Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
https://cat.nl3.eu.criteo.com

Overview

General Information

Sample URL:https://cat.nl3.eu.criteo.com
Analysis ID:894606
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 4952 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cat.nl3.eu.criteo.com/ MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 3256 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1768,i,9653423935331324691,15110827108972514347,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cat.nl3.eu.criteo.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cat.nl3.eu.criteo.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://cat.nl3.eu.criteo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cat.nl3.eu.criteo.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://cat.nl3.eu.criteo.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: cat.nl3.eu.criteo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cat.nl3.eu.criteo.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: cat.nl3.eu.criteo.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.eu.criteo.co&oit=3&cp=28&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.eu.criteo&oit=3&cp=25&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.&oit=3&cp=16&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fc&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.&oit=3&cp=10&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.m&oit=3&cp=11&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.ms&oit=3&cp=12&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msf&oit=3&cp=13&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msft&oit=3&cp=14&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msfts&oit=3&cp=15&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftst&oit=3&cp=16&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftsta&oit=3&cp=17&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstat&oit=3&cp=18&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstati&oit=3&cp=19&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstatic&oit=3&cp=20&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknownDNS traffic detected: queries for: cat.nl3.eu.criteo.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: chromecache_144.1.drString found in binary or memory: http://ru.msf.org
Source: chromecache_153.1.drString found in binary or memory: https://aka.ms/remoteconnect
Source: chromecache_141.1.drString found in binary or memory: https://cat.nl3.eu.criteo.co
Source: chromecache_141.1.drString found in binary or memory: https://cat.nl3.eu.criteo.com/delivery/ck.php?cppv
Source: chromecache_152.1.drString found in binary or memory: https://chat.openai.com
Source: chromecache_152.1.drString found in binary or memory: https://clients.sjp.co.uk
Source: chromecache_137.1.drString found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q
Source: chromecache_153.1.drString found in binary or memory: https://offer.ndors.org.uk
Source: chromecache_153.1.drString found in binary or memory: https://pupil.multiplication-tables-check.service.gov.uk
Source: chromecache_147.1.drString found in binary or memory: https://r.3v.fi/discord-timestamps/
Source: chromecache_147.1.drString found in binary or memory: https://r.codewars.ml/
Source: chromecache_144.1.drString found in binary or memory: https://r.msf
Source: chromecache_150.1.drString found in binary or memory: https://r.msft
Source: chromecache_138.1.drString found in binary or memory: https://r.msfts
Source: chromecache_149.1.drString found in binary or memory: https://r.msftst
Source: chromecache_139.1.drString found in binary or memory: https://r.msftsta
Source: chromecache_143.1.drString found in binary or memory: https://r.msftstati
Source: chromecache_145.1.drString found in binary or memory: https://r.msftstatic
Source: chromecache_147.1.drString found in binary or memory: https://r.mtdv.me/
Source: chromecache_147.1.drString found in binary or memory: https://r.pluralsight.gq/
Source: chromecache_147.1.drString found in binary or memory: https://r.stripe.com/0
Source: chromecache_147.1.drString found in binary or memory: https://r.studyschooltoday.eu.org/
Source: chromecache_147.1.drString found in binary or memory: https://r.utopiaworld.ink/
Source: chromecache_137.1.drString found in binary or memory: https://reader.egress.com/
Source: chromecache_137.1.drString found in binary or memory: https://reader.nhs.net/
Source: chromecache_137.1.drString found in binary or memory: https://recruit.raf.mod.uk/login
Source: chromecache_137.1.drString found in binary or memory: https://renewals.carolenash.com
Source: chromecache_137.1.drString found in binary or memory: https://retail.santander.co.uk
Source: chromecache_137.1.drString found in binary or memory: https://roblox.com
Source: chromecache_153.1.drString found in binary or memory: https://systmonline.tpp-uk.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: classification engineClassification label: clean0.win@27/17@9/7
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cat.nl3.eu.criteo.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1768,i,9653423935331324691,15110827108972514347,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1768,i,9653423935331324691,15110827108972514347,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 894606 URL: https://cat.nl3.eu.criteo.com Startdate: 26/06/2023 Architecture: WINDOWS Score: 0 12 www.google.com 2->12 6 chrome.exe 1 2->6         started        process3 dnsIp4 14 192.168.2.1 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 9 chrome.exe 6->9         started        process5 dnsIp6 18 142.250.184.196, 443, 49770, 49773 GOOGLEUS United States 9->18 20 www.google.com 142.250.186.100, 443, 49759, 49764 GOOGLEUS United States 9->20 22 5 other IPs or domains 9->22

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://cat.nl3.eu.criteo.com0%VirustotalBrowse
https://cat.nl3.eu.criteo.com0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://r.studyschooltoday.eu.org/0%Avira URL Cloudsafe
https://r.mtdv.me/0%Avira URL Cloudsafe
https://r.msf0%Avira URL Cloudsafe
https://cat.nl3.eu.criteo.co0%Avira URL Cloudsafe
https://r.msft0%Avira URL Cloudsafe
https://offer.ndors.org.uk0%Avira URL Cloudsafe
https://r.studyschooltoday.eu.org/0%VirustotalBrowse
https://pupil.multiplication-tables-check.service.gov.uk0%Avira URL Cloudsafe
https://r.pluralsight.gq/0%Avira URL Cloudsafe
https://r.utopiaworld.ink/0%Avira URL Cloudsafe
https://clients.sjp.co.uk0%Avira URL Cloudsafe
https://r.codewars.ml/0%Avira URL Cloudsafe
https://r.msftstati0%Avira URL Cloudsafe
https://r.msftstatic0%Avira URL Cloudsafe
https://r.msfts0%Avira URL Cloudsafe
https://retail.santander.co.uk0%Avira URL Cloudsafe
https://r.msftsta0%Avira URL Cloudsafe
https://r.msftst0%Avira URL Cloudsafe
https://r.3v.fi/discord-timestamps/0%Avira URL Cloudsafe

Domains and IPs

Download Network PCAP: filteredfull

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.186.141
truefalse
    		high
    www.google.com
    		142.250.186.100
    		truefalse
      		high
      clients.l.google.com
      		142.250.186.78
      		truefalse
        		high
        cat.nl3.vip.prod.criteo.com
        		178.250.1.6
        		truefalse
          		high
          clients2.google.com
          		unknown
          		unknownfalse
            		high
            cat.nl3.eu.criteo.com
            		unknown
            		unknownfalse
              		high

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                		high
                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstati&oit=3&cp=19&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                  		high
                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.eu.criteo.co&oit=3&cp=28&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                    		high
                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.ms&oit=3&cp=12&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                      		high
                      https://cat.nl3.eu.criteo.com/favicon.icofalse
                        		high
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstat&oit=3&cp=18&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                          		high
                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftsta&oit=3&cp=17&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                            		high
                            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msf&oit=3&cp=13&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                              		high
                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstatic&oit=3&cp=20&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                		high
                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                  		high
                                  https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                    		high
                                    https://cat.nl3.eu.criteo.com/false
                                      		high
                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msfts&oit=3&cp=15&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                        		high
                                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.m&oit=3&cp=11&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                          		high
                                          https://cat.nl3.eu.criteo.com/false
                                            		high
                                            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                              		high
                                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msft&oit=3&cp=14&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                		high
                                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fc&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                  		high
                                                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.&oit=3&cp=16&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                    		high
                                                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftst&oit=3&cp=16&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                      		high
                                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.&oit=3&cp=10&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                        		high
                                                        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                                                          		high
                                                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.eu.criteo&oit=3&cp=25&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                            		high
                                                            NameSourceMaliciousAntivirus DetectionReputation
                                                            https://r.studyschooltoday.eu.org/chromecache_147.1.drfalse
                                                            • 0%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://reader.nhs.net/chromecache_137.1.drfalse
                                                              		high
                                                              https://r.msfchromecache_144.1.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://r.mtdv.me/chromecache_147.1.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://reader.egress.com/chromecache_137.1.drfalse
                                                                		high
                                                                https://cat.nl3.eu.criteo.cochromecache_141.1.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://r.msftchromecache_150.1.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://roblox.comchromecache_137.1.drfalse
                                                                  		high
                                                                  http://ru.msf.orgchromecache_144.1.drfalse
                                                                    		high
                                                                    https://chat.openai.comchromecache_152.1.drfalse
                                                                      		high
                                                                      https://offer.ndors.org.ukchromecache_153.1.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://renewals.carolenash.comchromecache_137.1.drfalse
                                                                        		high
                                                                        https://pupil.multiplication-tables-check.service.gov.ukchromecache_153.1.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://recruit.raf.mod.uk/loginchromecache_137.1.drfalse
                                                                          		high
                                                                          https://r.pluralsight.gq/chromecache_147.1.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://r.utopiaworld.ink/chromecache_147.1.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://clients.sjp.co.ukchromecache_152.1.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://r.codewars.ml/chromecache_147.1.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://r.msftstatichromecache_143.1.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://r.stripe.com/0chromecache_147.1.drfalse
                                                                            		high
                                                                            https://r.msftstaticchromecache_145.1.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://aka.ms/remoteconnectchromecache_153.1.drfalse
                                                                              		high
                                                                              https://cat.nl3.eu.criteo.com/delivery/ck.php?cppvchromecache_141.1.drfalse
                                                                                		high
                                                                                https://r.msftschromecache_138.1.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://retail.santander.co.ukchromecache_137.1.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://systmonline.tpp-uk.comchromecache_153.1.drfalse
                                                                                  		high
                                                                                  https://r.msftstachromecache_139.1.drfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://r.msftstchromecache_149.1.drfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://r.3v.fi/discord-timestamps/chromecache_147.1.drfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown

