFZ0ck1zZGpxQ3gyMm9PcXNvUnN4eTVYTzNrZlE1OUNhTURYbXpoUFhiU1BpTFRwYjFQWnVVeHhtUVlLY3daY09jNDVmeWowN25hdlNsSzhpeFQ0aDR0eFppRFdWTmlucFlScnA4c1VibElEWTJ6NTB
2024-11-19 17:55:07 UTC	662	IN	Data Raw: 56 78 5a 79 74 47 56 6e 52 5a 52 31 4e 58 56 48 46 56 52 58 4e 7a 56 57 4a 58 4e 6b 73 33 65 46 4e 43 4b 31 4a 77 51 32 64 5a 57 55 6c 50 4b 79 39 75 56 31 5a 32 54 6a 63 78 64 6e 6f 34 61 47 74 6a 57 55 70 53 63 32 64 49 52 79 73 35 51 54 6c 73 65 46 70 6b 4d 6b 4d 32 61 47 51 7a 63 33 4a 59 4d 45 31 71 63 45 70 69 55 58 4d 77 59 32 56 47 57 6a 55 79 53 30 6b 79 51 6d 35 73 5a 32 70 53 61 48 70 6b 65 57 55 30 65 6e 51 78 4f 55 6f 78 65 48 52 53 4e 44 52 31 54 6c 42 70 56 56 42 68 56 33 52 79 65 6d 6c 53 52 6e 64 7a 59 32 31 6a 54 57 68 36 4d 32 4a 6a 57 6a 68 43 61 6b 68 6a 52 32 39 71 63 32 31 52 64 30 4a 77 4e 6d 4a 47 55 46 4e 52 4d 6d 59 76 4d 6c 45 39 50 54 6f 4e 62 57 78 69 49 47 70 31 59 57 34 67 63 32 39 30 62 30 6f 48 49 7a 51 79 4e 44 49 30 4d Data Ascii: VxZytGVnRZR1NXVHFVRXNzVWJXNks3eFNCK1JwQ2dZWUlPKy9uV1Z2Tjcxdno4aGtjWUpSc2dIRys5QTlseFpkMkM2aGQzc3JYME1qcEpiUXMwY2VGWjUyS0kyQm5sZ2pSaHpkeWU0enQxOUoxeHRSNDR1TlBpVVBhV3RyemlSRndzY21jTWh6M2JjWjhCakhjR29qc21Rd0JwNmJGUFNRMmYvMlE9PToNbWxiIGp1YW4gc290b0oHIzQyNDI0M
2024-11-19 17:55:07 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49708	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:08 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-19 17:55:09 UTC	466	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF4C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=82215 Date: Tue, 19 Nov 2024 17:55:09 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49709	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:09 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-19 17:55:10 UTC	514	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=82175 Date: Tue, 19 Nov 2024 17:55:10 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-19 17:55:10 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49711	20.109.210.53	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:12 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tXnUVM5hYNk3U4g&MD=41UwCCmF HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-19 17:55:12 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 17e9ea08-2a7f-484d-b9fa-3de41076a7b1 MS-RequestId: 88a24cf3-bde7-4838-9185-a416122e33ad MS-CV: MeHCl93cL0mhBQe6.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 19 Nov 2024 17:55:12 GMT Connection: close Content-Length: 24490
2024-11-19 17:55:12 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-19 17:55:12 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49716	216.58.206.68	443	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:48 UTC	661	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=52.113.191.172&oit=3&cp=14&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-19 17:55:48 UTC	1367	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 17:55:48 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-cWp1DLaDkaV2-nkXovKMfQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Save-Data Accept-CH: Downlink Accept-CH: ECT Accept-CH: RTT Accept-CH: Device-Memory Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-19 17:55:48 UTC	23	IN	Data Raw: 38 36 0d 0a 29 5d 7d 27 0a 5b 22 35 32 2e 31 31 33 2e 31 39 31 2e 31 Data Ascii: 86)]}'["52.113.191.1
2024-11-19 17:55:48 UTC	117	IN	Data Raw: 37 32 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: 72",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]
2024-11-19 17:55:48 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49718	20.12.23.50	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:49 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tXnUVM5hYNk3U4g&MD=41UwCCmF HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-19 17:55:49 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: 2e34a3ea-d123-42e0-9704-c2b8d69088d2 MS-RequestId: 1d1480e2-3037-44c7-baa4-37f37020cda1 MS-CV: avtBNYFR30q86xoA.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 19 Nov 2024 17:55:49 GMT Connection: close Content-Length: 30005
2024-11-19 17:55:49 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-19 17:55:49 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49717	216.58.206.68	443	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:52 UTC	661	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=h52.113.191.172&oit=4&cp=1&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-19 17:55:52 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 17:55:52 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-w4q50BYdQeY7AWgF7VfKwA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-19 17:55:52 UTC	124	IN	Data Raw: 38 38 0d 0a 29 5d 7d 27 0a 5b 22 68 35 32 2e 31 31 33 2e 31 39 31 2e 31 37 32 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d Data Ascii: 88)]}'["h52.113.191.172",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:verbatim
2024-11-19 17:55:52 UTC	18	IN	Data Raw: 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: relevance":851}]
2024-11-19 17:55:52 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49719	216.58.206.68	443	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:53 UTC	664	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=http52.113.191.172&oit=4&cp=4&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49720	216.58.206.68	443	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:53 UTC	665	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https52.113.191.172&oit=4&cp=5&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-19 17:55:53 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 17:55:53 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-txpyTkljzpredxB2p3lq8Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-19 17:55:53 UTC	124	IN	Data Raw: 38 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 35 32 2e 31 31 33 2e 31 39 31 2e 31 37 32 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 Data Ascii: 8c)]}'["https52.113.191.172",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:verb
2024-11-19 17:55:53 UTC	22	IN	Data Raw: 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: atimrelevance":851}]
2024-11-19 17:55:53 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49721	216.58.206.68	443	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:54 UTC	668	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A52.113.191.172&oit=3&cp=6&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-19 17:55:54 UTC	1266	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 17:55:54 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-vrezaQf4fZm4X6r9rc4iSw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-19 17:55:54 UTC	124	IN	Data Raw: 38 64 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 35 32 2e 31 31 33 2e 31 39 31 2e 31 37 32 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 Data Ascii: 8d)]}'["https:52.113.191.172",[],[],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggesttype":[],"google:ver
2024-11-19 17:55:54 UTC	23	IN	Data Raw: 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: batimrelevance":851}]
2024-11-19 17:55:54 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49722	216.58.206.68	443	6824	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:55:54 UTC	671	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F52.113.191.172&oit=3&cp=7&pgcl=4&gs_rn=42&psi=njfZGvVKRbhtBRpx&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIkqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.16	49737	204.79.197.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:13 UTC	812	OUT	GET /manifest/threshold.appcache HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Origin: https://www.bing.com Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=3a628620&IPMID=1707317755885; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-11-19 17:56:13 UTC	1202	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 3269 Content-Type: text/cache-manifest; charset=utf-8 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: MUIDB=5047E5942BB2460EA35B53CCF78DDB3D; expires=Sun, 14-Dec-2025 17:56:13 GMT; path=/; HttpOnly Set-Cookie: SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; domain=.bing.com; expires=Sun, 14-Dec-2025 17:56:13 GMT; path=/; secure; SameSite=None X-EventID: 673cd13d8d684ad290445c362c45a16a UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: B4A0D1A39AFE47AF973A1F4A72A9DE43 Ref B: EWR311000103035 Ref C: 2024-11-19T17:56:13Z Date: Tue, 19 Nov 2024 17:56:12 GMT Connection: close
2024-11-19 17:56:13 UTC	785	IN	Data Raw: 43 41 43 48 45 20 4d 41 4e 49 46 45 53 54 0d 0a 23 20 56 65 72 73 69 6f 6e 3a 64 35 38 30 64 31 64 62 0d 0a 43 41 43 48 45 3a 0d 0a 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 0d 0a 2f 72 70 2f 71 53 4b 59 6c 55 33 39 51 77 30 68 2d 63 62 48 32 64 6d 42 54 34 45 68 38 6c 4d 2e 6a 73 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 62 2f 31 37 2f 6a 6e 63 2c 6e 6a 2f 36 61 61 2d 45 46 32 49 41 56 77 6e 54 54 4f 69 77 41 62 68 77 49 5f 56 6d 43 77 2e 6a 73 3f 62 75 3d 44 79 67 78 65 49 51 42 69 51 47 4d 41 59 45 42 65 33 37 47 41 63 6b 42 4d 62 6b 42 4d 63 77 42 26 6f 72 3d 77 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 62 2f 31 61 2f 63 69 72 33 2c 6f 72 74 6c Data Ascii: CACHE MANIFEST# Version:d580d1dbCACHE:/AS/API/WindowsCortanaPane/V2/Init/rp/qSKYlU39Qw0h-cbH2dmBT4Eh8lM.jshttps://r.bing.com/rb/17/jnc,nj/6aa-EF2IAVwnTTOiwAbhwI_VmCw.js?bu=DygxeIQBiQGMAYEBe37GAckBMbkBMcwB&or=whttps://r.bing.com/rb/1a/cir3,ortl
2024-11-19 17:56:13 UTC	2307	IN	Data Raw: 39 75 6d 4d 56 61 6c 75 62 6c 79 72 62 71 34 59 2e 63 73 73 3f 62 75 3d 43 5a 30 4d 76 41 71 69 44 4c 77 4b 70 67 79 38 43 72 77 4b 76 41 71 38 43 67 26 6f 72 3d 77 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 62 2f 36 6d 2f 6f 72 74 6c 2c 63 63 2c 6e 63 2f 51 4e 42 42 4e 71 57 44 39 46 5f 42 6c 65 70 2d 55 71 51 53 71 6e 4d 70 2d 46 49 2e 63 73 73 3f 62 75 3d 41 62 77 4b 26 6f 72 3d 77 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 70 2f 5f 49 50 36 72 4a 43 6b 45 34 63 4c 79 55 53 78 64 66 56 43 35 75 34 4f 4b 4f 6f 2e 6a 73 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 70 2f 34 4c 4f 44 32 39 68 6e 35 39 65 77 53 36 69 4d 45 6c 70 36 33 73 36 69 4b 6f 41 2e 6a 73 0d 0a 68 74 74 70 73 3a 2f 2f Data Ascii: 9umMValublyrbq4Y.css?bu=CZ0MvAqiDLwKpgy8CrwKvAq8Cg&or=whttps://r.bing.com/rb/6m/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AbwK&or=whttps://r.bing.com/rp/_IP6rJCkE4cLyUSxdfVC5u4OKOo.jshttps://r.bing.com/rp/4LOD29hn59ewS6iMElp63s6iKoA.jshttps://
2024-11-19 17:56:13 UTC	177	IN	Data Raw: 61 46 2d 67 30 61 5f 30 63 2e 63 73 73 3f 6f 72 3d 77 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 73 2f 35 5a 2f 32 39 69 2f 6f 72 74 6c 2c 63 63 2c 6e 63 2f 6f 6e 72 61 37 50 51 6c 39 6f 35 62 59 54 32 6c 41 53 49 31 42 45 34 44 44 45 73 2e 63 73 73 3f 6f 72 3d 77 0d 0a 68 74 74 70 73 3a 2f 2f 72 2e 62 69 6e 67 2e 63 6f 6d 2f 72 73 2f 36 76 2f 66 48 2f 6e 6a 2f 61 41 42 4c 4e 54 5f 46 56 34 35 51 6a 59 51 66 6e 52 48 72 42 43 41 6b 34 47 55 2e 6a 73 3f 6f 72 3d 77 0d 0a 4e 45 54 57 4f 52 4b 3a 0d 0a 2a Data Ascii: aF-g0a_0c.css?or=whttps://r.bing.com/rs/5Z/29i/ortl,cc,nc/onra7PQl9o5bYT2lASI1BE4DDEs.css?or=whttps://r.bing.com/rs/6v/fH/nj/aABLNT_FV45QjYQfnRHrBCAk4GU.js?or=wNETWORK:*

