Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js

Overview

General Information

Sample URL:http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js
Analysis ID:809043
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain

Classification

  • System is w10x64
  • chrome.exe (PID: 5208 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 4876 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1728,i,15753723449913141145,3018605403501027829,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5852 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Snort rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jsAvira URL Cloud: detection malicious, Label: malware
Source: https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jsVirustotal: Detection: 8%Perma Link
Source: http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jsVirustotal: Detection: 10%Perma Link
Source: https://qwasdrgqwdasd.winbestprizess.info/favicon.icoAvira URL Cloud: Label: malware
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /palasekddq2hf45ysm.js HTTP/1.1Host: qwasdrgqwdasd.winbestprizess.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: qwasdrgqwdasd.winbestprizess.infoConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /palasekddq2hf45ysm.js HTTP/1.1Host: qwasdrgqwdasd.winbestprizess.infoConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Feb 2023 22:00:44 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytQegk6xGm9PCyMDbraClPzfuzjaFA03EMO1uzNLN1P2xijFc3DQ0MpMDb7PBH01YUm5QAnium5dgTHPcFmHX0s9OVo2BxZ4wceR%2FjI2Fhecazauw3AvlmySxI1mRPUNdSnvnAhNKAEI3BhllvO0KrSAGxA%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 79a1516cf9825bf9-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
Source: classification engineClassification label: mal72.win@26/0@10/9
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1728,i,15753723449913141145,3018605403501027829,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1728,i,15753723449913141145,3018605403501027829,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection
2
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel
Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol
Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol
Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer
SIM Card SwapCarrier Billing Fraud
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js10%VirustotalBrowse
http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js100%Avira URL Cloudmalware
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://qwasdrgqwdasd.winbestprizess.info/favicon.ico100%Avira URL Cloudmalware
https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js9%VirustotalBrowse
NameIPActiveMaliciousAntivirus DetectionReputation
a.nel.cloudflare.com
35.190.80.1
truefalse
    high
    accounts.google.com
    216.58.209.45
    truefalse
      high
      qwasdrgqwdasd.winbestprizess.info
      172.67.184.241
      truefalse
        unknown
        www.google.com
        142.250.203.100
        truefalse
          high
          clients.l.google.com
          142.250.203.110
          truefalse
            high
            clients2.google.com
            unknown
            unknownfalse
              high
              NameMaliciousAntivirus DetectionReputation
              https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jsfalseunknown
              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                high
                https://qwasdrgqwdasd.winbestprizess.info/favicon.icofalse
                • Avira URL Cloud: malware
                unknown
                http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jstrue
                  unknown
                  https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.jsfalseunknown
                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                    high
                    https://a.nel.cloudflare.com/report/v3?s=ytQegk6xGm9PCyMDbraClPzfuzjaFA03EMO1uzNLN1P2xijFc3DQ0MpMDb7PBH01YUm5QAnium5dgTHPcFmHX0s9OVo2BxZ4wceR%2FjI2Fhecazauw3AvlmySxI1mRPUNdSnvnAhNKAEI3BhllvO0KrSAGxA%3Dfalse
                      high
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      104.21.19.35
                      unknownUnited States
                      13335CLOUDFLARENETUSfalse
                      142.250.203.110
                      clients.l.google.comUnited States
                      15169GOOGLEUSfalse
                      216.58.209.45
                      accounts.google.comUnited States
                      15169GOOGLEUSfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      35.190.80.1
                      a.nel.cloudflare.comUnited States
                      15169GOOGLEUSfalse
                      172.67.184.241
                      qwasdrgqwdasd.winbestprizess.infoUnited States
                      13335CLOUDFLARENETUSfalse
                      142.250.184.100
                      unknownUnited States
                      15169GOOGLEUSfalse
                      IP
                      192.168.2.1
                      127.0.0.1
                      Joe Sandbox Version:36.0.0 Rainbow Opal
                      Analysis ID:809043
                      Start date and time:2023-02-15 22:59:38 +01:00
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 4m 56s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:13
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • HDC enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal72.win@26/0@10/9
                      EGA Information:Failed
                      HDC Information:Failed
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 0
                      • Number of non-executed functions: 0
                      • Exclude process from analysis (whitelisted): HxTsr.exe, RuntimeBroker.exe, SgrmBroker.exe, backgroundTaskHost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.250.184.99, 34.104.35.123, 142.250.203.99
                      • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, cdn.onenote.net, config.edge.skype.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                      No simulations
                      No context
                      No context
                      No context
                      No context
                      No context
                      No created / dropped files found
                      No static file info
                      TimestampSource PortDest PortSource IPDest IP