                                                                                  World Map of Contacted IPs

                                                                                  • No. of IPs < 25%
                                                                                  • 25% < No. of IPs < 50%
                                                                                  • 50% < No. of IPs < 75%
                                                                                  • 75% < No. of IPs

                                                                                  Public IPs

                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                  142.250.186.78
                                                                                  		clients.l.google.comUnited States
                                                                                  		15169GOOGLEUSfalse
                                                                                  142.250.184.196
                                                                                  		unknownUnited States
                                                                                  		15169GOOGLEUSfalse
                                                                                  178.250.1.6
                                                                                  		cat.nl3.vip.prod.criteo.comFrance
                                                                                  		44788ASN-CRITEO-EUROPEFRfalse
                                                                                  142.250.186.141
                                                                                  		accounts.google.comUnited States
                                                                                  		15169GOOGLEUSfalse
                                                                                  239.255.255.250
                                                                                  		unknownReserved
                                                                                  		unknownunknownfalse
                                                                                  142.250.186.100
                                                                                  		www.google.comUnited States
                                                                                  		15169GOOGLEUSfalse

                                                                                  Private

                                                                                  IP
                                                                                  192.168.2.1

                                                                                  General Information

                                                                                  Joe Sandbox Version:37.1.0 Beryl
                                                                                  Analysis ID:894606
                                                                                  Start date and time:2023-06-26 18:11:37 +02:00
                                                                                  Joe Sandbox Product:CloudBasic
                                                                                  Overall analysis duration:0h 3m 56s
                                                                                  Hypervisor based Inspection enabled:false
                                                                                  Report type:full
                                                                                  Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                  Sample URL:https://cat.nl3.eu.criteo.com
                                                                                  Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                                                                  Number of analysed new started processes analysed:4
                                                                                  Number of new started drivers analysed:0
                                                                                  Number of existing processes analysed:0
                                                                                  Number of existing drivers analysed:0
                                                                                  Number of injected processes analysed:0
                                                                                  Technologies:
                                                                                  • HCA enabled
                                                                                  • EGA enabled
                                                                                  • HDC enabled
                                                                                  • AMSI enabled
                                                                                  Analysis Mode:default
                                                                                  Analysis stop reason:Timeout
                                                                                  Detection:CLEAN
                                                                                  Classification:clean0.win@27/17@9/7
                                                                                  EGA Information:Failed
                                                                                  HDC Information:Failed
                                                                                  HCA Information:
                                                                                  • Successful, ratio: 100%
                                                                                  • Number of executed functions: 0
                                                                                  • Number of non-executed functions: 0
                                                                                  • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                                                                                  • Excluded IPs from analysis (whitelisted): 142.250.186.35, 34.104.35.123, 142.250.184.227, 142.250.185.142, 142.250.186.99
                                                                                  • Excluded domains from analysis (whitelisted): edgedl.me.gvt1.com, login.live.com, slscr.update.microsoft.com, encrypted-tbn0.gstatic.com, update.googleapis.com, clientservices.googleapis.com
                                                                                  • Not all processes where analyzed, report is missing behavior information

                                                                                  Simulations

                                                                                  Behavior and APIs

                                                                                  No simulations

                                                                                  Joe Sandbox View / Context

                                                                                  IPs

                                                                                  No context

                                                                                  Domains

                                                                                  No context

                                                                                  ASNs

                                                                                  No context

                                                                                  JA3 Fingerprints

                                                                                  No context

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  Chrome Cache Entry: 137

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (1043)
                                                                                  Category:downloaded
                                                                                  Size (bytes):1048
                                                                                  Entropy (8bit):5.507972006960149
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u27aqrxybK0HFQu282266paMZ4/BHslriFbuVmNdy7jETkTMXi2809wuyexdl9kR:h8nHv3fgBHslgG6ljcHuNl9FoqIQfV+
                                                                                  MD5:52451241D79FC608220A760E56D8EF70
                                                                                  SHA1:5D716EAA366277E35F6E81A57A212B42DD4D9DD5
                                                                                  SHA-256:82083A6B7D6367D8063BB2DC01309685601B89709550B6ADE07E4DC3524AF166
                                                                                  SHA-512:A6C6A4513D02E7A24F2996BC3166190C65D60FF30DE86317A917D451808380AE9076F4EF9521DA9199A4B04879B3B7B579C2794BA71EC08C7C12A2D1703F9FCF
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r",["https://reader.egress.com/","https://retail.santander.co.uk","https://reader.nhs.net/","https://renewals.carolenash.com","https://recruit.raf.mod.uk/login","https //real-debrid/com/device","https://roblox.com","https //ring.com login","https //router.asus.com 8443","https //rl.jw.org hotels"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{},{},{},{},{},{},{"a":"Roblox \u2014 Online game","dc":"#a31912","i":"https://encrypted-tbn0.gstatic.com/images?q\u003dtbn:ANd9GcSp6TRXFn7E98XinWQvRiKQOo0uehCBCD7MdNiihfM\u0026s\u003d10","q":"gs_ssp\u003deJzj4tLP1TcwMksqNkw3YPQSyigpKSi20tcvyk_Kya_QS87PBQCbEApA","t":"https://roblox.com","zae":"/m/026bs1g"},{},{},{}],"google:suggestrelevance":[804,803,802,801,800,650,601,600,551,550],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[512],[44],[512],[512],[512]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","ENTITY","QUERY","

                                                                                  Chrome Cache Entry: 138

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (548)
                                                                                  Category:downloaded
                                                                                  Size (bytes):553
                                                                                  Entropy (8bit):4.863949124401245
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u2G/iTp5QBHslriFkdnYROVwuZs9kwuX9w4swzC3:3MBHslgCA/uZs9Fv++
                                                                                  MD5:0E9FB9DEAB0712418F3CF8D20E785ED9
                                                                                  SHA1:CF0B86F5F62147AD77CAB87C01DF05E08AE0B86B
                                                                                  SHA-256:8F8E6037E87A76CE14A63C3B4FA696E76A3A95A7CFB6347DD011B60A2259BCA9
                                                                                  SHA-512:C6598C6F7395A34657A5149BA7EF269D006DFCDBD4A50455C99A528D8E8BDD348A38559827A28C8CEFC115E6172D201F277C8124E98AB82B0B70E79B24E8178A
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msfts&oit=3&cp=15&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.msfts",["https //r.msftstudent.com","https //r.msftstudio.com","https //r.msftstopper","https //r.msftstop"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstudent.com"},{"mp":"\u2026 ","t":"//r.msftstudio.com"},{"mp":"\u2026 ","t":"//r.msftstopper"},{"mp":"\u2026 ","t":"//r.msftstop"}],"google:suggestrelevance":[601,600,551,550],"google:suggestsubtypes":[[160],[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 139

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (455)
                                                                                  Category:downloaded
                                                                                  Size (bytes):460
                                                                                  Entropy (8bit):4.8614025746104925
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u2O2/WYHNwjBHslriFk5MHZGrwuZsukwu69w4kwzC3:824BHslglxuZsuFkw+
                                                                                  MD5:2D4BE2C416DFD4F918477B6089D3703E
                                                                                  SHA1:4F7D439BF924ED56DBB68F2A1740D7DCB8F90D1C
                                                                                  SHA-256:88D309D5A1730A67B776FDB6FE8D3A9F3A770ADA79455F8A135E946274957C3A
                                                                                  SHA-512:D6C329BD06CA44F000DE957FFA71BEAFBD1F3078843268C6A68ECD870C7315044DC3D0C34C45DF755D5AFAA4C5EF23639502DBBEE5615EA55996A2A49A5D14A7
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftsta&oit=3&cp=17&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.msftsta",["https //r.msftstack","https //r.msftstate","https //r.msftstack.net"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstack"},{"mp":"\u2026 ","t":"//r.msftstate"},{"mp":"\u2026 ","t":"//r.msftstack.net"}],"google:suggestrelevance":[601,600,550],"google:suggestsubtypes":[[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 140

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16
                                                                                  Category:downloaded
                                                                                  Size (bytes):1406
                                                                                  Entropy (8bit):2.82524262532307
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:GyX2nSklp4gE/K/LGvM+v2rrdXGSimBNJWUDU:d/CEMZvdXGSisrR
                                                                                  MD5:FE8AE0F54388137B436B9F3D8D641AA9
                                                                                  SHA1:C007DC4A9CEA8C9A82F94B16C455ECDE69F07842
                                                                                  SHA-256:0B1AEB77C5D98B76F57CCD3F5144A9C776CDE47F77169646DACAE651BC546A60
                                                                                  SHA-512:4CA056CD160FBAB2DEDA445D1BA076073980F6D1BD28B9A8E89C61DAB4149E57E2BCE662D4B2A43E85EE9F7F30870985CD824086E290FC912E89B8111B0FB064
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://cat.nl3.eu.criteo.com/favicon.ico
                                                                                  Preview:..............h.......(....... ...........@............................v..GT^.$d...m..5\|.>Xm..i..PPP..q..,`...t...o..BVf..g..1^..(b..KRX.:Zs.8[x..r..MQT..l...p..EUa..n...h..&c..*a...t..AWi.ISZ. f...u..NPR..s..?Wk.;Yq.9Zv.2]..LQV..o..HS\..n..=Xo.6\z.'c...g..FT`..u...t..OPQ.%c..)b...u...u..OPP.NPS.MQS.LQU.JRX..n..ETa.>Xl..i...h..8[w.1^........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  Chrome Cache Entry: 141