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.16	49739	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:13 UTC	797	OUT	GET /rb/17/jnc,nj/6aa-EF2IAVwnTTOiwAbhwI_VmCw.js?bu=DygxeIQBiQGMAYEBe37GAckBMbkBMcwB&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:14 UTC	1227	IN	HTTP/1.1 200 OK Content-Type: application/x-javascript; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Sat, 16 Nov 2024 19:39:12 GMT X-EventID: 673a1bf1957347da86f257060b5dd442 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: BNZEEAP00016A81 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=254460 Expires: Fri, 22 Nov 2024 16:37:14 GMT Date: Tue, 19 Nov 2024 17:56:14 GMT Content-Length: 21950 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.97200117.1732038973.3f44b4ed Timing-Allow-Origin: *
2024-11-19 17:56:14 UTC	15157	IN	Data Raw: 2f 2a 21 44 69 73 61 62 6c 65 4a 61 76 61 73 63 72 69 70 74 50 72 6f 66 69 6c 65 72 2a 2f 0a 76 61 72 20 42 4d 3d 42 4d 7c 7c 7b 7d 3b 42 4d 2e 63 6f 6e 66 69 67 3d 7b 42 3a 7b 74 69 6d 65 6f 75 74 3a 31 65 33 2c 64 65 6c 61 79 3a 37 35 30 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 2c 73 65 6e 64 6c 69 6d 69 74 3a 32 30 2c 6d 61 78 50 61 79 6c 6f 61 64 53 69 7a 65 3a 37 65 33 7d 2c 56 3a 7b 64 69 73 74 61 6e 63 65 3a 32 30 7d 2c 4e 3a 7b 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 45 3a 7b 62 75 66 66 65 72 3a 33 30 2c 74 69 6d 65 6f 75 74 3a 35 65 33 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 43 3a 7b 64 69 73 74 61 6e 63 65 3a 35 30 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 76 74 28 29 7b 69 Data Ascii: /!DisableJavascriptProfiler/var BM=BM\|\|{};BM.config={B:{timeout:1e3,delay:750,maxUrlLength:300,sendlimit:20,maxPayloadSize:7e3},V:{distance:20},N:{maxUrlLength:300},E:{buffer:30,timeout:5e3,maxUrlLength:300},C:{distance:50}},function(n){function vt(){i
2024-11-19 17:56:14 UTC	6793	IN	Data Raw: 69 6f 6e 53 74 61 72 74 2c 69 29 2c 79 74 3d 74 28 6f 2e 63 6f 6e 6e 65 63 74 45 6e 64 2c 69 29 2c 70 74 3d 74 28 6f 2e 72 65 71 75 65 73 74 53 74 61 72 74 2c 69 29 2c 77 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 2c 69 29 2c 62 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 45 6e 64 2c 69 29 2c 6f 74 3d 6e 75 6c 6c 2c 73 74 3d 6e 2e 6c 61 79 6f 75 74 28 29 3b 66 6f 72 28 74 74 3d 30 3b 74 74 3c 73 74 2e 6c 65 6e 67 74 68 3b 74 74 2b 2b 29 7b 76 61 72 20 62 3d 73 74 5b 74 74 5d 2c 64 74 3d 62 2e 5f 65 2c 68 74 3d 62 2e 5f 73 3b 69 66 28 68 74 26 26 67 3d 3d 3d 68 74 29 7b 6f 74 3d 62 2e 69 3b 62 2e 78 3c 68 2e 77 26 26 62 2e 79 3c 68 2e 68 26 26 28 66 3d 65 74 29 3b 62 72 65 61 6b 7d 7d 72 74 3d 7b 5f 72 3a 6f 2c 74 3a 65 74 2c 69 3a 70 2e 6c 65 Data Ascii: ionStart,i),yt=t(o.connectEnd,i),pt=t(o.requestStart,i),wt=t(o.responseStart,i),bt=t(o.responseEnd,i),ot=null,st=n.layout();for(tt=0;tt<st.length;tt++){var b=st[tt],dt=b._e,ht=b._s;if(ht&&g===ht){ot=b.i;b.x<h.w&&b.y<h.h&&(f=et);break}}rt={_r:o,t:et,i:p.le

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49738	40.126.31.71	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:14 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-19 17:56:14 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-19 17:56:14 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 19 Nov 2024 17:55:14 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_SN1 x-ms-request-id: ced3bc18-a129-4de1-8626-e1240d3ec5fc PPServer: PPV: 30 H: SN1PEPF0004018D V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 19 Nov 2024 17:56:14 GMT Connection: close Content-Length: 11389
2024-11-19 17:56:14 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
14	192.168.2.16	49740	51.104.15.253	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:14 UTC	684	OUT	POST /Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-CJS-1.2.0&x-apikey=33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176 HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: browser.pipe.aria.microsoft.com Content-Length: 987 Connection: Keep-Alive Cache-Control: no-cache
2024-11-19 17:56:14 UTC	987	OUT	Data Raw: 6d 09 0b 01 4a 33 33 64 37 30 61 38 36 34 35 39 39 34 39 36 62 39 38 32 61 33 39 66 30 33 36 66 37 31 31 32 32 2d 32 30 36 34 37 30 33 65 2d 33 61 39 64 2d 34 64 39 30 2d 38 33 36 32 2d 65 65 63 30 38 64 66 66 65 38 65 38 2d 37 31 37 36 0a 01 49 12 61 63 74 5f 64 65 66 61 75 6c 74 5f 73 6f 75 72 63 65 a9 24 38 38 63 34 32 33 65 63 2d 66 31 35 33 2d 34 34 34 35 2d 61 36 63 34 2d 62 35 65 62 32 39 63 61 62 36 31 33 d1 06 98 d4 8a d9 e8 64 cb 08 0a 01 29 24 32 36 35 37 36 30 34 38 2d 61 30 61 34 2d 34 35 33 34 2d 39 61 36 34 2d 35 31 65 37 61 33 31 39 30 34 39 63 71 b0 c4 8a d9 e8 64 a9 14 63 75 73 74 6f 6d 2e 43 6c 69 65 6e 74 5f 45 76 65 6e 74 73 c9 06 0e 76 61 72 69 61 6e 74 5f 65 76 65 6e 74 73 cd 0d 09 09 19 0a 64 65 76 69 63 65 54 79 70 65 07 44 45 53 Data Ascii: mJ33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176Iact_default_source$88c423ec-f153-4445-a6c4-b5eb29cab613d)$26576048-a0a4-4534-9a64-51e7a319049cqdcustom.Client_Eventsvariant_eventsdeviceTypeDES
2024-11-19 17:56:14 UTC	462	IN	HTTP/1.1 200 OK Content-Length: 0 Content-Type: application/json Server: Microsoft-HTTPAPI/2.0 Strict-Transport-Security: max-age=31536000 time-delta-millis: 1710 Access-Control-Allow-Origin: * Access-Control-Allow-Methods: POST Access-Control-Allow-Headers: Accept, Content-Type, Content-Encoding, Client-Id Access-Control-Expose-Headers: kill-tokens, kill-duration-seconds, time-delta-millis Date: Tue, 19 Nov 2024 17:56:14 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
15	192.168.2.16	49741	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:14 UTC	801	OUT	GET /rb/1a/cir3,ortl,cc,nc/f4st08wpuYBQ5KWRJ3MqAsJB8zg.css?bu=C8AJpQOBBJwKgQnrCPQGXV1dXQ&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:14 UTC	1211	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Fri, 18 Oct 2024 13:56:02 GMT X-EventID: 673302a24ecc48e591e9e8f65f8e6b20 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: BNZEEAP00016AF7 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=186827 Expires: Thu, 21 Nov 2024 21:50:01 GMT Date: Tue, 19 Nov 2024 17:56:14 GMT Content-Length: 20329 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.91200117.1732038974.3198bb07 Timing-Allow-Origin: *
2024-11-19 17:56:14 UTC	15173	IN	Data Raw: 2e 73 77 5f 70 6c 75 73 2c 2e 73 77 5f 75 70 2c 2e 73 77 5f 64 6f 77 6e 2c 2e 73 77 5f 73 74 2c 2e 73 77 5f 73 74 68 2c 2e 73 77 5f 73 74 65 2c 2e 73 77 5f 74 70 63 62 6b 2c 2e 73 77 5f 70 6c 61 79 2c 2e 73 77 5f 70 6c 61 79 64 2c 2e 73 77 5f 70 6c 61 79 61 2c 2e 73 77 5f 70 6c 61 79 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 4d 44 4c 32 20 41 73 73 65 74 73 22 7d 2e 73 77 5f 70 6c 75 73 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 22 ee 9c 90 22 7d 2e 73 77 5f 70 6c 61 79 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 61 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 64 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 70 3a 61 66 74 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 63 6f Data Ascii: .sw_plus,.sw_up,.sw_down,.sw_st,.sw_sth,.sw_ste,.sw_tpcbk,.sw_play,.sw_playd,.sw_playa,.sw_playp{font-family:"Segoe MDL2 Assets"}.sw_plus:after{content:""}.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after{font-size:16px;line-height:16px;co
2024-11-19 17:56:14 UTC	5156	IN	Data Raw: 61 6c 67 6f 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6e 73 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 6e 61 76 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6c 67 6f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 6c 69 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f 64 79 5b 64 69 72 5d 20 2e 62 5f 63 61 70 74 69 6f 6e 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f 64 79 5b 64 69 72 5d 20 2e 76 6c 69 73 74 3e 6c 69 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f 64 79 5b 64 69 72 5d 20 2e 62 5f 76 50 61 6e 65 6c 3e 6c 69 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f 64 79 5b 64 69 72 5d 20 2e 6c 66 74 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 7b Data Ascii: algo+script+script+.b_ans,body[dir] #b_results>.b_nav+script+script+.b_algo{margin-top:4px}body[dir] #b_results>li>:last-child,body[dir] .b_caption>:last-child,body[dir] .vlist>li:last-child,body[dir] .b_vPanel>li:last-child,body[dir] .lft>*:last-child{

Session ID	Source IP	Source Port	Destination IP	Destination Port
16	192.168.2.16	49742	204.79.197.222	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:15 UTC	462	OUT	GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: fp.msedge.net Connection: Keep-Alive
2024-11-19 17:56:15 UTC	428	IN	HTTP/1.1 200 OK Cache-Control: public,max-age=900 Content-Length: 20022 Content-Type: application/json; charset=utf-8 ETag: "324585427" Access-Control-Allow-Origin: * Request-Context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309 X-Cache: CONFIG_NOCACHE X-MSEdge-Ref: Ref A: 8EAEAD5B37D94CBCB80E0700278C0210 Ref B: EWR30EDGE0819 Ref C: 2024-11-19T17:56:15Z Date: Tue, 19 Nov 2024 17:56:14 GMT Connection: close
2024-11-19 17:56:15 UTC	3751	IN	Data Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 6e 72 62 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 34 32 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b Data Ascii: {"s":5000,"n":3,"e":[{"e":".azr.footprintdns.com","w":5000,"m":128},{"e":".clo.footprintdns.com","w":2000,"m":1},{"e":".clo.footprintdns.com","w":100,"m":128},{"e":".nrb.footprintdns.com","w":420,"m":3},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{
2024-11-19 17:56:15 UTC	48	IN	Data Raw: 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 70 71 32 35 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 Data Ascii: e.com","w":3,"m":128},{"e":"cpq25prdapp02-canary
2024-11-19 17:56:15 UTC	4096	IN	Data Raw: 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 71 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 76 6c 30 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 Data Ascii: -opaph.netmon.azure.com","w":3,"m":128},{"e":"cq1prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"c-ring.msedge.net","w":2000,"m":3},{"e":"c-ring-fallback.msedge.net","w":50,"m":3},{"e":"cvl02prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e"
2024-11-19 17:56:15 UTC	4096	IN	Data Raw: 22 66 72 61 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 Data Ascii: "fra22prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"fra23prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"fra23prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"graph.azurefd.net","w":1,"m":1},{"e":"graph.azurefd.net"
2024-11-19 17:56:15 UTC	4096	IN	Data Raw: 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2d 66 61 6c 6c 62 Data Ascii: ,{"e":"nag20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e":"nag20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"nag20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"o-ring.msedge.net","w":100,"m":3},{"e":"o-ring-fallb
2024-11-19 17:56:15 UTC	3935	IN	Data Raw: 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 34 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 35 61 7a 66 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 35 61 7a 66 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 37 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e Data Ascii: anary.netmon.azure.com","w":3,"m":128},{"e":"sn4prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"sn5azfapp01-canary.netmon.azure.us","w":3,"m":128},{"e":"sn5azfapp02-canary.netmon.azure.us","w":3,"m":128},{"e":"sn7prdapp01-canary-opaph.netmon.azure.