                      Feb 15, 2023 23:00:42.780292988 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:42.780358076 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:42.780452013 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:42.787790060 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:42.787853956 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:42.787936926 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:42.854037046 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:42.854099035 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:42.854554892 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:42.854610920 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:42.955332041 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:42.957909107 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:42.999470949 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.031471968 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.218417883 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.218472958 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.218571901 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.219233990 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.219252110 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.220596075 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.220613003 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.220844030 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.221961021 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.222027063 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.240091085 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.240122080 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.240638018 CET4971680192.168.2.6172.67.184.241
                      Feb 15, 2023 23:00:43.240942955 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.241024971 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.241767883 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.241836071 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.242453098 CET4971780192.168.2.6172.67.184.241
                      Feb 15, 2023 23:00:43.243005037 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.243038893 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.243107080 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.244050980 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.244074106 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.271466017 CET8049716172.67.184.241192.168.2.6
                      Feb 15, 2023 23:00:43.271666050 CET4971680192.168.2.6172.67.184.241
                      Feb 15, 2023 23:00:43.273111105 CET8049717172.67.184.241192.168.2.6
                      Feb 15, 2023 23:00:43.273251057 CET4971780192.168.2.6172.67.184.241
                      Feb 15, 2023 23:00:43.322417974 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.403358936 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.403398037 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.403826952 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.403850079 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.404890060 CET4971680192.168.2.6172.67.184.241
                      Feb 15, 2023 23:00:43.408303022 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.408351898 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.408390045 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.435615063 CET8049716172.67.184.241192.168.2.6
                      Feb 15, 2023 23:00:43.450258017 CET8049716172.67.184.241192.168.2.6
                      Feb 15, 2023 23:00:43.469316006 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.473874092 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.473907948 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.476157904 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.476291895 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.531465054 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.532840014 CET4971680192.168.2.6172.67.184.241
                      Feb 15, 2023 23:00:43.567154884 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.567219973 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.567312956 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.572259903 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.572299004 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.623558044 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.623617887 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.623730898 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.623763084 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.623919010 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.624161959 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.626676083 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.626727104 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.627058983 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.627079964 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.627331972 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.627346039 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.627579927 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.628664970 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.628696918 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.628993988 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.656785965 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.657484055 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.657522917 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.659185886 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.659303904 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.662470102 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.662672043 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.662714958 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.662838936 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.662904024 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.671793938 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.671828032 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.672039986 CET49713443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.672065973 CET44349713142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.672878027 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.676069021 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.676104069 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.692965031 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.693049908 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.693084002 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.693336010 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.693402052 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.700419903 CET49715443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.700443983 CET44349715216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.700932980 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:43.701011896 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.734427929 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.734462023 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:00:43.750535965 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.750607014 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:00:43.831538916 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:00:43.851846933 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:00:43.918776989 CET49720443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:43.918842077 CET44349720104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.206850052 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.206918001 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.207020998 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.211627007 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.211678028 