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text
                                                                                  Category:downloaded
                                                                                  Size (bytes):286
                                                                                  Entropy (8bit):4.986183148705799
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Vw2G1GOJt19cYNnBHsL2YriFGHLKCwGRVfJJZwGdGD7wWeXFEL13:u2G1GafnBHslriFu2CwuRJZw4m7wzC3
                                                                                  MD5:A00753BB8C123DB091FDA54050075870
                                                                                  SHA1:AA573D1E6D80F119F96F75E50FF6CD0652A04919
                                                                                  SHA-256:C4DA37B5E345AE7429E8CDBE13951805A74BEB2AD9EF100E5F35FA6BB6E6B99A
                                                                                  SHA-512:FDAB3DB96930B1C46B0E5F2E81AD051E3CB338AF9C257FE8DE00891D1A43410576E6970A07131A0A452B08A2D15F0E094ECE36648F83F87EFDAA4337E3BBAA5B
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.eu.criteo.co&oit=3&cp=28&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://cat.nl3.eu.criteo.co",["https://cat.nl3.eu.criteo.com/delivery/ck.php?cppv\u003d3"],[""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[800],"google:suggestsubtypes":[[44]],"google:suggesttype":["NAVIGATION"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 142

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:PNG image data, 64 x 64, 8-bit colormap, non-interlaced
                                                                                  Category:downloaded
                                                                                  Size (bytes):749
                                                                                  Entropy (8bit):7.52957815746652
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:6v/7sAl9B0cPtW4DTqJlKKSKYXESjCu6sQjQ28pAS9lVqEiCV56x0/sA5mNHt7:qbPtW8qGKYXXl6FSeS9lgXCVk0uH9
                                                                                  MD5:3FE246E1808DF8D46932A06116F6F025
                                                                                  SHA1:283DB6328ECA6EB04E1DC96B640FC50D382E67D7
                                                                                  SHA-256:F7664F71D3247CC675F4B3704DE7A2AA4EAE37AE4B2C570C3319C6B8618DE1FB
                                                                                  SHA-512:627DAB09930C0AE94B210CF52B1DDFEE706E96DC340C4D096E3A45617CDD0C96F283B99D5CA22C3D34C0C4ADA36EB1031CC0FB0B72762DF769CA199A546C8F25
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSp6TRXFn7E98XinWQvRiKQOo0uehCBCD7MdNiihfM&s=10
                                                                                  Preview:.PNG........IHDR...@...@.............PLTE....#.....SO..........!.............._\............................D?....;5........KF.......xxx...UUU.ro.....~{.0*..ZV.fb...GGG......000...___I/.%....IDATX...r.0..%ac...lJ......B7..p+.....M..3{...(.......Y.f.._.v^..I/$%I..pL..83$.$.x.....{J.g..K.l'-R.R%W.GBD..~M.<....\%..5.<...B(Jla!..a..DW..r.&.g.......Dd.......7..".......W..P,..i...e''...b..;.I.V.b.g.a.x9B.G..........=/.b-P.~.....9.}...EL.X(D... .[K..T...Y@...........q..IQ._...{$.\."..(....!..."".Jb..:...PZ@.8E.,..=Y>.|.lg..Y..y....G..\x.:...Zo./...CQ.Q...A....>...~...fQ.5...Y.s>.~..+c~..-..m^s].8.?.&;D.....\.S.Q.L....uP.....P...Z7M....Z....9.....1..Y~...{.!..8....s...B~.*.#....T.y....Y.f......o"..2.....IEND.B`.

                                                                                  Chrome Cache Entry: 143

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (394)
                                                                                  Category:downloaded
                                                                                  Size (bytes):399
                                                                                  Entropy (8bit):4.828783893940481
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u2WHyD6/Uy6wUX5BHslriFkAy8AcwuZwwuv9w48wzC3:qOL5BHslg6uZ53m+
                                                                                  MD5:6F999AD00CF918BE79823E099DCE069E
                                                                                  SHA1:C755BF254A1BE92E7B6A483B1022BC5C59510AF0
                                                                                  SHA-256:89E2611D5CC9FDED2D59F620CFB248D1461D7F25388E2F147CFD62B4E4EEDED7
                                                                                  SHA-512:B479F0E16BC418FF85C9676B7C55DEE7AA1A19B21373378AD75CD59205CCAA6055CC6B73AFE606BABC6DB203B7664A6D9EEB438F2758F7A15E00D6426A1717C8
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstati&oit=3&cp=19&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.msftstati",["https //r.msftstatistics","https //r.msftstations.com"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstatistics"},{"mp":"\u2026 ","t":"//r.msftstations.com"}],"google:suggestrelevance":[601,600],"google:suggestsubtypes":[[160],[160]],"google:suggesttype":["TAIL","TAIL"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 144

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text
                                                                                  Category:downloaded
                                                                                  Size (bytes):231
                                                                                  Entropy (8bit):4.857708615242615
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:Vw2UmMpNnBHsL2YriFGHLKCwGRVfJJZwGdGD7wWeXFEL13:u2+HnBHslriFu2CwuRJZw4m7wzC3
                                                                                  MD5:401BFCD3A8FEA38BBDF155226AE7719C
                                                                                  SHA1:A56C7CBD9090688EEE43B8D07451BFDD0D7921BD
                                                                                  SHA-256:BFDD07E6431E26690826F604A764EAD917B1A0CC72A8E47DD5F07A7885DE4297
                                                                                  SHA-512:7CAA07C4EE1B34C2938AB8C349E64A35943C4924AE386B8246423BE2F010B844D2241F39D14FE381238F1D41B7D482F355D4ECCF788D6DB0C81BCC1EEFD47CBE
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msf&oit=3&cp=13&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.msf",["http://ru.msf.org"],[""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[800],"google:suggestsubtypes":[[44]],"google:suggesttype":["NAVIGATION"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 145

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (391)
                                                                                  Category:downloaded
                                                                                  Size (bytes):396
                                                                                  Entropy (8bit):4.845621693131587
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u2WQeM/UcpUcV5BHslriFkAcYAcyrwuZwwuv9w48wzC3:Te85BHslg7uZ53m+
                                                                                  MD5:4312D06EE735A55DF955D73892BA6639
                                                                                  SHA1:436F01CDBA564CE3D30C439A68FF2406D8ECC97F
                                                                                  SHA-256:5F823C1FC794896F7ED514992B1491F225B2C2487E05C3EBFDBE0DD2438BF686
                                                                                  SHA-512:8C425B82DDED8A9EC3756C63385AC2EAE25720F398957AB92DB8A51EB8AD1D77DCB2F19657454F335D4A1A2F7E3DA4A90B451777834FA1B83971AF54FDAD1A04
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstatic&oit=3&cp=20&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.msftstatic",["https //r.msftstatic.com","https //r.msftstatic.net"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstatic.com"},{"mp":"\u2026 ","t":"//r.msftstatic.net"}],"google:suggestrelevance":[601,600],"google:suggestsubtypes":[[160],[160]],"google:suggesttype":["TAIL","TAIL"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 146

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (2842)
                                                                                  Category:downloaded
                                                                                  Size (bytes):2847
                                                                                  Entropy (8bit):6.034905544989565
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:ssWCpddCKggF4tvTp292qHxN5za144vh1cl0EX1CQ2TeH62yb7OCZRIEHAKOgQ9U:ssWCRRg/01RN57AhjEX1CQ1H6pHOoRIi
                                                                                  MD5:6ECF6223FDF36B8D00D5303042E01D00
                                                                                  SHA1:81555277AD7502D18E6F7F094FB0D971C1CA5241
                                                                                  SHA-256:9DC9E6B6417DDC95298B3DC4BD6A8C615499FAABB0BE5A1C0ABDAD43937277B4
                                                                                  SHA-512:2F496BB43DB609CDAF163D5F63D7934E5F30B5519B8FEAF2DA40C6EF3E45921803FD1987745F90657FE3C14F6C8864C16C2C84D7858E08C4B19F30575C6838C8
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["",["jelena ostapenko birmingham","keith murray","tyson fury next fight","tornado warnings","submarine youtube","mlb london cubs cardinals","fisher island ferry accident","british national road championships"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"pre":0,"tlw":false},"google:headertexts":{"a":{"8":"Trending searches"}},"google:suggestdetail":[{"zl":8},{"a":"American rapper","dc":"#424242","i":"data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3N//AABEIAEAAQAMBIgACEQEDEQH/xAAcAAACAwEAAwAAAAAAAAAAAAAEBgMFBwIAAQj/xAAzEAACAQIEAwYEBQUAAAAAAAABAgMEEQAFEiExQWEGEyJRkaEHMnGBFEKx0eEVIzNiwf/EABgBAAMBAQAAAAAAAAAAAAAAAAECAwQA/8QAHxEAAwACAgIDAAAAAAAAAAAAAAECAxESIRMxIjJB/9oADAMBAAIRAxEAPwDQw2ZsQIERBe20YUAeg/XEwp3mV/xMccyEX2QRuOl154umApVWN1d4ybauOnHksJCeB7qefG2DdWnuS8ZFrTQgdqK/JezqRyVk+oy37uE+KU24