Session ID	Source IP	Source Port	Destination IP	Destination Port
17	192.168.2.16	49744	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:15 UTC	791	OUT	GET /rb/1a/cir3,ortl,cc,nc/yy4SnZtT2-rfsZpLbcm-u8xyafQ.css?bu=B8YCSLQCmgFdXdEC&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:15 UTC	1210	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Fri, 18 Oct 2024 13:57:11 GMT X-EventID: 671b6beb31114d7485442a6f2fdee7d9 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: BNZEEAP00016A2B X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=187673 Expires: Thu, 21 Nov 2024 22:04:08 GMT Date: Tue, 19 Nov 2024 17:56:15 GMT Content-Length: 5983 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.94200117.1732038975.48795b54 Timing-Allow-Origin: *
2024-11-19 17:56:15 UTC	5983	IN	Data Raw: 2e 62 5f 73 65 61 72 63 68 62 6f 78 53 75 62 6d 69 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 72 70 2f 34 69 5a 49 7a 5f 6f 41 4c 31 79 70 37 64 69 5f 36 44 39 65 32 65 6e 58 69 4d 4d 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 2d 34 32 70 78 20 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 33 32 30 70 78 20 33 38 70 78 7d 2e 62 5f 6c 6f 67 6f 7b 77 69 64 74 68 3a 32 32 70 78 3b 68 65 69 67 68 74 3a 33 37 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 7d 2e 62 5f 6c 6f 67 6f 3a 61 66 74 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 64 Data Ascii: .b_searchboxSubmit{background:url(/rp/4iZIz_oAL1yp7di_6D9e2enXiMM.png) no-repeat -42px 0;background-size:320px 38px}.b_logo{width:22px;height:37px;position:relative;display:inline-block;overflow:hidden;direction:ltr}.b_logo:after{position:absolute;top:0;d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.16	49743	40.126.31.71	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:15 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 3592 Host: login.live.com
2024-11-19 17:56:15 UTC	3592	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-19 17:56:15 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 19 Nov 2024 17:55:15 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BAY x-ms-request-id: 8b3b221b-6905-414f-a80e-39f09ab288a8 PPServer: PPV: 30 H: PH1PEPF00012032 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 19 Nov 2024 17:56:14 GMT Connection: close Content-Length: 11389
2024-11-19 17:56:15 UTC	11389	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
19	192.168.2.16	49749	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:16 UTC	780	OUT	GET /rb/3H/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:16 UTC	1211	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Mon, 14 Oct 2024 12:31:26 GMT X-EventID: 672dd1bce4254a82ac5fbdc32a01d93c UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: BNZEEAP00016A50 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=226676 Expires: Fri, 22 Nov 2024 08:54:12 GMT Date: Tue, 19 Nov 2024 17:56:16 GMT Content-Length: 15967 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.88200117.1732038976.44054922 Timing-Allow-Origin: *
2024-11-19 17:56:16 UTC	15173	IN	Data Raw: 68 74 6d 6c 7b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 62 6f 64 79 5b 64 69 72 5d 20 74 61 62 6c 65 2c 62 6f 64 79 5b 64 69 72 5d 20 74 64 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 53 61 6e 73 2d 53 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 62 6f 64 79 5b 64 69 72 5d 7b 6d 61 72 67 69 6e 3a 30 7d 62 6f 64 79 20 2e 74 61 6c 6c 55 78 7b Data Ascii: html{-ms-user-select:none;overflow-y:hidden;overflow-x:hidden;cursor:default}body[dir] table,body[dir] td{margin:0;padding:0}body{font-size:15px;line-height:20px;font-family:"Segoe UI",Arial,Helvetica,Sans-Serif;color:#000}body[dir]{margin:0}body .tallUx{
2024-11-19 17:56:16 UTC	794	IN	Data Raw: 6f 74 28 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 29 3a 6e 6f 74 28 2e 63 6f 72 74 61 6e 61 49 63 6f 6e 29 20 2e 69 63 6f 6e 20 69 6d 67 7b 77 69 64 74 68 3a 31 33 70 78 3b 68 65 69 67 68 74 3a 31 33 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 6d 69 6e 2d 77 69 64 74 68 3a 34 34 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 34 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 6e 6f 72 6d 61 6c 69 7a 65 64 42 69 Data Ascii: ot(.secondaryIcon):not(.cortanaIcon) .icon img{width:13px;height:13px}.asPadding .doubleLine .secondaryIcon>.icon{min-width:44px;min-height:44px;max-height:44px}body[dir] .asPadding .doubleLine .secondaryIcon>.icon{padding-top:6px}.asPadding .normalizedBi

Session ID	Source IP	Source Port	Destination IP	Destination Port
20	192.168.2.16	49745	204.79.197.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:16 UTC	1187	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=c&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=1&cvid=58754d2a5304426fb0bdc1f695997ae4&ig=481bf3f68ea44adfb064393e1e193a2c HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2 X-MSEdge-ExternalExpType: JointCoord Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-11-19 17:56:16 UTC	1188	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Content-Length: 5785 Content-Type: application/json; charset=utf-8 Expires: -1 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: MUIDB=5047E5942BB2460EA35B53CCF78DDB3D; expires=Sun, 14-Dec-2025 17:56:16 GMT; path=/; HttpOnly X-EventID: 673cd1400c164c658101da0357352fab UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: AA54F4418FEA49038AF29A0CA0408F3B Ref B: EWR30EDGE0716 Ref C: 2024-11-19T17:56:16Z Date: Tue, 19 Nov 2024 17:56:15 GMT Connection: close
2024-11-19 17:56:16 UTC	3129	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 63 68 61 74 2b 67 70 74 22 2c 22 71 75 65 72 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=chat+gpt","quer
2024-11-19 17:56:16 UTC	2656	IN	Data Raw: 22 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 55 72 6c 22 3a 22 2f 74 68 3f 69 64 3d 4f 53 4b 2e 50 6e 6c 75 4e 74 71 59 38 49 78 51 6c 49 32 61 75 57 4e 69 6b 32 38 4e 5a 56 46 41 5a 52 31 52 63 75 6d 4f 38 45 76 6f 4b 67 41 5c 75 30 30 32 36 77 3d 38 30 5c 75 30 30 32 36 68 3d 38 30 5c 75 30 30 32 36 71 6c 74 3d 39 30 5c 75 30 30 32 36 63 3d 36 5c 75 30 30 32 36 72 73 3d 31 5c 75 30 30 32 36 63 64 76 3d 31 5c 75 30 30 32 36 70 69 64 3d 52 53 22 2c 22 73 65 67 6d 65 6e 74 73 22 3a 22 4f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 7d 2c 22 54 65 78 74 22 3a 22 43 6f 6f 70 22 2c 22 48 69 67 68 43 6f 6e 66 69 64 65 6e 63 65 4d 65 74 61 53 75 67 67 65 73 74 69 6f 6e 53 63 6f 72 65 22 3a 30 2c 22 50 72 65 66 65 74 63 68 43 6f 6e 66 69 64 65 6e 63 65 53 63 6f 72 65 22 3a Data Ascii: "secondaryIconUrl":"/th?id=OSK.PnluNtqY8IxQlI2auWNik28NZVFAZR1RcumO8EvoKgA\u0026w=80\u0026h=80\u0026qlt=90\u0026c=6\u0026rs=1\u0026cdv=1\u0026pid=RS","segments":"Organization"},"Text":"Coop","HighConfidenceMetaSuggestionScore":0,"PrefetchConfidenceScore":