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.254442930 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.254818916 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.254862070 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.255284071 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.255743027 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.255757093 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.255839109 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.255928040 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.255937099 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.356214046 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.356271029 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.356334925 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.357311964 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.357323885 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.382246971 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.382391930 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.382443905 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.399475098 CET49723443192.168.2.6104.21.19.35
                      Feb 15, 2023 23:00:44.399503946 CET44349723104.21.19.35192.168.2.6
                      Feb 15, 2023 23:00:44.404511929 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.404539108 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.404633999 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.404970884 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.404984951 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.429867029 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.430372000 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.430386066 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.431643963 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.431768894 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.434566021 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.434571981 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.434668064 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.459889889 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.469254017 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.469294071 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.470652103 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.470743895 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.473779917 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.473789930 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.473984003 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.474025011 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.474034071 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.530999899 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.531039000 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:44.564615011 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.564639091 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.612639904 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.612735987 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.613065004 CET49726443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.613085032 CET4434972635.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.614662886 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.614716053 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.614814043 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.615104914 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.615120888 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.645298958 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:44.667048931 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.682260036 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.682303905 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.683203936 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.683706999 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.683726072 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.683842897 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.683849096 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.683896065 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.817771912 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:44.817848921 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.818665981 CET49727443192.168.2.635.190.80.1
                      Feb 15, 2023 23:00:44.818705082 CET4434972735.190.80.1192.168.2.6
                      Feb 15, 2023 23:00:54.445139885 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:54.445223093 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:00:54.445336103 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:00:58.305275917 CET8049717172.67.184.241192.168.2.6
                      Feb 15, 2023 23:00:58.305479050 CET4971780192.168.2.6172.67.184.241
                      Feb 15, 2023 23:01:28.621285915 CET4971680192.168.2.6172.67.184.241
                      Feb 15, 2023 23:01:28.652127028 CET8049716172.67.184.241192.168.2.6
                      Feb 15, 2023 23:01:28.808818102 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:01:28.808824062 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:01:28.808852911 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:01:28.808860064 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:01:39.450310946 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:39.450356007 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:43.310129881 CET4971780192.168.2.6172.67.184.241
                      Feb 15, 2023 23:01:43.341738939 CET8049717172.67.184.241192.168.2.6
                      Feb 15, 2023 23:01:45.037483931 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:01:45.037499905 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:01:45.037523985 CET49725443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:45.037561893 CET44349725142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.037743092 CET44349714142.250.203.110192.168.2.6
                      Feb 15, 2023 23:01:45.037756920 CET44349718216.58.209.45192.168.2.6
                      Feb 15, 2023 23:01:45.037846088 CET49714443192.168.2.6142.250.203.110
                      Feb 15, 2023 23:01:45.037875891 CET49718443192.168.2.6216.58.209.45
                      Feb 15, 2023 23:01:45.092446089 CET49750443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:45.092502117 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.092582941 CET49750443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:45.092880011 CET49750443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:45.092902899 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.165838003 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.179929018 CET49750443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:45.179999113 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.180907965 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.181442022 CET49750443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:45.181464911 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.181590080 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:45.325793028 CET49750443192.168.2.6142.250.184.100