                                                                                  Chrome Cache Entry: 147

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (698)
                                                                                  Category:downloaded
                                                                                  Size (bytes):703
                                                                                  Entropy (8bit):5.195042931556067
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u2n+dummO1ZQIZpULjtBHslriFuUgukwuyw4mIf0wzC3:0djmO1ZVZeL5BHslguhuF2sfV+
                                                                                  MD5:CBF682DC894446466F4059D3064D82D3
                                                                                  SHA1:AEAB4059E8FB5C0DF6048A46858892572FF060E6
                                                                                  SHA-256:B1436193AD973211AEAE0CBDB9EBB18210BB7037DE3CF1E36FF70EEE2EB95388
                                                                                  SHA-512:13860CD1EACB10F6D0918DB1C32BEC58A019BBEFB979FD795E9BF4D6C18A13DEC2A6E186B95EC281810491D371E126DBFFE200CA6A4CEE229BF1687552A95695
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.&oit=3&cp=10&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.",["https://r.3v.fi/discord-timestamps/","https://r.mtdv.me/","https://r.pluralsight.gq/","https://r.studyschooltoday.eu.org/","https://r.codewars.ml/","https://r.stripe.com/0","https://r.utopiaworld.ink/","https //r.honeygain.com login","https //r.agar.io unblocked","r learnmath"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[806,805,804,803,802,801,800,601,600,550],"google:suggestsubtypes":[[44],[44],[44],[44],[44],[44],[44],[512],[512],[512,10]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 148

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:very short file (no magic)
                                                                                  Category:downloaded
                                                                                  Size (bytes):1
                                                                                  Entropy (8bit):0.0
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:v:v
                                                                                  MD5:68B329DA9893E34099C7D8AD5CB9C940
                                                                                  SHA1:ADC83B19E793491B1C6EA0FD8B46CD9F32E592FC
                                                                                  SHA-256:01BA4719C80B6FE911B091A7C05124B64EEECE964E09C058EF8F9805DACA546B
                                                                                  SHA-512:BE688838CA8686E5C90689BF2AB585CEF1137C999B48C70B92F67A5C34DC15697B5D11C982ED6D71BE1E1E7F7B4E0733884AA97C3F7A339A8ED03577CF74BE09
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://cat.nl3.eu.criteo.com/
                                                                                  Preview:.

                                                                                  Chrome Cache Entry: 149

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (549)
                                                                                  Category:downloaded
                                                                                  Size (bytes):554
                                                                                  Entropy (8bit):4.861733938683305
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u2It/iTp5QBHslriFkdnYROVwuZs9kwuX9w4swzC3:GWMBHslgCA/uZs9Fv++
                                                                                  MD5:C386FCEC15895348236B985A2ECA87F6
                                                                                  SHA1:BE279A5573541C99F4B5C58EFA5F2DC09C82B572
                                                                                  SHA-256:A5089AD47AA62D080616E14F2F102146EF3A30811AAF0B457BF99EE15F0E1D8E
                                                                                  SHA-512:0DB14171B403C736B393E77D209411A18EE94B3EA4E47E48D77F824B57D809A0B1985AE98A8523F5CE0FE98FBEF56575667442E463340C8A6597AD116B298394
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftst&oit=3&cp=16&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.msftst",["https //r.msftstudent.com","https //r.msftstudio.com","https //r.msftstopper","https //r.msftstop"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstudent.com"},{"mp":"\u2026 ","t":"//r.msftstudio.com"},{"mp":"\u2026 ","t":"//r.msftstopper"},{"mp":"\u2026 ","t":"//r.msftstop"}],"google:suggestrelevance":[601,600,551,550],"google:suggestsubtypes":[[160],[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 150

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (492)
                                                                                  Category:downloaded
                                                                                  Size (bytes):497
                                                                                  Entropy (8bit):4.857547506851729
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u2vt/v/2wpdBHslriFkDF79swuZsukwu69w4kwzC3:jzdBHslg4rduZsuFkw+
                                                                                  MD5:4B24BF28D2C13A26DE0890907E117562
                                                                                  SHA1:F0B4820C6943AF91137DB690A65B2ECA8EA0DC0D
                                                                                  SHA-256:C2B0FEBB1578B2853F5252C3BCCE5A39307256D7639974BB9ADD74AF066FD4FE
                                                                                  SHA-512:82B8968BEC9889E71E2D29337A514445DFCDB5834FAE82BB2348294C52FFD8B3D68EB31A25BF7185B95F6C6A852C5BDC9FBEFFF4BFD6B65F7C005ED946CE73A8
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msft&oit=3&cp=14&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://r.msft",["https //r.msftconnecttest.com/redirect","https //r.msftconnecttest","https //r.msft.com"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftconnecttest.com/redirect"},{"mp":"\u2026 ","t":"//r.msftconnecttest"},{"mp":"\u2026 ","t":"//r.msft.com"}],"google:suggestrelevance":[601,600,550],"google:suggestsubtypes":[[160],[160],[160]],"google:suggesttype":["TAIL","TAIL","TAIL"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 151

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:MS Windows icon resource - 1 icon, 16x16
                                                                                  Category:dropped
                                                                                  Size (bytes):1406
                                                                                  Entropy (8bit):2.82524262532307
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:GyX2nSklp4gE/K/LGvM+v2rrdXGSimBNJWUDU:d/CEMZvdXGSisrR
                                                                                  MD5:FE8AE0F54388137B436B9F3D8D641AA9
                                                                                  SHA1:C007DC4A9CEA8C9A82F94B16C455ECDE69F07842
                                                                                  SHA-256:0B1AEB77C5D98B76F57CCD3F5144A9C776CDE47F77169646DACAE651BC546A60
                                                                                  SHA-512:4CA056CD160FBAB2DEDA445D1BA076073980F6D1BD28B9A8E89C61DAB4149E57E2BCE662D4B2A43E85EE9F7F30870985CD824086E290FC912E89B8111B0FB064
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview:..............h.......(....... ...........@............................v..GT^.$d...m..5\|.>Xm..i..PPP..q..,`...t...o..BVf..g..1^..(b..KRX.:Zs.8[x..r..MQT..l...p..EUa..n...h..&c..*a...t..AWi.ISZ. f...u..NPR..s..?Wk.;Yq.9Zv.2]..LQV..o..HS\..n..=Xo.6\z.'c...g..FT`..u...t..OPQ.%c..)b...u...u..OPP.NPS.MQS.LQU.JRX..n..ETa.>Xl..i...h..8[w.1^........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  Chrome Cache Entry: 152

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (741)
                                                                                  Category:downloaded
                                                                                  Size (bytes):746
                                                                                  Entropy (8bit):5.195225872664635
                                                                                  Encrypted:false
                                                                                  SSDEEP:12:u29WQWmvfViD3JRCcL44Enul3TQpHpc0hoEFpGBHslriFuDpgA7kwuNZw4mafffI:Tz3VinCcLsBPhZsBHslguD+A7FequffA
                                                                                  MD5:A34A7761EE7974DD60CC11B746D8B559
                                                                                  SHA1:97A14D2D34BD86AC73D1F03977122183FE13D863
                                                                                  SHA-256:CB54A558EEBDC8A1772606FE0CBF87A74649E9D612BE117C4B06DD054DA70DDE
                                                                                  SHA-512:4AC5BED762D5361BF4D3ABFB5948491BDE79FC40559B6B58FD6858CE1221DFFC4BBFBF6F11F38E5016D86F66C6D7B2A563AAD5083DF92918A0C3BFE484D5B14E
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fc&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://c",["https://chat.openai.com","https://clients.sjp.co.uk","https://client.wvd.microsoft.com/arm/webclient/index.html","https://classroom.google.com","https //contact.unlimited horizon.co.uk/login","https //chat.openai.com login","https //crypto.com login","https //code.org minecraft","https //calendly.com login","https //chatgpt login"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[803,802,801,800,601,600,553,552,551,550],"google:suggestsubtypes":[[44],[44],[44],[44],[512],[512,433],[512],[512],[512],[512]],"google:suggesttype":["NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"],"google:verbatimrelevance":851}]

                                                                                  Chrome Cache Entry: 153

                                                                                  Download File
                                                                                  Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  File Type:ASCII text, with very long lines (768)
                                                                                  Category:downloaded
                                                                                  Size (bytes):773
                                                                                  Entropy (8bit):5.2369966795797716
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:puLSDr4bqXoKZOBHslguZsd/tdjcmffff1+:puLAoKZOKlguZsZt+mffff1+
                                                                                  MD5:86AF8CC3BE2AFB2CCF2618F9E66D3BBA
                                                                                  SHA1:41A60099928D979C282F31898738CB283B3456CF
                                                                                  SHA-256:3F764B5A80BDD81007DF22D1D482B8521E4FBEC505D236BE8E72BB3C532337E4
                                                                                  SHA-512:653DAE5700B7A4B523EEA094777B2310F03F2A64FF9335ECDD94B344712BC6F6EC808627E1E83E88AE5986F75B8C235F301A7E5538C1739D009986C356FAC19A
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                  Preview:)]}'.["https://",["https //www.testwise/platform/code","https //www.gov.uk login","https //systmonline.tpp-uk.com login","https //openai.com login","https //www.whatsapp.com web","https://aka.ms/remoteconnect","https://offer.ndors.org.uk","https://systmonline.tpp-uk.com","https://pupil.multiplication-tables-check.service.gov.uk","https://www.microsoft.com/link"],["","","","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[601,600,552,551,550,404,403,402,401,400],"google:suggestsubtypes":[[512],[512],[512,433,131],[512],[650,433,131],[44],[44],[44],[44],[44]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION","NAVIGATION"],"google:verbatimrelevance":851}]