Session ID	Source IP	Source Port	Destination IP	Destination Port
21	192.168.2.16	49748	204.79.197.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:16 UTC	1077	OUT	POST /threshold/xls.aspx HTTP/1.1 Origin: https://www.bing.com Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH Content-type: text/xml X-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2 X-MSEdge-ExternalExpType: JointCoord Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Content-Length: 25440 Connection: Keep-Alive Cache-Control: no-cache Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-11-19 17:56:16 UTC	16355	OUT	Data Raw: 3c 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 35 30 34 37 45 35 39 34 32 42 42 32 34 36 30 45 41 33 35 42 35 33 43 43 46 37 38 44 44 42 33 44 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 65 62 63 63 37 32 35 30 33 61 64 65 34 30 35 61 39 63 38 62 37 37 33 38 62 66 37 32 36 38 31 34 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 74 6f 74 61 6c 6e 75 6d 62 65 72 4f 66 45 6e 74 72 69 65 73 22 3a 22 30 22 Data Ascii: <ClientInstRequest><CID>5047E5942BB2460EA35B53CCF78DDB3D</CID><Events><E><T>Event.ClientInst</T><IG>ebcc72503ade405a9c8b7738bf726814</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","totalnumberOfEntries":"0"
2024-11-19 17:56:16 UTC	9085	OUT	Data Raw: 76 69 63 65 53 69 67 6e 61 6c 73 22 3a 7b 22 52 61 6e 6b 22 3a 35 32 31 33 2c 22 50 48 69 74 73 22 3a 22 53 79 73 74 65 6d 2e 50 61 72 73 69 6e 67 4e 61 6d 65 22 2c 22 49 64 22 3a 22 43 6c 61 73 73 69 63 5f 7b 36 33 38 66 38 65 32 31 2d 65 31 35 37 2d 34 30 64 37 2d 39 37 65 30 2d 61 30 63 38 65 34 63 34 65 32 62 35 7d 22 2c 22 44 4e 61 6d 65 22 3a 22 43 68 61 6e 67 65 20 55 73 65 72 20 41 63 63 6f 75 6e 74 20 43 6f 6e 74 72 6f 6c 20 73 65 74 74 69 6e 67 73 22 2c 22 4d 44 4e 22 3a 30 7d 7d 5d 7d 5d 5d 5d 3e 3c 2f 44 53 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c Data Ascii: viceSignals":{"Rank":5213,"PHits":"System.ParsingName","Id":"Classic_{638f8e21-e157-40d7-97e0-a0c8e4c4e2b5}","DName":"Change User Account Control settings","MDN":0}}]}]...</DS><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init",
2024-11-19 17:56:16 UTC	428	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: * X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 5B4D348F05874775A8828B0E3AF14B70 Ref B: EWR311000104039 Ref C: 2024-11-19T17:56:16Z Date: Tue, 19 Nov 2024 17:56:15 GMT Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port
22	192.168.2.16	49747	204.79.197.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:16 UTC	1188	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cm&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=2&cvid=58754d2a5304426fb0bdc1f695997ae4&ig=57e0066d12a340a789feb61d3a2beada HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2 X-MSEdge-ExternalExpType: JointCoord Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-11-19 17:56:16 UTC	1190	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Content-Length: 4382 Content-Type: application/json; charset=utf-8 Expires: -1 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: MUIDB=5047E5942BB2460EA35B53CCF78DDB3D; expires=Sun, 14-Dec-2025 17:56:16 GMT; path=/; HttpOnly X-EventID: 673cd140d082452fa3a3997e3a17db14 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 1E682ACE30CE4CBB94945A2FA568A994 Ref B: EWR311000108047 Ref C: 2024-11-19T17:56:16Z Date: Tue, 19 Nov 2024 17:56:15 GMT Connection: close
2024-11-19 17:56:16 UTC	1274	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 63 6d 64 22 2c 22 71 75 65 72 79 22 3a 22 63 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=cmd","query":"c
2024-11-19 17:56:16 UTC	1855	IN	Data Raw: 35 39 5c 22 3b 32 30 30 30 3a 5c 22 31 30 39 37 32 34 5c 22 3b 32 30 31 31 3a 5c 22 35 5c 22 3b 31 31 30 33 34 3a 5c 22 33 37 33 31 32 37 39 30 39 5c 22 3b 22 2c 22 68 63 73 22 3a 22 30 22 7d 2c 22 54 65 78 74 22 3a 22 ee 80 80 63 6d ee 80 81 69 20 6c 6f 67 69 6e 22 2c 22 48 69 67 68 43 6f 6e 66 69 64 65 6e 63 65 4d 65 74 61 53 75 67 67 65 73 74 69 6f 6e 53 63 6f 72 65 22 3a 30 2c 22 50 72 65 66 65 74 63 68 43 6f 6e 66 69 64 65 6e 63 65 53 63 6f 72 65 22 3a 30 7d 2c 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 63 6d 64 2b 69 70 63 6f 6e 66 69 67 22 2c 22 71 75 65 72 79 22 3a 22 63 6d 64 20 69 70 63 6f 6e 66 69 67 22 2c 22 73 74 79 70 65 22 3a 22 41 53 22 2c 22 6c 6d 22 3a 22 31 30 30 30 3a 5c 22 30 5c 22 Data Ascii: 59\";2000:\"109724\";2011:\"5\";11034:\"373127909\";","hcs":"0"},"Text":"cmi login","HighConfidenceMetaSuggestionScore":0,"PrefetchConfidenceScore":0},{"Attributes":{"url":"/search?q=cmd+ipconfig","query":"cmd ipconfig","stype":"AS","lm":"1000:\"0\"
2024-11-19 17:56:16 UTC	1253	IN	Data Raw: 64 65 6e 63 65 4d 65 74 61 53 75 67 67 65 73 74 69 6f 6e 53 63 6f 72 65 22 3a 30 2c 22 50 72 65 66 65 74 63 68 43 6f 6e 66 69 64 65 6e 63 65 53 63 6f 72 65 22 3a 30 7d 2c 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 73 74 79 70 65 22 3a 22 51 50 22 2c 22 68 63 22 3a 22 31 22 2c 22 68 63 73 22 3a 22 31 22 2c 22 61 70 70 49 64 22 3a 22 7b 31 41 43 31 34 45 37 37 2d 30 32 45 37 2d 34 45 35 44 2d 42 37 34 34 2d 32 45 42 31 41 45 35 31 39 38 42 37 7d 5c 5c 63 6d 64 2e 65 78 65 22 7d 2c 22 48 69 67 68 43 6f 6e 66 69 64 65 6e 63 65 4d 65 74 61 53 75 67 67 65 73 74 69 6f 6e 53 63 6f 72 65 22 3a 31 2c 22 50 72 65 66 65 74 63 68 43 6f 6e 66 69 64 65 6e 63 65 53 63 6f 72 65 22 3a 30 7d 2c 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 73 74 79 70 65 22 3a 22 51 Data Ascii: denceMetaSuggestionScore":0,"PrefetchConfidenceScore":0},{"Attributes":{"stype":"QP","hc":"1","hcs":"1","appId":"{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}\\cmd.exe"},"HighConfidenceMetaSuggestionScore":1,"PrefetchConfidenceScore":0},{"Attributes":{"stype":"Q

Session ID	Source IP	Source Port	Destination IP	Destination Port
23	192.168.2.16	49746	204.79.197.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:16 UTC	1189	OUT	GET /AS/API/WindowsCortanaPane/V2/Suggestions?qry=cmd&setlang=en-CH&cc=CH&nohs=1&qfm=1&cp=3&cvid=58754d2a5304426fb0bdc1f695997ae4&ig=001d750fe97140d2826d888f0e6902e1 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: / Accept-Language: en-CH X-BM-ClientFeatures: FontV22,LightAnswers,PreviewPaneAvailable,RevStore X-MSEdge-ExternalExp: d-thshld42,dsbdailyset_c,expmegaclick_cf,hashexpt3,iffsqloptwin10c,msbdsbedu9cf,wsbqfnewsynonym,wsbref-t,wsbswgc-t2 X-MSEdge-ExternalExpType: JointCoord Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: www.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133; MUIDB=5047E5942BB2460EA35B53CCF78DDB3D
2024-11-19 17:56:16 UTC	1188	IN	HTTP/1.1 200 OK Cache-Control: no-cache, no-store, must-revalidate Pragma: no-cache Content-Length: 4553 Content-Type: application/json; charset=utf-8 Expires: -1 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; domain=.bing.com; path=/; HttpOnly Set-Cookie: MUIDB=5047E5942BB2460EA35B53CCF78DDB3D; expires=Sun, 14-Dec-2025 17:56:16 GMT; path=/; HttpOnly X-EventID: 673cd140dbac4b129744d20387b0a6bd UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: 9B1A3025D3D34069890F866B79A2A2CC Ref B: EWR30EDGE0320 Ref C: 2024-11-19T17:56:16Z Date: Tue, 19 Nov 2024 17:56:15 GMT Connection: close
2024-11-19 17:56:16 UTC	1057	IN	Data Raw: 7b 22 52 65 73 6f 75 72 63 65 73 22 3a 7b 22 53 74 79 6c 65 73 22 3a 7b 22 43 73 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 43 73 73 48 65 61 64 4f 76 65 72 72 69 64 65 22 3a 7b 7d 7d 2c 22 53 63 72 69 70 74 73 22 3a 7b 22 4a 73 48 65 61 64 54 6f 70 6d 6f 73 74 22 3a 7b 7d 2c 22 4a 73 48 65 61 64 4e 6f 72 6d 61 6c 22 3a 7b 7d 2c 22 4a 73 45 6e 64 4f 66 43 68 75 6e 6b 22 3a 7b 7d 2c 22 4a 73 42 65 66 6f 72 65 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 43 6f 6e 74 65 6e 74 22 3a 7b 7d 2c 22 4a 73 41 66 74 65 72 4f 6e 4c 6f 61 64 22 3a 7b 7d 7d 7d 2c 22 53 75 67 67 65 73 74 69 6f 6e 73 22 3a 5b 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 63 6d 64 22 2c 22 71 75 65 72 79 22 3a 22 63 Data Ascii: {"Resources":{"Styles":{"CssHeadNormal":{},"CssHeadOverride":{}},"Scripts":{"JsHeadTopmost":{},"JsHeadNormal":{},"JsEndOfChunk":{},"JsBeforeContent":{},"JsAfterContent":{},"JsAfterOnLoad":{}}},"Suggestions":[{"Attributes":{"url":"/search?q=cmd","query":"c
2024-11-19 17:56:16 UTC	2072	IN	Data Raw: 65 78 74 22 3a 22 ee 80 80 63 6d 64 ee 80 81 20 69 70 63 6f 6e 66 69 67 22 2c 22 48 69 67 68 43 6f 6e 66 69 64 65 6e 63 65 4d 65 74 61 53 75 67 67 65 73 74 69 6f 6e 53 63 6f 72 65 22 3a 30 2c 22 50 72 65 66 65 74 63 68 43 6f 6e 66 69 64 65 6e 63 65 53 63 6f 72 65 22 3a 30 7d 2c 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 75 72 6c 22 3a 22 2f 73 65 61 72 63 68 3f 71 3d 63 6d 64 2b 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 22 2c 22 71 75 65 72 79 22 3a 22 63 6d 64 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 22 2c 22 73 74 79 70 65 22 3a 22 41 53 22 2c 22 6c 6d 22 3a 22 31 30 30 30 3a 5c 22 30 5c 22 3b 32 32 30 30 3a 5c 22 31 33 5c 22 3b 33 30 30 30 31 3a 5c 22 31 32 37 39 33 5c 22 3b 32 31 35 32 3a 5c 22 31 35 37 39 32 5c 22 3b 32 30 30 30 3a 5c 22 31 32 39 Data Ascii: ext":"cmd ipconfig","HighConfidenceMetaSuggestionScore":0,"PrefetchConfidenceScore":0},{"Attributes":{"url":"/search?q=cmd+administrator","query":"cmd administrator","stype":"AS","lm":"1000:\"0\";2200:\"13\";30001:\"12793\";2152:\"15792\";2000:\"129
2024-11-19 17:56:16 UTC	1424	IN	Data Raw: 22 30 5c 22 3b 32 32 30 30 3a 5c 22 31 35 5c 22 3b 33 30 30 30 31 3a 5c 22 31 35 33 32 38 5c 22 3b 32 31 35 32 3a 5c 22 31 37 33 39 37 5c 22 3b 32 30 30 30 3a 5c 22 33 38 38 36 30 5c 22 3b 32 30 31 31 3a 5c 22 31 30 5c 22 3b 31 31 30 33 34 3a 5c 22 33 37 33 31 32 37 39 30 39 5c 22 3b 22 2c 22 68 63 73 22 3a 22 30 22 7d 2c 22 54 65 78 74 22 3a 22 ee 80 80 63 6d 64 ee 80 81 2e 65 78 65 20 61 6c 73 20 61 64 6d 69 6e 20 73 74 61 72 74 65 6e 22 2c 22 48 69 67 68 43 6f 6e 66 69 64 65 6e 63 65 4d 65 74 61 53 75 67 67 65 73 74 69 6f 6e 53 63 6f 72 65 22 3a 30 2c 22 50 72 65 66 65 74 63 68 43 6f 6e 66 69 64 65 6e 63 65 53 63 6f 72 65 22 3a 30 7d 2c 7b 22 41 74 74 72 69 62 75 74 65 73 22 3a 7b 22 73 74 79 70 65 22 3a 22 51 50 22 2c 22 68 63 22 3a 22 31 22 2c 22 68 Data Ascii: "0\";2200:\"15\";30001:\"15328\";2152:\"17397\";2000:\"38860\";2011:\"10\";11034:\"373127909\";","hcs":"0"},"Text":"cmd.exe als admin starten","HighConfidenceMetaSuggestionScore":0,"PrefetchConfidenceScore":0},{"Attributes":{"stype":"QP","hc":"1","h