                      Feb 15, 2023 23:01:55.148591995 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:55.148674011 CET44349750142.250.184.100192.168.2.6
                      Feb 15, 2023 23:01:55.148809910 CET49750443192.168.2.6142.250.184.100
                      TimestampSource PortDest PortSource IPDest IP
                      Feb 15, 2023 23:00:41.017493963 CET5908253192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:41.019469023 CET5950453192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:41.043591022 CET53590828.8.8.8192.168.2.6
                      Feb 15, 2023 23:00:41.048223972 CET53595048.8.8.8192.168.2.6
                      Feb 15, 2023 23:00:42.253371000 CET5950453192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:42.273197889 CET53595048.8.8.8192.168.2.6
                      Feb 15, 2023 23:00:42.784204006 CET6386353192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:42.807393074 CET53638638.8.8.8192.168.2.6
                      Feb 15, 2023 23:00:43.502046108 CET6322953192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:43.526010036 CET53632298.8.8.8192.168.2.6
                      Feb 15, 2023 23:00:44.289285898 CET5612253192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:44.315352917 CET53561228.8.8.8192.168.2.6
                      Feb 15, 2023 23:00:44.321707964 CET5255653192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:44.348922968 CET53525568.8.8.8192.168.2.6
                      Feb 15, 2023 23:00:44.385025024 CET6160953192.168.2.68.8.8.8
                      Feb 15, 2023 23:00:44.402992010 CET53616098.8.8.8192.168.2.6
                      Feb 15, 2023 23:01:44.349495888 CET5732253192.168.2.68.8.8.8
                      Feb 15, 2023 23:01:44.369246006 CET53573228.8.8.8192.168.2.6
                      Feb 15, 2023 23:01:45.039263010 CET6295853192.168.2.68.8.8.8
                      Feb 15, 2023 23:01:45.057209969 CET53629588.8.8.8192.168.2.6
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Feb 15, 2023 23:00:41.017493963 CET192.168.2.68.8.8.80x6e01Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:41.019469023 CET192.168.2.68.8.8.80x4cd8Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:42.253371000 CET192.168.2.68.8.8.80x4cd8Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:42.784204006 CET192.168.2.68.8.8.80x7abStandard query (0)qwasdrgqwdasd.winbestprizess.infoA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:43.502046108 CET192.168.2.68.8.8.80x8357Standard query (0)qwasdrgqwdasd.winbestprizess.infoA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:44.289285898 CET192.168.2.68.8.8.80x8fc7Standard query (0)www.google.comA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:44.321707964 CET192.168.2.68.8.8.80xf88bStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:44.385025024 CET192.168.2.68.8.8.80x3116Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:01:44.349495888 CET192.168.2.68.8.8.80x40ebStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      Feb 15, 2023 23:01:45.039263010 CET192.168.2.68.8.8.80xbb6aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Feb 15, 2023 23:00:41.043591022 CET8.8.8.8192.168.2.60x6e01No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Feb 15, 2023 23:00:41.043591022 CET8.8.8.8192.168.2.60x6e01No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:41.048223972 CET8.8.8.8192.168.2.60x4cd8No error (0)accounts.google.com216.58.209.45A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:42.273197889 CET8.8.8.8192.168.2.60x4cd8No error (0)accounts.google.com216.58.209.45A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:42.807393074 CET8.8.8.8192.168.2.60x7abNo error (0)qwasdrgqwdasd.winbestprizess.info172.67.184.241A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:42.807393074 CET8.8.8.8192.168.2.60x7abNo error (0)qwasdrgqwdasd.winbestprizess.info104.21.19.35A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:43.526010036 CET8.8.8.8192.168.2.60x8357No error (0)qwasdrgqwdasd.winbestprizess.info104.21.19.35A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:43.526010036 CET8.8.8.8192.168.2.60x8357No error (0)qwasdrgqwdasd.winbestprizess.info172.67.184.241A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:44.315352917 CET8.8.8.8192.168.2.60x8fc7No error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:44.348922968 CET8.8.8.8192.168.2.60xf88bNo error (0)www.google.com142.250.184.100A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:00:44.402992010 CET8.8.8.8192.168.2.60x3116No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:01:44.369246006 CET8.8.8.8192.168.2.60x40ebNo error (0)www.google.com142.250.203.100A (IP address)IN (0x0001)false
                      Feb 15, 2023 23:01:45.057209969 CET8.8.8.8192.168.2.60xbb6aNo error (0)www.google.com142.250.184.100A (IP address)IN (0x0001)false
                      • accounts.google.com
                      • clients2.google.com
                      • qwasdrgqwdasd.winbestprizess.info
                      • https:
                      • a.nel.cloudflare.com
                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.649715216.58.209.45443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.649713142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      2192.168.2.649720104.21.19.35443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      3192.168.2.649723104.21.19.35443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      4192.168.2.64972635.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      5192.168.2.64972735.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      6192.168.2.649716172.67.184.24180C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      Feb 15, 2023 23:00:43.404890060 CET115OUTGET /palasekddq2hf45ysm.js HTTP/1.1
                      Host: qwasdrgqwdasd.winbestprizess.info
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                      Accept-Encoding: gzip, deflate
                      Accept-Language: en-US,en;q=0.9
                      Feb 15, 2023 23:00:43.450258017 CET119INHTTP/1.1 301 Moved Permanently
                      Date: Wed, 15 Feb 2023 22:00:43 GMT
                      Transfer-Encoding: chunked
                      Connection: keep-alive
                      Cache-Control: max-age=3600
                      Expires: Wed, 15 Feb 2023 23:00:43 GMT
                      Location: https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sFW7r6rMj3OIDTyJ1JCTQFa2NAzZNJs1yWR2aKoVFHqwUH6T%2F%2F5GVz0LmWwdBTEyk6%2BEh%2FQUKHmB2QSDtGql5%2B9Mj4a%2Fafvu99lHd6IXgoELQqrCRe%2FQ0htEIYDL3Si1puZ1KcrihbAOqzwi%2FLwKMmJjGL0%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Vary: Accept-Encoding
                      Server: cloudflare
                      CF-RAY: 79a151675fbf7300-LHR
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                      Data Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0
                      Feb 15, 2023 23:01:28.621285915 CET609OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      7192.168.2.649717172.67.184.24180C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      Feb 15, 2023 23:01:43.310129881 CET704OUTData Raw: 00
                      Data Ascii:


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.649715216.58.209.45443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-02-15 22:00:43 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                      Host: accounts.google.com
                      Connection: keep-alive
                      Content-Length: 1
                      Origin: https://www.google.com
                      Content-Type: application/x-www-form-urlencoded
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      Cookie: __Secure-ENID=6.SE=Md0Ynyf9ahpkx1CxTGF0vY434NJ6ymH-gDI2Tl5Ly-NQYGPjnNfggtiFRMAwx4JRDOC_gavEPcD5cTBJzUgtbJobmBEuJ8xi2UuotxvOZgApoqSIg1b0RP47U08XG8Bz_SExSzKy0ETSsajbToDlYyFsxfI93p7AyRAd-OeIBA0; CONSENT=PENDING+070
                      2023-02-15 22:00:43 UTC0OUTData Raw: 20
                      Data Ascii:
                      2023-02-15 22:00:43 UTC3INHTTP/1.1 200 OK
                      Content-Type: application/json; charset=utf-8
                      Access-Control-Allow-Origin: https://www.google.com
                      Access-Control-Allow-Credentials: true
                      X-Content-Type-Options: nosniff
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Wed, 15 Feb 2023 22:00:43 GMT
                      Strict-Transport-Security: max-age=31536000; includeSubDomains
                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
                      Cross-Origin-Opener-Policy: same-origin
                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                      Content-Security-Policy: script-src 'report-sample' 'nonce-1aVG9SBzwUHLuhAEwK6Vfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                      Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                      Server: ESF
                      X-XSS-Protection: 0
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-02-15 22:00:43 UTC5INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                      Data Ascii: 11["gaia.l.a.r",[]]
                      2023-02-15 22:00:43 UTC5INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      1192.168.2.649713142.250.203.110443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-02-15 22:00:43 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                      Host: clients2.google.com
                      Connection: keep-alive
                      X-Goog-Update-Interactivity: fg
                      X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                      X-Goog-Update-Updater: chromecrx-104.0.5112.81
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: empty
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-02-15 22:00:43 UTC1INHTTP/1.1 200 OK
                      Content-Security-Policy: script-src 'report-sample' 'nonce-W-mMIwkhshQWVRyN6Z79Kg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                      Pragma: no-cache
                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                      Date: Wed, 15 Feb 2023 22:00:43 GMT
                      Content-Type: text/xml; charset=UTF-8
                      X-Daynum: 5889
                      X-Daystart: 50443
                      X-Content-Type-Options: nosniff
                      X-Frame-Options: SAMEORIGIN
                      X-XSS-Protection: 1; mode=block
                      Server: GSE
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Accept-Ranges: none
                      Vary: Accept-Encoding
                      Connection: close
                      Transfer-Encoding: chunked
                      2023-02-15 22:00:43 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 38 38 39 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 35 30 34 34 33 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                      Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5889" elapsed_seconds="50443"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                      2023-02-15 22:00:43 UTC2INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                      Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                      2023-02-15 22:00:43 UTC2INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      2192.168.2.649720104.21.19.35443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-02-15 22:00:43 UTC2OUTGET /palasekddq2hf45ysm.js HTTP/1.1
                      Host: qwasdrgqwdasd.winbestprizess.info
                      Connection: keep-alive
                      Upgrade-Insecure-Requests: 1
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                      Sec-Fetch-Site: none
                      Sec-Fetch-Mode: navigate
                      Sec-Fetch-User: ?1
                      Sec-Fetch-Dest: document
                      sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                      sec-ch-ua-mobile: ?0
                      sec-ch-ua-platform: "Windows"
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-02-15 22:00:43 UTC5INHTTP/1.1 200 OK
                      Date: Wed, 15 Feb 2023 22:00:43 GMT
                      Content-Type: application/javascript
                      Content-Length: 621
                      Connection: close
                      Last-Modified: Wed, 09 Nov 2022 23:25:24 GMT
                      ETag: "636c36e4-26d"
                      Cache-Control: max-age=14400
                      CF-Cache-Status: HIT
                      Age: 2999
                      Accept-Ranges: bytes
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e1qcs44SCnecjBBmwk6wZ5qa2JTO2tM4y8m6249PZIkGuyNWHEoKOi1Xaf2A62KtKjbFbaPMJBXOuboHrRAQnvwJdHosakhpY%2FnYSwfbc6RNv3tEVfzZ5UJEGz%2FHLGaoPOKHSBpLTUmR8%2Bsalpv%2Fw6oOk18%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 79a1516909b92bf7-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                      2023-02-15 22:00:43 UTC5INData Raw: 21 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 76 61 72 20 65 2c 20 74 20 3d 20 70 6f 70 75 6e 64 65 72 2e 75 72 6c 20 7c 7c 20 22 68 74 74 70 73 3a 2f 2f 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 0a 20 20 20 20 20 20 20 20 6e 20 3d 20 22 63 6c 69 63 6b 22 2c 0a 20 20 20 20 20 20 20 20 6f 20 3d 20 22 70 6f 70 75 6e 64 65 72 22 2c 0a 20 20 20 20 20 20 20 20 63 20 3d 20 70 6f 70 75 6e 64 65 72 2e 63 6c 69 63 6b 73 5f 6e 75 6d 20 7c 7c 20 31 2c 0a 20 20 20 20 20 20 20 20 69 20 3d 20 70 6f 70 75 6e 64 65 72 2e 65 78 70 69 72 65 20 7c 7c 20 32 34 2c 09 09 0a 20 20 20 20 20 20 20 20 64 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 2c 0a 20 20 20 20 20 20 20 20 75 20 3d 20 22 75 6e 64 65 66 69 6e 65 64 22 2c 0a 09 09 70 20
                      Data Ascii: ! function() { var e, t = popunder.url || "https://google.com", n = "click", o = "popunder", c = popunder.clicks_num || 1, i = popunder.expire || 24, d = document.documentElement, u = "undefined",p