                                                                                  Static File Info

                                                                                  No static file info

                                                                                  Network Behavior

                                                                                  Download Network PCAP: filteredfull

                                                                                  Network Port Distribution

                                                                                  • Total Packets: 316
                                                                                  • 443 (HTTPS)
                                                                                  • 53 (DNS)
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jun 26, 2023 18:12:07.276890993 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.276978016 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.277121067 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.278255939 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.278318882 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.278423071 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.280050993 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.280091047 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.280859947 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.280905008 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.377876997 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.383812904 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.390839100 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.390892982 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.390955925 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.391004086 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.391549110 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.391704082 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.392422915 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.392529964 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.392688036 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.392787933 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.526738882 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.526788950 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.526886940 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.527776003 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.527807951 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.591655970 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.592015982 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.592041969 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.593945026 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.594052076 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.636320114 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.636703014 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.640750885 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.640971899 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.641926050 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.641964912 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.642093897 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.642472982 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.642817974 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.642854929 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.643491983 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.643542051 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.665610075 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.665734053 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.667159081 CEST49752443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.667195082 CEST44349752178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.680299997 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.680474997 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.680526018 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.680576086 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.680664062 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.681994915 CEST49750443192.168.2.3142.250.186.78
                                                                                  Jun 26, 2023 18:12:07.682032108 CEST44349750142.250.186.78192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.683314085 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.696670055 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.696996927 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.697164059 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.731990099 CEST49753443192.168.2.3142.250.186.141
                                                                                  Jun 26, 2023 18:12:07.732028008 CEST44349753142.250.186.141192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.855048895 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.855134964 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.855297089 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.856102943 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.856148958 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.921606064 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.922027111 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.922080040 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.922864914 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.923358917 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.923535109 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.923674107 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.970101118 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.970273018 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.970355988 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.971791983 CEST49754443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:07.971843004 CEST44349754178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.235304117 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.235377073 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.235486031 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.236344099 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.236417055 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.236521006 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.240664959 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.240721941 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.240981102 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.241023064 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.325956106 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.326450109 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.326493025 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.327270985 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.327836990 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.327972889 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.328058004 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.331964970 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.332321882 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.332365990 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.333476067 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.334093094 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.334332943 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.367240906 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.367378950 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.374356985 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.405481100 CEST49756443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.405525923 CEST44349756178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.455210924 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.482677937 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.482884884 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:08.482965946 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.484042883 CEST49757443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:08.484091043 CEST44349757178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.117937088 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:11.118005037 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.118175983 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:11.118927956 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:11.118968964 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.184592962 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.185528994 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:11.185581923 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.186851978 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.187015057 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:11.192130089 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:11.192256927 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.241640091 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:11.241692066 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.341710091 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:13.601541996 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:13.642838955 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:13.665301085 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:13.665436983 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:13.665535927 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:13.665555954 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:13.665626049 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:13.665630102 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:13.667139053 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:13.667229891 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:13.672328949 CEST49759443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:13.672369957 CEST44349759142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:14.969933033 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:14.969994068 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:14.970129967 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:14.970396042 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:14.970433950 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:14.970509052 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:14.979888916 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:14.979921103 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:14.980196953 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:14.980214119 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.074678898 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.075686932 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:15.075720072 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.076560020 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.077115059 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:15.077270985 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.077363968 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:15.082122087 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.083790064 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:15.083811045 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.084400892 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.084861040 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:15.084986925 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.116517067 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.116673946 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.116780996 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:15.118874073 CEST49760443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:15.118905067 CEST44349760178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:15.124922991 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:23.431349993 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.431435108 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.431581020 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.431951046 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.431988001 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.493885040 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.494879007 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.494925022 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.495582104 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.496176958 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.496330976 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.496334076 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.535654068 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.535685062 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.578607082 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.578758955 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.578902960 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.578905106 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.578938961 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.579015970 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.579159021 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.579689980 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.579716921 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.580770016 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.580935001 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.580955029 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.581691980 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:23.581785917 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.581940889 CEST49764443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:23.581969023 CEST44349764142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:25.065501928 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:25.065694094 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:25.065931082 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.186106920 CEST49761443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.186158895 CEST44349761178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.601592064 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.601656914 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.601790905 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.602293015 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.602355957 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.602453947 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.602873087 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.602912903 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.603252888 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.603279114 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.698645115 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.699203014 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.699243069 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.700015068 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.700186014 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.700524092 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.700639009 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.700763941 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.700809956 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.701564074 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.701818943 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.702403069 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.702610016 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.738331079 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.738523006 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.738641024 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.740993023 CEST49765443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:26.741027117 CEST44349765178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:26.741998911 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:36.692786932 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:36.692903996 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:36.693065882 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:38.187776089 CEST49766443192.168.2.3178.250.1.6
                                                                                  Jun 26, 2023 18:12:38.187827110 CEST44349766178.250.1.6192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.221432924 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.221524000 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.222078085 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.229254007 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.229305983 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.292643070 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.293158054 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.293205976 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.294286966 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.295053005 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.295272112 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.295344114 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.334727049 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.334753036 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.377188921 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.377310991 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.377372980 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.377418995 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.377454996 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.377564907 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.379127026 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.379261017 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:12:58.379358053 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.379733086 CEST49767443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:12:58.379761934 CEST44349767142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.167366982 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:11.167437077 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.167567015 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:11.168272972 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:11.168308020 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.231328964 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.232108116 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:11.232156992 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.233310938 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.234405994 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:11.234649897 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.274941921 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:21.217333078 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:21.217571974 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:21.218223095 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:22.191962004 CEST49770443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:22.192017078 CEST44349770142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.885797024 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:52.885922909 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.886059999 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:52.886586905 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:52.886626005 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.949863911 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.952434063 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:52.952476978 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.953402042 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.955020905 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:52.955199003 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:52.955216885 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.955271006 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:52.996499062 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.038149118 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.040261030 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.044540882 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.046295881 CEST49773443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.046333075 CEST44349773142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.402079105 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.402149916 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.402326107 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.402698994 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.402730942 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.463478088 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.469413042 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.469458103 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.470511913 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.477736950 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.477935076 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.482383966 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.495549917 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.495604992 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.495683908 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.496251106 CEST44349774142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.496417999 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.496417999 CEST49774443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.684659004 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.684731960 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.684926987 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.685213089 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.685266972 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.747699022 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.748018026 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.748049021 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.751177073 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.751303911 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.751725912 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.751826048 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.789331913 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.789364100 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.795253038 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.795392990 CEST44349776142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.795516014 CEST49776443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.890387058 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.890439987 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.890587091 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.890872955 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.890902042 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.950603962 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.951033115 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.951065063 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.953934908 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.954045057 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.954474926 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.954581022 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.994677067 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:53.994709969 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:53.998773098 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.042845964 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.059758902 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.059891939 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.059999943 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.060030937 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.061680079 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.061927080 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.061973095 CEST49777443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.061995983 CEST44349777142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.681492090 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.681579113 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.681688070 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.682056904 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.682096004 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.741177082 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.741632938 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.741676092 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.742495060 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.743010044 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.743179083 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.743195057 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.743221045 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.782757044 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.823956013 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.824064970 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.824148893 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.824193954 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.825705051 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:54.825803995 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.825866938 CEST49778443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:54.825895071 CEST44349778142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.256690025 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.256763935 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.256952047 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.257970095 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.257997990 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.318340063 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.318794012 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.318852901 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.319725037 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.320178032 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.320305109 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.320321083 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.359852076 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.359894991 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.394999981 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.395102978 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.395205021 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.395253897 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.397927046 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:57.398063898 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.398299932 CEST49779443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:57.398330927 CEST44349779142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.062340975 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.062406063 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.062537909 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.062927008 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.062963009 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.135849953 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.136208057 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.136239052 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.136847019 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.137285948 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.137414932 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.137428045 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.176887989 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.176938057 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.251110077 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.251281023 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.251360893 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.251386881 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.254334927 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:13:58.254410982 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.254508018 CEST49781443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:13:58.254523039 CEST44349781142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.447191954 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.447268009 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.447503090 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.448944092 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.448972940 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.511851072 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.512233019 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.512276888 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.512842894 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.513473988 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.513637066 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.513658047 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.513698101 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.558171988 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.585649967 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.585793972 CEST44349782142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.585911036 CEST49782443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.588824034 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.588890076 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.589046955 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.589802027 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.589862108 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.649456978 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.649869919 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.649915934 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.653059959 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.653222084 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.654191017 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.654299974 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.654539108 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.654561996 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.694124937 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.733454943 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.733572006 CEST44349783142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.733691931 CEST49783443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.736385107 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.736440897 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.736576080 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.737358093 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.737381935 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.801095009 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.801497936 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.801528931 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.804359913 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.804466963 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.805576086 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.805702925 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.805885077 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.805897951 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.845122099 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.891244888 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.893416882 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:00.893495083 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.896037102 CEST49784443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:00.896064997 CEST44349784142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.762265921 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.762346029 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.762533903 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.764497995 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.764539003 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.824089050 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.824579000 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.824645996 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.825690031 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.826667070 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.826960087 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.826973915 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.866405964 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.870923042 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.961832047 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.961949110 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.962153912 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.962198973 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.964628935 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:03.964806080 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.964900970 CEST49785443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:03.964931965 CEST44349785142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.571269035 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.571350098 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.571489096 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.572031975 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.572062969 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.636357069 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.637248993 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.637298107 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.638225079 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.639178991 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.639326096 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.639343023 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.639400959 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.679475069 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.774482012 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.774594069 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.774708033 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.774750948 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.776515007 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:04.778832912 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.778995991 CEST49786443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:04.779027939 CEST44349786142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.099818945 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.099912882 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.100275040 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.104543924 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.104598045 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.170135021 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.173630953 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.173670053 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.174401045 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.176022053 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.176157951 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.176172018 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.176201105 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.215512991 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.308887959 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.309067965 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.309261084 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.309298992 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.328038931 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.329111099 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.333211899 CEST49787443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.333256960 CEST44349787142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.579466105 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.579541922 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.579933882 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.580195904 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.580235004 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.640728951 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.659328938 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.659373999 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.660567045 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.661047935 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.661185026 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.661199093 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.661242008 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.701637983 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.768477917 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.768598080 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.768774033 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.768820047 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.771066904 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.771204948 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.771429062 CEST49788443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.771454096 CEST44349788142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.861232996 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.861310005 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.861658096 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.862472057 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.862507105 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.927547932 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.927957058 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.928003073 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.929208994 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.929742098 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.929850101 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:05.929899931 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.969654083 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:05.969696999 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.022074938 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.022245884 CEST44349789142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.022450924 CEST49789443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.029925108 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.029999971 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.030133963 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.030464888 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.030493021 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.092703104 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.093131065 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.093173027 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.095840931 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.095988035 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.096560001 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.096673965 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.096708059 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.136651993 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.136691093 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.176599026 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.227130890 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.228346109 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.228441954 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.228481054 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.228815079 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.228898048 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.229625940 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.229675055 CEST44349790142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.229703903 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.229742050 CEST49790443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.259134054 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.259219885 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.259376049 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.259823084 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.259856939 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.323765039 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.325414896 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.325465918 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.326653957 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.327188969 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.327316046 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.327430964 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.374850988 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.421461105 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.423403978 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.423517942 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:06.423552036 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.423702002 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.426903009 CEST49791443192.168.2.3142.250.184.196
                                                                                  Jun 26, 2023 18:14:06.426944971 CEST44349791142.250.184.196192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.226645947 CEST49793443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:14:11.226722002 CEST44349793142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.227109909 CEST49793443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:14:11.227175951 CEST49793443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:14:11.227196932 CEST44349793142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.292829037 CEST44349793142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.293731928 CEST49793443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:14:11.293760061 CEST44349793142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.294445992 CEST44349793142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.294872999 CEST49793443192.168.2.3142.250.186.100
                                                                                  Jun 26, 2023 18:14:11.294982910 CEST44349793142.250.186.100192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.335131884 CEST49793443192.168.2.3142.250.186.100
                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Jun 26, 2023 18:12:07.224195957 CEST6392053192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:12:07.227931976 CEST5097053192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:12:07.241473913 CEST53639201.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.245522022 CEST53509701.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:12:07.503951073 CEST5517253192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:12:07.521156073 CEST53551721.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.075431108 CEST6311653192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:12:11.092674971 CEST53631161.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:12:11.098290920 CEST5226253192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:12:11.115866899 CEST53522621.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.126307011 CEST5758653192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:13:11.143996954 CEST53575861.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:13:11.148757935 CEST6437153192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:13:11.166110992 CEST53643711.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.179066896 CEST6382453192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:14:11.196995974 CEST53638241.1.1.1192.168.2.3
                                                                                  Jun 26, 2023 18:14:11.201400042 CEST6036853192.168.2.31.1.1.1
                                                                                  Jun 26, 2023 18:14:11.218724966 CEST53603681.1.1.1192.168.2.3