Session ID	Source IP	Source Port	Destination IP	Destination Port
24	192.168.2.16	49751	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:16 UTC	913	OUT	GET /rb/6m/cir3,ortl,cc,nc/86nahuYhxjiWblppiNlDkKK2XLk.css?bu=M8IKvArICrwKrAu8CrILvAq8CrwKvQu8CsQLvArKC7wK0Au8CtYLvAraCrwK4Aq8CtQKvAq8CqMLvArvCrwK9Qq8CukKvAq8CoULiAu8CrwKoAuOC7wKlAuXC7wKggy8CtwLvAqwDA&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:17 UTC	1248	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Sun, 17 Nov 2024 19:19:39 GMT X-EventID: 673bae21d5d54f2c8e401fc9a91a122d UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: BNZEEAP00016A91 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=357576 Expires: Sat, 23 Nov 2024 21:15:52 GMT Date: Tue, 19 Nov 2024 17:56:16 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.8a200117.1732038976.33780c8c Timing-Allow-Origin: *
2024-11-19 17:56:17 UTC	15136	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 40 6b 65 79 66 72 61 6d 65 73 20 61 6c 67 6f 50 6c 61 63 65 68 6f 6c 64 65 72 53 68 69 6d 6d 65 72 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 2d 31 30 30 25 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 31 30 30 25 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 69 6e 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 2d 6d 6f 7a 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 69 6e 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a 31 7d 7d 40 2d 6f 2d 6b 65 79 66 72 61 6d 65 73 20 66 61 64 65 69 6e 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 3b 7d 31 30 30 25 7b 6f 70 61 63 69 74 79 3a Data Ascii: 00006000@keyframes algoPlaceholderShimmer{0%{transform:translateX(-100%)}100%{transform:translateX(100%)}}@keyframes fadein{0%{opacity:0}100%{opacity:1}}@-moz-keyframes fadein{0%{opacity:0}100%{opacity:1}}@-o-keyframes fadein{0%{opacity:0;}100%{opacity:
2024-11-19 17:56:17 UTC	9452	IN	Data Raw: 6d 65 6e 75 2d 69 74 65 6d 5f 64 65 74 61 69 6c 73 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 38 70 78 7d 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 6d 65 6e 75 2d 69 74 65 6d 5f 64 65 74 61 69 6c 73 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 38 70 78 7d 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 64 69 76 69 64 65 72 7b 62 6f 72 64 65 72 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 32 29 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 64 69 76 69 64 65 72 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 34 70 78 20 31 32 70 78 7d 2e 64 61 72 6b 54 68 65 6d 65 20 2e 63 6f 6e 74 65 78 74 4d 65 6e 75 20 2e 64 69 Data Ascii: menu-item_details{padding-left:28px}body[dir='rtl'] .contextMenu .menu-item_details{padding-right:28px}.contextMenu .divider{border:0;border-top:1px solid rgba(0,0,0,.2)}body[dir] .contextMenu .divider{padding:0;margin:4px 12px}.darkTheme .contextMenu .di
2024-11-19 17:56:17 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 74 3a 63 61 6c 63 28 31 30 30 25 20 2d 20 33 36 70 78 20 2b 20 31 32 70 78 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 7d 62 6f 64 79 5b 64 69 72 5d 20 23 6c 6f 61 64 69 6e 67 53 63 72 65 65 6e 2c 62 6f 64 79 5b 64 69 72 5d 20 23 63 6f 70 69 6c 6f 74 4c 6f 61 64 69 6e 67 53 63 72 65 65 6e 7b 6d 61 72 67 69 6e 3a 31 32 70 78 20 31 32 70 78 20 30 20 31 32 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 32 70 78 7d 2e 64 61 72 6b 54 68 65 6d 65 20 23 6c 6f 61 64 69 6e 67 53 63 72 65 65 6e 2c 2e 64 61 72 6b 54 68 65 6d 65 20 23 63 6f 70 69 6c 6f 74 4c 6f 61 64 69 6e 67 53 63 72 65 65 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 Data Ascii: 00006000t:calc(100% - 36px + 12px);background-color:#fff;box-sizing:content-box}body[dir] #loadingScreen,body[dir] #copilotLoadingScreen{margin:12px 12px 0 12px;padding-top:12px}.darkTheme #loadingScreen,.darkTheme #copilotLoadingScreen{background-color
2024-11-19 17:56:17 UTC	8204	IN	Data Raw: 3a 6e 6f 6e 65 7d 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 74 6f 70 52 65 73 75 6c 74 54 65 6d 70 6c 61 74 65 49 6e 47 72 6f 75 70 73 20 2e 73 75 67 67 44 65 74 61 69 6c 73 43 6f 6e 74 61 69 6e 65 72 2c 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 20 2e 73 75 67 67 44 65 74 61 69 6c 73 43 6f 6e 74 61 69 6e 65 72 2c 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 67 72 6f 75 70 20 2e 74 6f 70 52 65 73 75 6c 74 54 65 6d 70 6c 61 74 65 49 6e 47 72 6f 75 70 73 2e 73 75 67 67 65 73 74 69 6f 6e 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 Data Ascii: :none}body[dir='ltr'] .topResults .suggestion.topResultTemplateInGroups .suggDetailsContainer,body[dir='ltr'] .topResults .suggestion.withOpenPreviewPaneBtn .suggDetailsContainer,body[dir='ltr'] .group .topResultTemplateInGroups.suggestion.withOpenPreview
2024-11-19 17:56:17 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 2c 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 20 2e 70 72 65 76 69 65 77 4f 70 65 6e 65 64 49 63 6f 6e 2c 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 49 63 6f 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 70 72 65 76 69 65 77 50 61 6e 65 4f 70 65 6e 65 64 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 2c 2e 70 72 65 76 69 65 77 50 61 6e 65 4f 70 65 6e 69 6e 67 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e Data Ascii: 00004000,.openPreviewPaneBtn{align-items:center;justify-content:center}.openPreviewPaneBtn .previewOpenedIcon,.openPreviewPaneBtn .openPreviewIcon{display:none}.previewPaneOpened .openPreviewPaneBtn,.previewPaneOpening .openPreviewPaneBtn{display:none}.
2024-11-19 17:56:17 UTC	12	IN	Data Raw: 78 3b 74 6f 70 3a 34 70 78 3b 0d 0a Data Ascii: x;top:4px;
2024-11-19 17:56:17 UTC	5946	IN	Data Raw: 30 30 30 30 31 37 32 45 0d 0a 62 6f 74 74 6f 6d 3a 31 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 30 32 34 31 29 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 2e 65 6e 61 62 6c 65 41 6e 61 68 65 69 6d 54 6f 70 53 69 74 65 73 57 69 6e 31 31 20 2e 67 72 6f 75 70 48 65 61 64 65 72 20 2e 69 6e 66 6f 72 6d 61 74 69 6f 6e 42 75 62 62 6c 65 7b 6c 65 66 74 3a 38 70 78 7d 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 2e 65 6e 61 62 6c 65 41 6e 61 68 65 69 6d 54 6f 70 53 69 74 65 73 57 69 6e 31 31 20 2e 67 72 6f 75 70 48 65 61 64 65 Data Ascii: 0000172Ebottom:1px;font-size:12px;background-color:rgba(0,0,0,.0241);font-weight:400}body[dir='ltr'] .zeroInput19H1.enableAnaheimTopSitesWin11 .groupHeader .informationBubble{left:8px}body[dir='rtl'] .zeroInput19H1.enableAnaheimTopSitesWin11 .groupHeade
2024-11-19 17:56:17 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 2e 61 72 72 6f 77 4f 72 54 61 62 41 63 74 69 6f 6e 20 2e 72 65 6d 6f 76 65 49 63 6f 6e 2e 73 65 6c 65 63 74 65 64 7b 6f 75 74 6c 69 6e 65 3a 31 2e 35 70 78 20 73 6f 6c 69 64 20 23 30 30 30 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 7d 2e 64 61 72 6b 54 68 65 6d 65 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 3a 6e 6f 74 28 2e 66 69 6c 65 45 78 70 6c 6f 72 65 72 29 3a 6e 6f 74 28 2e 77 69 6e 31 31 29 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 61 72 72 6f 77 4f 72 54 61 62 41 63 74 69 6f 6e 20 2e 72 65 6d 6f 76 65 49 63 6f 6e 2e 73 65 6c 65 63 74 65 64 7b 6f 75 74 6c 69 6e 65 3a 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 7d 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 3a 6e 6f 74 28 2e 66 69 6c 65 45 78 70 6c 6f 72 65 72 29 20 2e 67 72 Data Ascii: 00004000.arrowOrTabAction .removeIcon.selected{outline:1.5px solid #000;display:inline}.darkTheme.zeroInput19H1:not(.fileExplorer):not(.win11) .suggestion.arrowOrTabAction .removeIcon.selected{outline:1px solid #fff}.zeroInput19H1:not(.fileExplorer) .gr
2024-11-19 17:56:17 UTC	12	IN	Data Raw: 2e 73 65 6c 65 63 74 61 62 6c 0d 0a Data Ascii: .selectabl
2024-11-19 17:56:17 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 65 2e 73 75 67 67 65 73 74 69 6f 6e 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 3a 6e 6f 74 28 2e 66 6f 63 75 73 61 62 6c 65 29 3a 6e 6f 74 28 2e 70 72 65 76 69 65 77 50 61 6e 65 4f 70 65 6e 65 64 29 3a 68 6f 76 65 72 20 2e 6f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 2c 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 23 72 6f 6f 74 3a 6e 6f 74 28 2e 77 69 6e 31 31 29 3a 6e 6f 74 28 2e 66 69 6c 65 45 78 70 6c 6f 72 65 72 29 3a 6e 6f 74 28 2e 7a 65 72 6f 49 6e 70 75 74 31 39 48 31 29 20 2e 74 6f 70 52 65 73 75 6c 74 73 20 2e 73 65 6c 65 63 74 61 62 6c 65 2e 73 75 67 67 65 73 74 69 6f 6e 2e 77 69 74 68 4f 70 65 6e 50 72 65 76 69 65 77 50 61 6e 65 42 74 6e 3a 6e 6f 74 28 2e 66 6f 63 75 73 61 62 Data Ascii: 00004000e.suggestion.withOpenPreviewPaneBtn:not(.focusable):not(.previewPaneOpened):hover .openPreviewPaneBtn,body[dir='rtl'] #root:not(.win11):not(.fileExplorer):not(.zeroInput19H1) .topResults .selectable.suggestion.withOpenPreviewPaneBtn:not(.focusab