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      3192.168.2.649723104.21.19.35443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-02-15 22:00:44 UTC6OUTGET /favicon.ico HTTP/1.1
                      Host: qwasdrgqwdasd.winbestprizess.info
                      Connection: keep-alive
                      sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                      sec-ch-ua-mobile: ?0
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      sec-ch-ua-platform: "Windows"
                      Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                      Sec-Fetch-Site: same-origin
                      Sec-Fetch-Mode: no-cors
                      Sec-Fetch-Dest: image
                      Referer: https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-02-15 22:00:44 UTC7INHTTP/1.1 404 Not Found
                      Date: Wed, 15 Feb 2023 22:00:44 GMT
                      Content-Type: text/html
                      Transfer-Encoding: chunked
                      Connection: close
                      Cache-Control: max-age=14400
                      CF-Cache-Status: MISS
                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ytQegk6xGm9PCyMDbraClPzfuzjaFA03EMO1uzNLN1P2xijFc3DQ0MpMDb7PBH01YUm5QAnium5dgTHPcFmHX0s9OVo2BxZ4wceR%2FjI2Fhecazauw3AvlmySxI1mRPUNdSnvnAhNKAEI3BhllvO0KrSAGxA%3D"}],"group":"cf-nel","max_age":604800}
                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                      Server: cloudflare
                      CF-RAY: 79a1516cf9825bf9-FRA
                      alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                      2023-02-15 22:00:44 UTC7INData Raw: 32 32 34 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68
                      Data Ascii: 224<html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Ch
                      2023-02-15 22:00:44 UTC8INData Raw: 30 0d 0a 0d 0a
                      Data Ascii: 0