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Jun 26, 2023 18:12:07.224195957 CEST192.168.2.31.1.1.10x5263Standard query (0)cat.nl3.eu.criteo.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:07.227931976 CEST192.168.2.31.1.1.10x41e3Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:07.503951073 CEST192.168.2.31.1.1.10x9bc6Standard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:11.075431108 CEST192.168.2.31.1.1.10xa312Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:11.098290920 CEST192.168.2.31.1.1.10xb1a5Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:13:11.126307011 CEST192.168.2.31.1.1.10x67a6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:13:11.148757935 CEST192.168.2.31.1.1.10x257eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:14:11.179066896 CEST192.168.2.31.1.1.10xfb58Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:14:11.201400042 CEST192.168.2.31.1.1.10xfca0Standard query (0)www.google.comA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Jun 26, 2023 18:12:07.241473913 CEST1.1.1.1192.168.2.30x5263No error (0)cat.nl3.eu.criteo.comcat.nl3.vip.prod.criteo.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:07.241473913 CEST1.1.1.1192.168.2.30x5263No error (0)cat.nl3.vip.prod.criteo.com178.250.1.6A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:07.245522022 CEST1.1.1.1192.168.2.30x41e3No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:07.245522022 CEST1.1.1.1192.168.2.30x41e3No error (0)clients.l.google.com142.250.186.78A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:07.521156073 CEST1.1.1.1192.168.2.30x9bc6No error (0)accounts.google.com142.250.186.141A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:11.092674971 CEST1.1.1.1192.168.2.30xa312No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:12:11.115866899 CEST1.1.1.1192.168.2.30xb1a5No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:13:11.143996954 CEST1.1.1.1192.168.2.30x67a6No error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:13:11.166110992 CEST1.1.1.1192.168.2.30x257eNo error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:14:11.196995974 CEST1.1.1.1192.168.2.30xfb58No error (0)www.google.com142.250.185.164A (IP address)IN (0x0001)false
                                                                                  Jun 26, 2023 18:14:11.218724966 CEST1.1.1.1192.168.2.30xfca0No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • cat.nl3.eu.criteo.com
                                                                                  • accounts.google.com
                                                                                  • clients2.google.com
                                                                                  • https:
                                                                                  • www.google.com