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.16	49750	40.126.31.71	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:16 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-19 17:56:16 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-19 17:56:17 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 19 Nov 2024 17:55:17 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BL2 x-ms-request-id: dce4d098-1770-4cad-a5a8-662081894765 PPServer: PPV: 30 H: BL02EPF0001D808 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 19 Nov 2024 17:56:16 GMT Connection: close Content-Length: 11409
2024-11-19 17:56:17 UTC	11409	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
26	192.168.2.16	49753	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:17 UTC	774	OUT	GET /rb/6m/ortl,cc,nc/QNBBNqWD9F_Blep-UqQSqnMp-FI.css?bu=AbwK&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:18 UTC	1207	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Tue, 11 Jun 2024 16:35:03 GMT X-EventID: 672dd1bd9ab54d399f22fb80d8562e30 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: BNZEEAP000264B0 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=226847 Expires: Fri, 22 Nov 2024 08:57:05 GMT Date: Tue, 19 Nov 2024 17:56:18 GMT Content-Length: 6 Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.94200117.1732038978.48797aeb Timing-Allow-Origin: *
2024-11-19 17:56:18 UTC	6	IN	Data Raw: 7a 7b 61 3a 31 7d Data Ascii: z{a:1}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.16	49752	40.126.31.71	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:18 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4775 Host: login.live.com
2024-11-19 17:56:18 UTC	4775	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-19 17:56:18 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 19 Nov 2024 17:55:18 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_BAY x-ms-request-id: 86590e7d-91ec-4bfb-be67-e7f8244543e3 PPServer: PPV: 30 H: PH1PEPF0001B8D7 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 19 Nov 2024 17:56:17 GMT Connection: close Content-Length: 11409
2024-11-19 17:56:18 UTC	11409	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
28	192.168.2.16	49754	150.171.84.254	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:18 UTC	481	OUT	GET /apc/trans.gif?e3bfee56476065f0ab149b748f731e37 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: p-ring.msedge.net Connection: Keep-Alive
2024-11-19 17:56:18 UTC	314	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 17:56:18 GMT Content-Type: image/gif Content-Length: 43 Last-Modified: Thu, 14 Nov 2024 08:41:24 GMT Connection: close ETag: "6735b7b4-2b" x-azure-ref: 20241119T175618Z-1777c6cb7549x5qchC1TEBggbg00000008hg000000007mqb X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-11-19 17:56:18 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port
29	192.168.2.16	49755	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:18 UTC	796	OUT	GET /rb/6m/ortl,cc,nc/_BjeFNPDJ-N9umMValublyrbq4Y.css?bu=CZ0MvAqiDLwKpgy8CrwKvAq8Cg&or=w HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:18 UTC	1248	IN	HTTP/1.1 200 OK Content-Type: text/css; charset=utf-8 Server: Kestrel Access-Control-Allow-Headers: * Access-Control-Allow-Origin: * Last-Modified: Thu, 19 Sep 2024 02:40:10 GMT X-EventID: 672dd1bdf4fe421c8939f6a5da803049 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-AS-InstrumentationOptions: AppServerLoggingMaster=1 X-AS-MACHINENAME: BNZEEAP00016AD7 X-AS-SuppressSetCookie: 1 X-XSS-Protection: 0 cross-origin-resource-policy: cross-origin nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75} report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]} Cache-Control: public, max-age=222814 Expires: Fri, 22 Nov 2024 07:49:52 GMT Date: Tue, 19 Nov 2024 17:56:18 GMT Transfer-Encoding: chunked Connection: close Connection: Transfer-Encoding Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.85200117.1732038978.437254a1 Timing-Allow-Origin: *
2024-11-19 17:56:18 UTC	15136	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 23 74 6f 70 52 65 73 75 6c 74 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 6d 73 62 2d 70 65 6f 70 6c 65 20 2e 69 63 6f 6e 7b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 23 74 6f 70 52 65 73 75 6c 74 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 6d 73 62 2d 70 65 6f 70 6c 65 20 2e 69 63 6f 6e 3e 69 6d 67 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 77 69 64 74 68 3a 31 30 30 25 7d 23 67 72 6f 75 70 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 6d 73 62 2d 70 65 6f 70 6c 65 20 2e 69 63 6f 6e 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 7d 23 67 72 6f 75 70 73 20 2e 73 75 67 67 65 73 74 69 6f 6e 2e 6d 73 62 2d 70 65 6f 70 6c 65 20 2e 69 63 6f 6e 3e 69 6d 67 7b Data Ascii: 00006000#topResults .suggestion.msb-people .icon{vertical-align:middle}#topResults .suggestion.msb-people .icon>img{border-radius:50%;height:100%;width:100%}#groups .suggestion.msb-people .icon{border-radius:50%}#groups .suggestion.msb-people .icon>img{
2024-11-19 17:56:18 UTC	9452	IN	Data Raw: 28 32 35 35 2c 32 35 35 2c 32 35 35 2c 2e 38 29 7d 2e 64 61 72 6b 54 68 65 6d 65 20 2e 70 72 65 76 69 65 77 43 6f 6e 74 61 69 6e 65 72 2e 6d 73 62 50 72 65 76 69 65 77 43 6f 6e 74 61 69 6e 65 72 20 23 62 5f 62 66 62 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 36 36 36 7d 2e 64 61 72 6b 54 68 65 6d 65 20 2e 70 72 65 76 69 65 77 43 6f 6e 74 61 69 6e 65 72 2e 6d 73 62 50 72 65 76 69 65 77 43 6f 6e 74 61 69 6e 65 72 20 23 62 5f 62 66 62 20 23 62 66 62 5f 63 6f 6e 74 65 6e 74 20 2e 6d 73 2d 73 65 61 72 63 68 2d 74 65 78 74 2d 68 31 7b 63 6f 6c 6f 72 3a 23 66 61 66 39 66 38 7d 2e 64 61 72 6b 54 68 65 6d 65 20 2e 70 72 65 76 69 65 77 43 6f 6e 74 61 69 6e 65 72 2e 6d 73 62 50 72 65 76 69 65 77 43 Data Ascii: (255,255,255,.8)}.darkTheme .previewContainer.msbPreviewContainer #b_bfb{background-color:transparent;color:#666}.darkTheme .previewContainer.msbPreviewContainer #b_bfb #bfb_content .ms-search-text-h1{color:#faf9f8}.darkTheme .previewContainer.msbPreviewC
2024-11-19 17:56:18 UTC	16384	IN	Data Raw: 30 30 30 30 36 30 30 30 0d 0a 74 65 6e 74 43 6f 6e 74 61 69 6e 65 72 22 5d 20 5b 63 6c 61 73 73 2a 3d 22 6f 72 67 43 68 61 72 74 22 5d 20 5b 63 6c 61 73 73 2a 3d 22 65 78 70 61 6e 73 69 6f 6e 42 75 74 74 6f 6e 43 6f 6e 74 61 69 6e 65 72 22 5d 3e 2e 6d 73 2d 73 65 61 72 63 68 2d 74 65 78 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 61 28 30 2c 30 2c 30 2c 2e 33 29 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 61 63 63 65 6e 74 31 32 29 7d 2e 64 61 72 6b 54 68 65 6d 65 20 23 6d 73 62 50 61 6e 65 2e 70 72 65 76 69 65 77 43 6f 6e 74 61 69 6e 65 72 2e 6d 73 62 50 72 65 76 69 65 77 43 6f 6e 74 61 69 6e 65 72 20 23 62 5f 62 66 62 20 2e 6d 73 2d 73 65 61 72 63 68 2d 72 69 62 62 6f 6e 20 23 62 66 62 5f 63 6f 6e 74 65 6e 74 20 5b 63 6c Data Ascii: 00006000tentContainer"] [class="orgChart"] [class="expansionButtonContainer"]>.ms-search-text{background:rgba(0,0,0,.3);border:1px solid var(--accent12)}.darkTheme #msbPane.previewContainer.msbPreviewContainer #b_bfb .ms-search-ribbon #bfb_content [cl
2024-11-19 17:56:18 UTC	8204	IN	Data Raw: 6f 75 74 4d 73 62 44 73 62 43 6f 6e 74 61 69 6e 65 72 53 63 72 6f 6c 6c 53 6d 61 6c 6c 20 2e 66 72 65 45 78 61 6d 70 6c 65 43 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 30 30 70 78 7d 2e 6d 73 62 46 72 65 43 6f 6e 74 61 69 6e 65 72 7b 6d 61 78 2d 77 69 64 74 68 3a 33 34 30 70 78 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 5b 64 69 72 3d 27 6c 74 72 27 5d 20 2e 6d 73 62 46 72 65 43 6f 6e 74 61 69 6e 65 72 7b 70 61 64 64 69 6e 67 3a 36 30 70 78 20 30 20 30 20 32 34 70 78 7d 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 6d 73 62 46 72 65 43 6f 6e 74 61 69 6e 65 72 7b 70 61 64 64 69 6e 67 3a 36 30 70 78 20 32 34 70 78 20 30 20 30 7d 2e 6d 73 62 46 72 65 43 6f 6e 74 61 69 6e 65 72 20 2e 66 72 65 50 72 6f 66 69 6c 65 53 65 63 74 Data Ascii: outMsbDsbContainerScrollSmall .freExampleContainer{margin-top:100px}.msbFreContainer{max-width:340px;height:100%}body[dir='ltr'] .msbFreContainer{padding:60px 0 0 24px}body[dir='rtl'] .msbFreContainer{padding:60px 24px 0 0}.msbFreContainer .freProfileSect
2024-11-19 17:56:18 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 73 61 62 6c 65 2e 77 68 6f 6c 65 70 61 67 65 74 61 62 73 5f 5f 63 6f 6e 74 61 69 6e 65 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 36 70 78 20 36 70 78 20 30 20 30 7d 2e 64 73 62 2d 68 65 72 6f 20 2e 64 73 62 2d 68 65 72 6f 5f 5f 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 64 65 73 63 72 69 70 74 69 76 65 2d 68 6f 76 65 72 2d 63 61 72 64 5f 5f 62 69 6e 67 2d 6c 6f 67 6f 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 65 6e 64 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 64 73 62 2d 68 65 72 6f 20 2e 64 73 62 2d 68 65 72 6f 5f 5f 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 64 65 73 63 72 69 70 74 69 76 65 2d 68 6f 76 65 72 2d 63 61 72 64 5f 5f 62 69 Data Ascii: 00004000sable.wholepagetabs__container{border-radius:6px 6px 0 0}.dsb-hero .dsb-hero__content-container .descriptive-hover-card__bing-logo{align-self:flex-end;position:absolute}body[dir] .dsb-hero .dsb-hero__content-container .descriptive-hover-card__bi
2024-11-19 17:56:18 UTC	12	IN	Data Raw: 69 72 74 68 64 61 79 2d 63 61 0d 0a Data Ascii: irthday-ca
2024-11-19 17:56:18 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 72 64 2d 68 65 72 6f 2d 63 6c 61 69 6d 2d 62 75 74 74 6f 6e 3a 68 6f 76 65 72 7b 6f 70 61 63 69 74 79 3a 2e 38 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 64 73 62 2d 68 65 72 6f 2e 64 73 62 2d 62 69 72 74 68 64 61 79 2d 63 61 72 64 2d 68 65 72 6f 20 2e 62 69 72 74 68 64 61 79 2d 63 61 72 64 2d 66 6f 6f 74 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 68 65 69 67 68 74 3a 33 30 70 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 65 6e 64 3b 6f 70 61 63 69 74 79 3a 30 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 33 70 78 29 3b 61 6e 69 6d 61 74 69 6f 6e 3a 62 69 72 74 68 64 61 79 2d 72 65 76 65 61 6c 20 6c 69 6e 65 61 72 Data Ascii: 00004000rd-hero-claim-button:hover{opacity:.8 !important}.dsb-hero.dsb-birthday-card-hero .birthday-card-footer{font-size:11px;color:#000;height:30px;display:flex;align-items:flex-end;opacity:0;transform:translateY(-3px);animation:birthday-reveal linear
2024-11-19 17:56:18 UTC	12	IN	Data Raw: 6d 73 62 64 73 62 5f 70 65 6f 0d 0a Data Ascii: msbdsb_peo
2024-11-19 17:56:18 UTC	16384	IN	Data Raw: 30 30 30 30 34 30 30 30 0d 0a 70 6c 65 5f 65 78 70 6c 61 6e 61 74 69 6f 6e 73 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 23 6d 73 62 5f 64 73 62 5f 72 6f 6f 74 20 2e 6d 73 62 64 73 62 2d 6d 70 2d 63 6f 6e 74 65 6e 74 20 2e 6d 73 62 64 73 62 2d 6d 70 2d 70 70 6c 2e 6d 73 62 64 73 62 5f 70 65 6f 70 6c 65 5f 65 78 70 6c 61 6e 61 74 69 6f 6e 73 2c 62 6f 64 79 5b 64 69 72 3d 27 72 74 6c 27 5d 20 23 6d 73 62 5f 64 73 62 5f 62 72 74 6f 70 20 2e 6d 73 62 64 73 62 2d 6d 70 2d 63 6f 6e 74 65 6e 74 20 2e 6d 73 62 64 73 62 2d 6d 70 2d 70 70 6c 2e 6d 73 62 64 73 62 5f 70 65 6f 70 6c 65 5f 65 78 70 6c 61 6e 61 74 69 6f 6e 73 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a Data Ascii: 00004000ple_explanations{padding-left:0;padding-right:0}body[dir='rtl'] #msb_dsb_root .msbdsb-mp-content .msbdsb-mp-ppl.msbdsb_people_explanations,body[dir='rtl'] #msb_dsb_brtop .msbdsb-mp-content .msbdsb-mp-ppl.msbdsb_people_explanations{padding-right:
2024-11-19 17:56:18 UTC	12	IN	Data Raw: 6d 73 62 5f 64 73 62 5f 62 72 0d 0a Data Ascii: msb_dsb_br