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      4192.168.2.64972635.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-02-15 22:00:44 UTC8OUTOPTIONS /report/v3?s=ytQegk6xGm9PCyMDbraClPzfuzjaFA03EMO1uzNLN1P2xijFc3DQ0MpMDb7PBH01YUm5QAnium5dgTHPcFmHX0s9OVo2BxZ4wceR%2FjI2Fhecazauw3AvlmySxI1mRPUNdSnvnAhNKAEI3BhllvO0KrSAGxA%3D HTTP/1.1
                      Host: a.nel.cloudflare.com
                      Connection: keep-alive
                      Origin: https://qwasdrgqwdasd.winbestprizess.info
                      Access-Control-Request-Method: POST
                      Access-Control-Request-Headers: content-type
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-02-15 22:00:44 UTC8INHTTP/1.1 200 OK
                      content-length: 0
                      access-control-max-age: 86400
                      access-control-allow-methods: POST, OPTIONS
                      access-control-allow-origin: *
                      access-control-allow-headers: content-length, content-type
                      date: Wed, 15 Feb 2023 22:00:44 GMT
                      Via: 1.1 google
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      5192.168.2.64972735.190.80.1443C:\Program Files\Google\Chrome\Application\chrome.exe
                      TimestampkBytes transferredDirectionData
                      2023-02-15 22:00:44 UTC9OUTPOST /report/v3?s=ytQegk6xGm9PCyMDbraClPzfuzjaFA03EMO1uzNLN1P2xijFc3DQ0MpMDb7PBH01YUm5QAnium5dgTHPcFmHX0s9OVo2BxZ4wceR%2FjI2Fhecazauw3AvlmySxI1mRPUNdSnvnAhNKAEI3BhllvO0KrSAGxA%3D HTTP/1.1
                      Host: a.nel.cloudflare.com
                      Connection: keep-alive
                      Content-Length: 476
                      Content-Type: application/reports+json
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                      Accept-Encoding: gzip, deflate, br
                      Accept-Language: en-US,en;q=0.9
                      2023-02-15 22:00:44 UTC9OUTData Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 37 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 71 77 61 73 64 72 67 71 77 64 61 73 64 2e 77 69 6e 62 65 73 74 70 72 69 7a 65 73 73 2e 69 6e 66 6f 2f 70 61 6c 61 73 65 6b 64 64 71 32 68 66 34 35 79 73 6d 2e 6a 73 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 39 2e 33 35 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e
                      Data Ascii: [{"age":0,"body":{"elapsed_time":176,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js","sampling_fraction":1.0,"server_ip":"104.21.19.35","status_code":404,"type":"http.
                      2023-02-15 22:00:44 UTC10INHTTP/1.1 200 OK
                      content-length: 0
                      date: Wed, 15 Feb 2023 22:00:44 GMT
                      Via: 1.1 google
                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                      Connection: close


                      Click to jump to process

                      Click to jump to process

                      Click to dive into process behavior distribution

                      Click to jump to process

                      Target ID:0
                      Start time:23:00:37
                      Start date:15/02/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                      Imagebase:0x7ff6f9750000
                      File size:2851656 bytes
                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low

                      Target ID:1
                      Start time:23:00:38
                      Start date:15/02/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1944 --field-trial-handle=1728,i,15753723449913141145,3018605403501027829,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                      Imagebase:0x7ff6f9750000
                      File size:2851656 bytes
                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low

                      Target ID:2
                      Start time:23:00:39
                      Start date:15/02/2023
                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "http://qwasdrgqwdasd.winbestprizess.info/palasekddq2hf45ysm.js
                      Imagebase:0x7ff6f9750000
                      File size:2851656 bytes
                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low

                      No disassembly