                                                                                  HTTPS Proxied Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  0192.168.2.349752178.250.1.6443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:07 UTC0OUTGET / HTTP/1.1
                                                                                  Host: cat.nl3.eu.criteo.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-User: ?1
                                                                                  Sec-Fetch-Dest: document
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:07 UTC2INHTTP/1.0 200 OK
                                                                                  cache-control: private, max-age=0
                                                                                  expires: -1
                                                                                  content-type: text/html
                                                                                  2023-06-26 16:12:07 UTC2INData Raw: 0a
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  1192.168.2.349753142.250.186.141443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:07 UTC0OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                                                                  Host: accounts.google.com
                                                                                  Connection: keep-alive
                                                                                  Content-Length: 1
                                                                                  Origin: https://www.google.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
                                                                                  2023-06-26 16:12:07 UTC1OUTData Raw: 20
                                                                                  Data Ascii:
                                                                                  2023-06-26 16:12:07 UTC3INHTTP/1.1 200 OK
                                                                                  Content-Type: application/json; charset=utf-8
                                                                                  Access-Control-Allow-Origin: https://www.google.com
                                                                                  Access-Control-Allow-Credentials: true
                                                                                  X-Content-Type-Options: nosniff
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Mon, 26 Jun 2023 16:12:07 GMT
                                                                                  Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-S2Xl6DtCRmc0hqRoHXpyhQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist
                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                  Server: ESF
                                                                                  X-XSS-Protection: 0
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:12:07 UTC5INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                                                                  Data Ascii: 11["gaia.l.a.r",[]]
                                                                                  2023-06-26 16:12:07 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  10192.168.2.349767142.250.186.100443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:58 UTC30OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:58 UTC30INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:12:58 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-P5mBo89usCdekuEBLuexbg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+479; expires=Wed, 25-Jun-2025 16:12:58 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:12:58 UTC32INData Raw: 62 31 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6a 65 6c 65 6e 61 20 6f 73 74 61 70 65 6e 6b 6f 20 62 69 72 6d 69 6e 67 68 61 6d 22 2c 22 6b 65 69 74 68 20 6d 75 72 72 61 79 22 2c 22 74 79 73 6f 6e 20 66 75 72 79 20 6e 65 78 74 20 66 69 67 68 74 22 2c 22 74 6f 72 6e 61 64 6f 20 77 61 72 6e 69 6e 67 73 22 2c 22 73 75 62 6d 61 72 69 6e 65 20 79 6f 75 74 75 62 65 22 2c 22 6d 6c 62 20 6c 6f 6e 64 6f 6e 20 63 75 62 73 20 63 61 72 64 69 6e 61 6c 73 22 2c 22 66 69 73 68 65 72 20 69 73 6c 61 6e 64 20 66 65 72 72 79 20 61 63 63 69 64 65 6e 74 22 2c 22 62 72 69 74 69 73 68 20 6e 61 74 69 6f 6e 61 6c 20 72 6f 61 64 20 63 68 61 6d 70 69 6f 6e 73 68 69 70 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f
                                                                                  Data Ascii: b1f)]}'["",["jelena ostapenko birmingham","keith murray","tyson fury next fight","tornado warnings","submarine youtube","mlb london cubs cardinals","fisher island ferry accident","british national road championships"],["","","","","","","",""],[],{"goo
                                                                                  2023-06-26 16:12:58 UTC34INData Raw: 51 4e 70 30 6e 67 35 73 4c 34 5a 47 6c 6a 57 74 61 59 64 38 4c 6b 61 69 44 73 78 34 63 4d 65 71 76 49 68 55 53 4a 56 55 44 69 43 62 56 64 6a 70 75 48 33 76 36 34 56 39 6b 70 65 68 63 6e 57 5a 35 65 35 6a 75 7a 4f 62 41 41 33 46 7a 68 76 70 71 59 30 4e 48 48 43 70 75 4e 4f 32 34 46 76 35 32 39 7a 67 4b 6d 79 70 6b 71 59 36 6d 72 71 45 6c 6b 4f 37 44 67 56 36 57 35 6e 30 78 64 55 38 4f 67 4e 4f 34 37 75 47 35 49 51 37 6c 6a 74 76 30 34 59 43 52 31 50 59 4e 48 71 6a 4b 53 74 45 46 42 34 4c 65 31 76 62 42 30 4c 77 56 4c 49 53 41 6b 71 38 46 63 41 47 33 51 38 4d 44 56 53 73 31 47 43 78 74 63 2b 6c 7a 2b 32 43 6c 70 6f 37 45 33 4a 31 57 30 32 39 73 4d 54 61 51 39 53 35 31 51 51 79 64 7a 53 31 4e 4c 46 49 6f 4a 4a 4d 67 64 37 44 79 38 76 54 43 70 6d 32 63 50 56
                                                                                  Data Ascii: QNp0ng5sL4ZGljWtaYd8LkaiDsx4cMeqvIhUSJVUDiCbVdjpuH3v64V9kpehcnWZ5e5juzObAA3FzhvpqY0NHHCpuNO24Fv529zgKmypkqY6mrqElkO7DgV6W5n0xdU8OgNO47uG5IQ7ljtv04YCR1PYNHqjKStEFB4Le1vbB0LwVLISAkq8FcAG3Q8MDVSs1GCxtc+lz+2Clpo7E3J1W029sMTaQ9S51QQydzS1NLFIoJJMgd7Dy8vTCpm2cPV
                                                                                  2023-06-26 16:12:58 UTC35INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  11192.168.2.349773142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:13:52 UTC35OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.eu.criteo.co&oit=3&cp=28&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:13:53 UTC36INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:13:53 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-gEhshVrSCJQJWToaUH7ofQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+734; expires=Wed, 25-Jun-2025 16:13:52 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:13:53 UTC37INData Raw: 31 31 65 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 63 61 74 2e 6e 6c 33 2e 65 75 2e 63 72 69 74 65 6f 2e 63 6f 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 63 61 74 2e 6e 6c 33 2e 65 75 2e 63 72 69 74 65 6f 2e 63 6f 6d 2f 64 65 6c 69 76 65 72 79 2f 63 6b 2e 70 68 70 3f 63 70 70 76 5c 75 30 30 33 64 33 22 5d 2c 5b 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 38 30 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 34 34 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 4e 41 56 49 47 41 54 49 4f
                                                                                  Data Ascii: 11e)]}'["https://cat.nl3.eu.criteo.co",["https://cat.nl3.eu.criteo.com/delivery/ck.php?cppv\u003d3"],[""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[800],"google:suggestsubtypes":[[44]],"google:suggesttype":["NAVIGATIO
                                                                                  2023-06-26 16:13:53 UTC38INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  12192.168.2.349774142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:13:53 UTC38OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.eu.criteo&oit=3&cp=25&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  13192.168.2.349776142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:13:53 UTC38OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fcat.nl3.&oit=3&cp=16&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  14192.168.2.349777142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:13:53 UTC39OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fc&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:13:54 UTC40INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:13:54 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-srZnqPzqIhhWMxtt-QGt6A' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+797; expires=Wed, 25-Jun-2025 16:13:54 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:13:54 UTC41INData Raw: 32 65 61 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 63 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 63 68 61 74 2e 6f 70 65 6e 61 69 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 63 6c 69 65 6e 74 73 2e 73 6a 70 2e 63 6f 2e 75 6b 22 2c 22 68 74 74 70 73 3a 2f 2f 63 6c 69 65 6e 74 2e 77 76 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 72 6d 2f 77 65 62 63 6c 69 65 6e 74 2f 69 6e 64 65 78 2e 68 74 6d 6c 22 2c 22 68 74 74 70 73 3a 2f 2f 63 6c 61 73 73 72 6f 6f 6d 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 63 6f 6e 74 61 63 74 2e 75 6e 6c 69 6d 69 74 65 64 20 68 6f 72 69 7a 6f 6e 2e 63 6f 2e 75 6b 2f 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 63 68 61 74 2e 6f 70 65 6e 61 69 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73
                                                                                  Data Ascii: 2ea)]}'["https://c",["https://chat.openai.com","https://clients.sjp.co.uk","https://client.wvd.microsoft.com/arm/webclient/index.html","https://classroom.google.com","https //contact.unlimited horizon.co.uk/login","https //chat.openai.com login","https
                                                                                  2023-06-26 16:13:54 UTC42INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  15192.168.2.349778142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:13:54 UTC42OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2F&oit=4&cp=8&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:13:54 UTC43INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:13:54 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-DFDmOAc50bl_GrTMyDqBzg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+968; expires=Wed, 25-Jun-2025 16:13:54 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:13:54 UTC45INData Raw: 33 30 35 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 22 2c 5b 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 74 65 73 74 77 69 73 65 2f 70 6c 61 74 66 6f 72 6d 2f 63 6f 64 65 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 67 6f 76 2e 75 6b 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 73 79 73 74 6d 6f 6e 6c 69 6e 65 2e 74 70 70 2d 75 6b 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 6f 70 65 6e 61 69 2e 63 6f 6d 20 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 20 77 65 62 22 2c 22 68 74 74 70 73 3a 2f 2f 61 6b 61 2e 6d 73 2f 72 65 6d 6f 74 65 63 6f 6e 6e 65 63 74 22 2c 22 68 74 74 70 73 3a 2f 2f 6f 66 66 65 72 2e 6e 64 6f 72 73 2e 6f 72 67 2e 75 6b 22 2c 22 68 74 74 70 73 3a 2f 2f 73 79
                                                                                  Data Ascii: 305)]}'["https://",["https //www.testwise/platform/code","https //www.gov.uk login","https //systmonline.tpp-uk.com login","https //openai.com login","https //www.whatsapp.com web","https://aka.ms/remoteconnect","https://offer.ndors.org.uk","https://sy
                                                                                  2023-06-26 16:13:54 UTC45INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  16192.168.2.349779142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:13:57 UTC45OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr&oit=3&cp=9&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:13:57 UTC46INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:13:57 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-3R1QsRKk3lsldTntLpCbug' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+349; expires=Wed, 25-Jun-2025 16:13:57 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:13:57 UTC48INData Raw: 34 31 38 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 72 65 61 64 65 72 2e 65 67 72 65 73 73 2e 63 6f 6d 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 72 65 74 61 69 6c 2e 73 61 6e 74 61 6e 64 65 72 2e 63 6f 2e 75 6b 22 2c 22 68 74 74 70 73 3a 2f 2f 72 65 61 64 65 72 2e 6e 68 73 2e 6e 65 74 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 72 65 6e 65 77 61 6c 73 2e 63 61 72 6f 6c 65 6e 61 73 68 2e 63 6f 6d 22 2c 22 68 74 74 70 73 3a 2f 2f 72 65 63 72 75 69 74 2e 72 61 66 2e 6d 6f 64 2e 75 6b 2f 6c 6f 67 69 6e 22 2c 22 68 74 74 70 73 20 2f 2f 72 65 61 6c 2d 64 65 62 72 69 64 2f 63 6f 6d 2f 64 65 76 69 63 65 22 2c 22 68 74 74 70 73 3a 2f 2f 72 6f 62 6c 6f 78 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 72 69 6e 67 2e 63 6f 6d 20 6c 6f
                                                                                  Data Ascii: 418)]}'["https://r",["https://reader.egress.com/","https://retail.santander.co.uk","https://reader.nhs.net/","https://renewals.carolenash.com","https://recruit.raf.mod.uk/login","https //real-debrid/com/device","https://roblox.com","https //ring.com lo
                                                                                  2023-06-26 16:13:57 UTC49INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  17192.168.2.349781142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:13:58 UTC49OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.&oit=3&cp=10&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:13:58 UTC49INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:13:58 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-AFNBgI9tq2XTYPAxNK0ZSA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+870; expires=Wed, 25-Jun-2025 16:13:58 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:13:58 UTC51INData Raw: 32 62 66 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 33 76 2e 66 69 2f 64 69 73 63 6f 72 64 2d 74 69 6d 65 73 74 61 6d 70 73 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 74 64 76 2e 6d 65 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 72 2e 70 6c 75 72 61 6c 73 69 67 68 74 2e 67 71 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 72 2e 73 74 75 64 79 73 63 68 6f 6f 6c 74 6f 64 61 79 2e 65 75 2e 6f 72 67 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 72 2e 63 6f 64 65 77 61 72 73 2e 6d 6c 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 72 2e 73 74 72 69 70 65 2e 63 6f 6d 2f 30 22 2c 22 68 74 74 70 73 3a 2f 2f 72 2e 75 74 6f 70 69 61 77 6f 72 6c 64 2e 69 6e 6b 2f 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 68 6f 6e 65 79 67 61 69 6e 2e 63 6f 6d 20 6c 6f
                                                                                  Data Ascii: 2bf)]}'["https://r.",["https://r.3v.fi/discord-timestamps/","https://r.mtdv.me/","https://r.pluralsight.gq/","https://r.studyschooltoday.eu.org/","https://r.codewars.ml/","https://r.stripe.com/0","https://r.utopiaworld.ink/","https //r.honeygain.com lo
                                                                                  2023-06-26 16:13:58 UTC52INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  18192.168.2.349782142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:00 UTC52OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.m&oit=3&cp=11&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  19192.168.2.349783142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:00 UTC52OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.ms&oit=3&cp=12&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:00 UTC53INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:00 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Eebrinei9qBp9uLkBY4EEw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+980; expires=Wed, 25-Jun-2025 16:14:00 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:00 UTC55INData Raw: 32 36 33 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 22 2c 5b 22 68 74 74 70 73 3a 2f 2f 61 6b 61 2e 6d 73 2f 72 22 2c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 2d 72 2e 63 6f 6d 2f 74 77 6e 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6d 73 2d 72 2e 63 6f 6d 2f 22 2c 22 68 74 74 70 73 3a 2f 2f 6c 69 6e 65 2e 6d 65 2f 72 2f 6d 73 67 2f 74 65 78 74 2f 22 2c 22 68 74 74 70 73 20 2f 2f 61 6b 61 2e 6d 73 2f 72 20 72 65 6d 6f 74 65 20 63 6f 6e 6e 65 63 74 22 2c 22 72 20 68 74 74 70 73 20 2f 2f 61 6b 61 2e 6d 73 2f 6d 79 73 65 63 75 72 69 74 79 69 6e 66 6f 22 2c 22 72 20 68 74 74 70 73 20 2f 2f 6d 69 63 72 6f 73 6f 66 74 2e 67 6f 69 6e 74 65 72 61 63 74 2e 69 6f 2f 22 2c 22 72 20 68 74 74 70 73 20 2f 2f 61 6b 61 2e 6d 73 2f 6d 66 61 73
                                                                                  Data Ascii: 263)]}'["https://r.ms",["https://aka.ms/r","https://www.ms-r.com/twn/","https://www.ms-r.com/","https://line.me/r/msg/text/","https //aka.ms/r remote connect","r https //aka.ms/mysecurityinfo","r https //microsoft.gointeract.io/","r https //aka.ms/mfas