Session ID	Source IP	Source Port	Destination IP	Destination Port
30	192.168.2.16	49756	150.171.84.254	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:19 UTC	481	OUT	GET /apc/trans.gif?abf6b0b4363a8fb8ec7d6cce4a4b9cc3 HTTP/1.1 Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept: image/png,image/svg+xml,image/;q=0.8,/*;q=0.5 Accept-Language: en-CH Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: p-ring.msedge.net Connection: Keep-Alive
2024-11-19 17:56:19 UTC	314	IN	HTTP/1.1 200 OK Date: Tue, 19 Nov 2024 17:56:19 GMT Content-Type: image/gif Content-Length: 43 Last-Modified: Tue, 19 Nov 2024 02:14:16 GMT Connection: close ETag: "673bf478-2b" x-azure-ref: 20241119T175619Z-r1d97b99577brct2hC1TEBambg00000001fg0000000022ac X-Cache: CONFIG_NOCACHE Accept-Ranges: bytes
2024-11-19 17:56:19 UTC	43	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a!,D;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.16	49757	40.126.31.71	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:19 UTC	422	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4828 Host: login.live.com
2024-11-19 17:56:19 UTC	4828	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2024-11-19 17:56:19 UTC	569	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Tue, 19 Nov 2024 17:55:19 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C538_SN1 x-ms-request-id: dea2c36b-5431-4e80-a297-41d8f5f6e0f9 PPServer: PPV: 30 H: SN1PEPF0002F955 V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Tue, 19 Nov 2024 17:56:19 GMT Connection: close Content-Length: 11177
2024-11-19 17:56:19 UTC	11177	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port
32	192.168.2.16	49759	23.1.33.206	443

Timestamp	Bytes transferred	Direction	Data
2024-11-19 17:56:19 UTC	746	OUT	GET /rp/4LOD29hn59ewS6iMElp63s6iKoA.js HTTP/1.1 Accept: / Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init Accept-Encoding: gzip, deflate, br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 Host: r.bing.com Connection: Keep-Alive Cookie: MUID=5047E5942BB2460EA35B53CCF78DDB3D; _SS=SID=117ACB7E7D246FD81513DF607C366EB7&CPID=1707317782133&AC=1&CPH=c645c844; _EDGE_S=SID=117ACB7E7D246FD81513DF607C366EB7&mkt=de-ch; SRCHUID=V=2&GUID=E0DD87A720F84B6F91D233EB006F66A1&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1707317784&IPMH=d580d1db&IPMID=1707317782133
2024-11-19 17:56:19 UTC	904	IN	HTTP/1.1 200 OK Content-Length: 132077 Content-Type: text/javascript; charset=utf-8 Content-MD5: xSAwWwrXM4Cn7ZudI13WVA== Last-Modified: Mon, 14 Oct 2024 19:31:35 GMT ETag: 0x8DCEC86D125E17D Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 x-ms-request-id: 09e3330c-801e-0039-340a-20a320000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Allow-Origin: * Cache-Control: public, no-transform, max-age=244065 Expires: Fri, 22 Nov 2024 13:44:04 GMT Date: Tue, 19 Nov 2024 17:56:19 GMT Connection: close Alt-Svc: h3=":443"; ma=93600 Akamai-GRN: 0.98200117.1732038979.394e41a7 Timing-Allow-Origin: * report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingaotak"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
2024-11-19 17:56:19 UTC	15480	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 6e 2c 74 29 7b 66 75 6e 63 74 69 6f 6e 20 69 28 6e 2c 74 29 7b 72 65 74 75 72 6e 20 4c 6f 63 53 74 72 69 6e 67 4d 61 6e 61 67 65 72 2e 72 65 67 69 73 74 65 72 28 7b 75 69 43 75 6c 74 75 72 65 3a 6e 2c 6e 61 6d 65 3a 22 4d 69 63 72 6f 73 6f 66 74 53 65 61 72 63 68 22 2c 6e 61 6d 65 73 70 61 63 65 3a 22 57 69 6e 64 6f 77 73 53 65 61 72 63 68 42 6f 78 22 7d 2c 7b 48 69 64 65 46 72 6f 6d 52 65 63 65 6e 74 48 69 73 74 6f 72 79 3a 74 5b 30 5d 2c 4d 73 62 46 72 65 45 78 61 6d 70 6c 65 48 65 61 64 65 72 54 65 78 74 3a 74 5b 31 5d 2c 4d 73 62 46 72 65 46 69 6c 65 73 53 70 61 6e 3a 74 5b 32 5d 2c 4d 73 62 46 72 65 46 69 6c 65 73 54 65 78 74 3a 74 5b 33 5d 2c 4d 73 62 46 72 65 46 69 6c 65 73 54 69 74 6c 65 3a 74 5b 34 5d 2c 4d 73 62 46 Data Ascii: (function(n,t){function i(n,t){return LocStringManager.register({uiCulture:n,name:"MicrosoftSearch",namespace:"WindowsSearchBox"},{HideFromRecentHistory:t[0],MsbFreExampleHeaderText:t[1],MsbFreFilesSpan:t[2],MsbFreFilesText:t[3],MsbFreFilesTitle:t[4],MsbF
2024-11-19 17:56:19 UTC	16384	IN	Data Raw: a6 be e0 a6 b0 20 e0 a6 95 e0 a7 8d e0 a6 af e0 a6 be e0 a6 b2 e0 a7 87 e0 a6 a8 e0 a7 8d e0 a6 a1 e0 a6 be e0 a6 b0 22 2c 22 e0 a6 b6 e0 a7 8d e0 a6 b0 e0 a7 87 e0 a6 a3 e0 a7 80 e0 a6 b8 e0 a6 ae e0 a7 82 e0 a6 b9 22 2c 22 e0 a6 86 e0 a6 ae e0 a6 be e0 a6 b0 20 e0 a6 95 e0 a7 8d e0 a6 b2 e0 a6 be e0 a6 b8 e0 a6 97 e0 a7 81 e0 a6 b2 e0 a6 bf 22 2c 22 e0 a6 ab e0 a6 be e0 a6 87 e0 a6 b2 e0 a6 97 e0 a7 81 e0 a6 b2 e0 a6 bf 22 2c 22 e0 a6 86 e0 a6 ae e0 a6 be e0 a6 b0 20 e0 a6 ab e0 a6 be e0 a6 87 e0 a6 b2 e0 a6 97 e0 a7 81 e0 a6 b2 e0 a6 bf 22 2c 22 e0 a6 ac e0 a6 be e0 a6 b0 e0 a7 8d e0 a6 a4 e0 a6 be e0 a6 b8 e0 a6 ae e0 a7 82 e0 a6 b9 22 2c 2c 22 e0 a6 86 e0 a6 ae e0 a6 be e0 a6 b0 20 e0 a6 aa e0 a7 8d e0 a6 b0 e0 a7 8b e0 a6 ab e0 a6 be e0 a6 87 e0 a6 Data Ascii: ",""," ",""," ","",,"
2024-11-19 17:56:19 UTC	2485	IN	Data Raw: d8 b7 d8 a8 db 8c d9 86 22 2c 22 da af d8 b1 d9 88 d9 87 e2 80 8c d9 87 d8 a7 22 2c 22 d8 aa da a9 d9 84 db 8c d9 81 e2 80 8c d9 87 d8 a7 22 2c 22 d8 aa da a9 d8 a7 d9 84 db 8c d9 81 20 d9 85 d9 86 22 2c 22 d8 aa d9 82 d9 88 db 8c d9 85 22 2c 22 d8 aa d9 82 d9 88 d9 8a d9 85 20 d9 85 d9 86 22 2c 22 da a9 d9 84 d8 a7 d8 b3 e2 80 8c d9 87 d8 a7 22 2c 22 da a9 d9 84 d8 a7 d8 b3 e2 80 8c d9 87 d8 a7 db 8c 20 d9 85 d9 86 22 2c 22 d9 81 d8 a7 db 8c d9 84 e2 80 8c d9 87 d8 a7 22 2c 22 d9 81 d8 a7 db 8c d9 84 e2 80 8c d9 87 d8 a7 db 8c 20 d9 85 d9 86 22 2c 22 d9 be db 8c d8 a7 d9 85 e2 80 8c d9 87 d8 a7 22 2c 2c 22 d9 86 d9 85 d8 a7 db 8c d9 87 20 d9 85 d9 86 22 2c 22 d8 ac d8 b3 d8 aa d8 ac d9 88 d9 87 d8 a7 db 8c 20 da a9 d8 a7 d8 b1 db 8c 20 d8 a7 d8 ae db 8c Data Ascii: ","",""," ",""," ",""," ",""," ","",," ","
2024-11-19 17:56:19 UTC	16384	IN	Data Raw: 2d 74 79 70 65 20 70 61 72 61 20 6d 61 67 68 61 6e 61 70 20 6e 67 20 6d 67 61 20 74 61 6f 2c 20 66 69 6c 65 2c 20 61 74 20 68 69 67 69 74 20 70 61 6e 67 20 72 65 73 75 6c 74 61 20 6d 75 6c 61 20 73 61 20 7b 30 7d 21 22 2c 22 70 61 6e 67 61 6c 61 6e 20 6f 20 61 6c 79 61 73 20 6e 67 20 63 6f 77 6f 72 6b 65 72 22 2c 22 53 75 62 75 6b 61 6e 67 20 6d 61 67 2d 74 79 70 65 20 6e 67 22 2c 22 4d 67 61 20 54 61 6f 22 2c 22 4d 67 61 20 43 6f 6e 74 61 63 74 22 2c 22 4d 67 61 20 47 72 75 70 6f 22 2c 22 4d 67 61 20 54 61 6b 64 61 6e 67 20 41 72 61 6c 69 6e 22 2c 22 6d 67 61 20 74 61 6b 64 61 6e 67 20 61 72 61 6c 69 6e 20 6b 6f 22 2c 22 4b 61 6c 65 6e 64 61 72 79 6f 22 2c 22 41 6b 69 6e 67 20 6b 61 6c 65 6e 64 61 72 79 6f 22 2c 22 4d 67 61 20 6b 6c 61 73 65 22 2c 22 41 Data Ascii: -type para maghanap ng mga tao, file, at higit pang resulta mula sa {0}!","pangalan o alyas ng coworker","Subukang mag-type ng","Mga Tao","Mga Contact","Mga Grupo","Mga Takdang Aralin","mga takdang aralin ko","Kalendaryo","Aking kalendaryo","Mga klase","A
2024-11-19 17:56:19 UTC	12120	IN	Data Raw: c3 a6 c3 b0 69 22 2c 2c 22 64 72 65 67 69 c3 b0 20 73 61 6d 61 6e 22 2c 22 53 c3 ad 61 20 76 69 6e 6e 75 6e 69 c3 b0 75 72 73 74 c3 b6 c3 b0 75 72 22 2c 22 53 c3 ad 61 20 73 6b c3 b3 6c 61 6e 69 c3 b0 75 72 73 74 c3 b6 c3 b0 75 72 22 2c 22 6f 70 6e 61 c3 b0 22 2c 22 56 69 6e 6e 75 6e 69 c3 b0 75 72 73 74 c3 b6 c3 b0 75 72 22 2c 22 53 6a c3 a1 20 6d 69 6e 6e 61 22 2c 22 53 6a c3 a1 20 6d 65 69 72 61 22 2c 22 7b 30 7d 20 2d 20 46 6c 65 69 72 69 20 6e 69 c3 b0 75 72 73 74 c3 b6 c3 b0 75 72 22 5d 29 28 22 69 74 22 2c 5b 22 4e 61 73 63 6f 6e 64 69 20 64 61 6c 6c 61 20 63 72 6f 6e 6f 6c 6f 67 69 61 20 64 69 20 72 69 63 65 72 63 61 22 2c 22 54 72 6f 76 61 72 65 20 63 69 c3 b2 20 64 69 20 63 75 69 20 68 61 69 20 62 69 73 6f 67 6e 6f 20 61 6c 20 6c 61 76 6f 72 6f Data Ascii: i",,"dregi saman","Sa vinnuniurstur","Sa sklaniurstur","opna","Vinnuniurstur","Sj minna","Sj meira","{0} - Fleiri niurstur"])("it",["Nascondi dalla cronologia di ricerca","Trovare ci di cui hai bisogno al lavoro
2024-11-19 17:56:19 UTC	16384	IN	Data Raw: 2c 22 e0 b2 95 e0 b3 86 e0 b2 b2 e0 b2 b8 e0 b2 a6 20 e0 b2 ae e0 b2 be e0 b2 b9 e0 b2 bf e0 b2 a4 e0 b2 bf e0 b2 af e0 b2 a8 e0 b3 8d e0 b2 a8 e0 b3 81 20 e0 b2 b6 e0 b3 8b e0 b2 a7 e0 b2 bf e0 b2 b8 e0 b2 b2 e0 b3 81 20 e0 b2 a8 e0 b2 bf e0 b2 ae e0 b3 8d e0 b2 ae 20 e0 b2 96 e0 b2 be e0 b2 a4 e0 b3 86 e0 b2 af e0 b2 a8 e0 b3 8d e0 b2 a8 e0 b3 81 20 e0 b2 96 e0 b2 9a e0 b2 bf e0 b2 a4 e0 b2 aa e0 b2 a1 e0 b2 bf e0 b2 b8 e0 b2 bf e0 b2 95 e0 b3 8a e0 b2 b3 e0 b3 8d e0 b2 b3 e0 b2 bf 22 2c 22 e0 b2 8e e0 b2 b2 e0 b3 8d e0 b2 b2 e0 b2 be 20 e0 b2 a8 e0 b3 8b e0 b2 a1 e0 b2 bf 22 2c 22 e0 b2 8e e0 b2 b2 e0 b3 8d e0 b2 b2 e0 b2 be 22 2c 22 e0 b2 a8 e0 b2 bf e0 b2 af e0 b3 8b e0 b2 9c e0 b2 a8 e0 b3 86 e0 b2 97 e0 b2 b3 e0 b3 81 22 2c 2c 22 e0 b2 b8 e0 b2 82 Data Ascii: ," "," ","","",,"
2024-11-19 17:56:19 UTC	16384	IN	Data Raw: e0 a4 9d e0 a4 be e0 a4 b2 e0 a5 87 20 e0 a4 86 e0 a4 b9 e0 a5 87 22 2c 22 e0 a4 ab e0 a4 be e0 a4 87 e0 a4 b2 20 e0 a4 a8 e0 a4 be e0 a4 b5 22 2c 22 e0 a4 af e0 a4 be e0 a4 b8 e0 a4 be e0 a4 a0 e0 a5 80 20 e0 a4 b6 e0 a5 8b e0 a4 a7 e0 a5 82 e0 a4 a8 20 e0 a4 aa e0 a4 b9 e0 a4 be 22 2c 22 e0 a4 ab e0 a4 be e0 a4 87 e0 a4 b2 e0 a5 8d e0 a4 b8 22 2c 22 e0 a4 95 e0 a4 be e0 a4 b0 e0 a5 8d e0 a4 af 20 e0 a4 b6 e0 a5 8b e0 a4 a7 20 e0 a4 ae e0 a4 a7 e0 a5 8d e0 a4 af e0 a5 87 20 e0 a4 86 e0 a4 aa e0 a4 b2 e0 a5 87 20 e0 a4 b8 e0 a5 8d e0 a4 b5 e0 a4 be e0 a4 97 e0 a4 a4 20 e0 a4 86 e0 a4 b9 e0 a5 87 2c 20 7b 30 7d 21 22 2c 22 e0 a4 85 e0 a4 82 e0 a4 a4 e0 a4 b0 e0 a5 8d e0 a4 97 e0 a4 a4 20 e0 a4 b8 e0 a4 82 e0 a4 b8 e0 a4 be e0 a4 a7 e0 a4 a8 e0 a5 87 22 2c Data Ascii: "," "," ",""," , {0}!"," ",
2024-11-19 17:56:19 UTC	7952	IN	Data Raw: 22 57 79 c5 9b 77 69 65 74 6c 20 6d 6e 69 65 6a 22 2c 22 5a 6f 62 61 63 7a 20 77 69 c4 99 63 65 6a 22 2c 22 7b 30 7d 20 e2 80 94 20 77 69 c4 99 63 65 6a 20 77 79 6e 69 6b c3 b3 77 22 5d 29 28 22 70 74 2d 62 72 22 2c 5b 22 4f 63 75 6c 74 61 72 20 64 6f 20 68 69 73 74 c3 b3 72 69 63 6f 20 64 65 20 70 65 73 71 75 69 73 61 22 2c 22 45 6e 63 6f 6e 74 72 61 72 20 63 6f 6e 74 65 c3 ba 64 6f 73 20 6e 6f 20 74 72 61 62 61 6c 68 6f 20 66 69 63 6f 75 20 6d 61 69 73 20 66 c3 a1 63 69 6c 22 2c 22 6e 6f 6d 65 20 64 6f 20 61 72 71 75 69 76 6f 22 2c 22 54 65 6e 74 65 20 70 65 73 71 75 69 73 61 72 20 70 6f 72 20 75 6d 22 2c 22 41 72 71 75 69 76 6f 73 22 2c 22 42 65 6d 2d 76 69 6e 64 6f 20 c3 a0 20 70 65 73 71 75 69 73 61 20 64 65 20 74 72 61 62 61 6c 68 6f 2c 20 7b 30 7d Data Ascii: "Wywietl mniej","Zobacz wicej","{0} wicej wynikw"])("pt-br",["Ocultar do histrico de pesquisa","Encontrar contedos no trabalho ficou mais fcil","nome do arquivo","Tente pesquisar por um","Arquivos","Bem-vindo pesquisa de trabalho, {0}
2024-11-19 17:56:20 UTC	16384	IN	Data Raw: 2e 22 2c 22 6e 6f 74 72 61 6e 6a 69 20 76 69 72 69 22 2c 22 50 6f 73 6b 75 73 69 74 65 20 70 6f 69 73 6b 61 74 69 22 2c 22 50 6f 76 65 7a 61 76 65 22 2c 22 5a 61 c4 8d 6e 69 74 65 20 74 69 70 6b 61 74 69 2c 20 64 61 20 70 6f 69 c5 a1 c4 8d 65 74 65 20 6f 73 65 62 65 2c 20 64 61 74 6f 74 65 6b 65 20 69 6e 20 76 65 c4 8d 20 72 65 7a 75 6c 74 61 74 6f 76 20 76 20 7b 30 7d 21 22 2c 22 69 6d 65 20 61 6c 69 20 76 7a 64 65 76 65 6b 20 73 6f 64 65 6c 61 76 63 61 22 2c 22 50 6f 73 6b 75 73 69 74 65 20 76 6e 65 73 74 69 22 2c 22 4c 6a 75 64 6a 65 22 2c 22 53 74 69 6b 69 22 2c 22 53 6b 75 70 69 6e 65 22 2c 22 4e 61 6c 6f 67 65 22 2c 22 6d 6f 6a 65 20 6e 61 6c 6f 67 65 22 2c 22 4b 6f 6c 65 64 61 72 22 2c 22 4d 6f 6a 20 6b 6f 6c 65 64 61 72 22 2c 22 52 61 7a 72 65 64 Data Ascii: .","notranji viri","Poskusite poiskati","Povezave","Zanite tipkati, da poiete osebe, datoteke in ve rezultatov v {0}!","ime ali vzdevek sodelavca","Poskusite vnesti","Ljudje","Stiki","Skupine","Naloge","moje naloge","Koledar","Moj koledar","Razred
2024-11-19 17:56:20 UTC	8048	IN	Data Raw: b8 ad e0 b8 a1 e0 b8 b9 e0 b8 a5 e0 b8 87 e0 b8 b2 e0 b8 99 22 2c 22 e0 b8 94 e0 b8 b9 e0 b8 97 e0 b8 b1 e0 b9 89 e0 b8 87 e0 b8 ab e0 b8 a1 e0 b8 94 22 2c 22 e0 b8 97 e0 b8 b1 e0 b9 89 e0 b8 87 e0 b8 ab e0 b8 a1 e0 b8 94 22 2c 22 e0 b8 87 e0 b8 b2 e0 b8 99 e0 b8 97 e0 b8 b5 e0 b9 88 e0 b8 a1 e0 b8 ad e0 b8 9a e0 b8 ab e0 b8 a1 e0 b8 b2 e0 b8 a2 22 2c 2c 22 e0 b8 81 e0 b8 b2 e0 b8 a3 e0 b8 aa e0 b8 99 e0 b8 97 e0 b8 99 e0 b8 b2 22 2c 22 e0 b9 84 e0 b8 9f e0 b8 a5 e0 b9 8c 22 2c 22 e0 b8 82 e0 b9 89 e0 b8 ad e0 b8 84 e0 b8 a7 e0 b8 b2 e0 b8 a1 22 2c 22 e0 b8 9a e0 b8 b8 e0 b8 84 e0 b8 84 e0 b8 a5 22 2c 2c 22 e0 b9 84 e0 b8 8b e0 b8 95 e0 b9 8c 22 2c 2c 22 e0 b8 a2 e0 b8 b8 e0 b8 9a e0 b9 81 e0 b8 a5 e0 b9 89 e0 b8 a7 22 2c 22 e0 b8 81 e0 b8 a3 e0 b8 ad e0 Data Ascii: ","","","",,"","","","",,"",,"","

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 5876, Parent PID: 5712

General

Target ID:	0
Start time:	12:54:56
Start date:	19/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6824, Parent PID: 5876

General

Target ID:	1
Start time:	12:54:57
Start date:	19/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1940,i,14107596731685547058,14963332721071671440,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6440, Parent PID: 5712

General

Target ID:	2
Start time:	12:54:58
Start date:	19/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://52.113.191.172"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 7276, Parent PID: 4380

General

Target ID:	16
Start time:	12:56:13
Start date:	19/11/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe"
Imagebase:	0x7ff6fd780000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: conhost.exePID: 4780, Parent PID: 7276

General

Target ID:	17
Start time:	12:56:13
Start date:	19/11/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6684c0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: PING.EXEPID: 1172, Parent PID: 7276

General

Target ID:	18
Start time:	12:56:27
Start date:	19/11/2024
Path:	C:\Windows\System32\PING.EXE
Wow64 process (32bit):	false
Commandline:	ping 52.113.191.172
Imagebase:	0x7ff68c3e0000
File size:	22'528 bytes
MD5 hash:	2F46799D79D22AC72C241EC0322B011D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or `net view` using Net .
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Network Traffic: Network Connection Creation, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://52.113.191.172

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 59

Chrome Cache Entry: 60

Chrome Cache Entry: 61

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Windows Analysis Report
http://52.113.191.172