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  2192.168.2.349750142.250.186.78443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:07 UTC1OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                                                                  Host: clients2.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Goog-Update-Interactivity: fg
                                                                                  X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda
                                                                                  X-Goog-Update-Updater: chromecrx-104.0.5112.102
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:07 UTC2INHTTP/1.1 200 OK
                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-Lo56yxviNgkUXBuDNzNAxg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                  Pragma: no-cache
                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                  Date: Mon, 26 Jun 2023 16:12:07 GMT
                                                                                  Content-Type: text/xml; charset=UTF-8
                                                                                  X-Daynum: 6020
                                                                                  X-Daystart: 33127
                                                                                  X-Content-Type-Options: nosniff
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  X-XSS-Protection: 1; mode=block
                                                                                  Server: GSE
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:12:07 UTC2INData Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 30 32 30 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 33 33 31 32 37 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                                                                  Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6020" elapsed_seconds="33127"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                                                                  2023-06-26 16:12:07 UTC3INData Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a
                                                                                  Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
                                                                                  2023-06-26 16:12:07 UTC3INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  20192.168.2.349784142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:00 UTC56OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msf&oit=3&cp=13&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:00 UTC56INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:00 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-Y4RCfGf9d1kMyXNwuhmJ3w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+290; expires=Wed, 25-Jun-2025 16:14:00 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:00 UTC58INData Raw: 65 37 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 66 22 2c 5b 22 68 74 74 70 3a 2f 2f 72 75 2e 6d 73 66 2e 6f 72 67 22 5d 2c 5b 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 38 30 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 34 34 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 4e 41 56 49 47 41 54 49 4f 4e 22 5d 2c 22 67 6f 6f 67 6c 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a
                                                                                  Data Ascii: e7)]}'["https://r.msf",["http://ru.msf.org"],[""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestrelevance":[800],"google:suggestsubtypes":[[44]],"google:suggesttype":["NAVIGATION"],"google:verbatimrelevance":851}]
                                                                                  2023-06-26 16:14:00 UTC58INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  21192.168.2.349785142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:03 UTC58OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msft&oit=3&cp=14&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:03 UTC59INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:03 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-YOCD7mtjWvTnG-k1DBr0QA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+550; expires=Wed, 25-Jun-2025 16:14:03 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:03 UTC61INData Raw: 31 66 31 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 66 74 22 2c 5b 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 63 6f 6e 6e 65 63 74 74 65 73 74 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 63 6f 6e 6e 65 63 74 74 65 73 74 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 2e 63 6f 6d 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 63 6f 6e 6e 65 63 74 74 65 73 74 2e 63 6f 6d 2f 72 65 64 69 72
                                                                                  Data Ascii: 1f1)]}'["https://r.msft",["https //r.msftconnecttest.com/redirect","https //r.msftconnecttest","https //r.msft.com"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftconnecttest.com/redir
                                                                                  2023-06-26 16:14:03 UTC61INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  22192.168.2.349786142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:04 UTC61OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msfts&oit=3&cp=15&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:04 UTC62INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:04 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-SAuqihXbagD__it85UeiAw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+874; expires=Wed, 25-Jun-2025 16:14:04 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:04 UTC64INData Raw: 32 32 39 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 66 74 73 22 2c 5b 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 75 64 65 6e 74 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 75 64 69 6f 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 6f 70 70 65 72 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 6f 70 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73 74 75 64 65 6e 74
                                                                                  Data Ascii: 229)]}'["https://r.msfts",["https //r.msftstudent.com","https //r.msftstudio.com","https //r.msftstopper","https //r.msftstop"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstudent
                                                                                  2023-06-26 16:14:04 UTC64INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  23192.168.2.349787142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:05 UTC64OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftst&oit=3&cp=16&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:05 UTC65INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:05 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-WAPkZQIJla5dljDzB8-WJQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+612; expires=Wed, 25-Jun-2025 16:14:05 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:05 UTC67INData Raw: 32 32 61 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 66 74 73 74 22 2c 5b 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 75 64 65 6e 74 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 75 64 69 6f 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 6f 70 70 65 72 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 6f 70 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73 74 75 64 65 6e
                                                                                  Data Ascii: 22a)]}'["https://r.msftst",["https //r.msftstudent.com","https //r.msftstudio.com","https //r.msftstopper","https //r.msftstop"],["","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstuden
                                                                                  2023-06-26 16:14:05 UTC67INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  24192.168.2.349788142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:05 UTC67OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftsta&oit=3&cp=17&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:05 UTC68INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:05 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-HOw38xUOSshmpiHltCy2dQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+232; expires=Wed, 25-Jun-2025 16:14:05 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:05 UTC70INData Raw: 31 63 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 66 74 73 74 61 22 2c 5b 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 61 63 6b 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 61 74 65 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 61 63 6b 2e 6e 65 74 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73 74 61 63 6b 22 7d 2c 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73
                                                                                  Data Ascii: 1cc)]}'["https://r.msftsta",["https //r.msftstack","https //r.msftstate","https //r.msftstack.net"],["","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstack"},{"mp":"\u2026 ","t":"//r.msfts
                                                                                  2023-06-26 16:14:05 UTC70INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  25192.168.2.349789142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:05 UTC70OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstat&oit=3&cp=18&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  26192.168.2.349790142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:06 UTC71OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstati&oit=3&cp=19&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:06 UTC71INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:06 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-z8gzgCDdicr1cw_v9OuYJA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+630; expires=Wed, 25-Jun-2025 16:14:06 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:06 UTC73INData Raw: 31 38 66 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 22 2c 5b 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 73 74 69 63 73 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 6f 6e 73 2e 63 6f 6d 22 5d 2c 5b 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 73 74 69 63 73 22 7d 2c 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 6f 6e 73 2e 63 6f
                                                                                  Data Ascii: 18f)]}'["https://r.msftstati",["https //r.msftstatistics","https //r.msftstations.com"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstatistics"},{"mp":"\u2026 ","t":"//r.msftstations.co
                                                                                  2023-06-26 16:14:06 UTC74INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  27192.168.2.349791142.250.184.196443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:14:06 UTC74OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2F%2Fr.msftstatic&oit=3&cp=20&gs_rn=42&psi=C3eoOgypHV4nfftd&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:14:06 UTC74INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:14:06 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-KKZEN_tYPrbWa1PiS3pMsA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+522; expires=Wed, 25-Jun-2025 16:14:06 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:14:06 UTC76INData Raw: 31 38 63 0d 0a 29 5d 7d 27 0a 5b 22 68 74 74 70 73 3a 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 63 22 2c 5b 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 63 2e 63 6f 6d 22 2c 22 68 74 74 70 73 20 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 63 2e 6e 65 74 22 5d 2c 5b 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a 5b 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 63 2e 63 6f 6d 22 7d 2c 7b 22 6d 70 22 3a 22 5c 75 32 30 32 36 20 22 2c 22 74 22 3a 22 2f 2f 72 2e 6d 73 66 74 73 74 61 74 69 63 2e 6e 65 74 22 7d
                                                                                  Data Ascii: 18c)]}'["https://r.msftstatic",["https //r.msftstatic.com","https //r.msftstatic.net"],["",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:suggestdetail":[{"mp":"\u2026 ","t":"//r.msftstatic.com"},{"mp":"\u2026 ","t":"//r.msftstatic.net"}
                                                                                  2023-06-26 16:14:06 UTC76INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  3192.168.2.349754178.250.1.6443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:07 UTC5OUTGET /favicon.ico HTTP/1.1
                                                                                  Host: cat.nl3.eu.criteo.com
                                                                                  Connection: keep-alive
                                                                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                  Sec-Fetch-Site: same-origin
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: image
                                                                                  Referer: https://cat.nl3.eu.criteo.com/
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:07 UTC5INHTTP/1.1 200 OK
                                                                                  server: nginx
                                                                                  date: Mon, 26 Jun 2023 16:12:07 GMT
                                                                                  content-type: text/plain; charset=UTF-8
                                                                                  content-length: 1406
                                                                                  last-modified: Tue, 01 Jul 2008 08:24:36 GMT
                                                                                  etag: "4869e9c4-57e"
                                                                                  expires: Thu, 20 Jun 2024 16:12:07 GMT
                                                                                  cache-control: max-age=31104000
                                                                                  cache-control: public
                                                                                  timing-allow-origin: *
                                                                                  access-control-allow-origin: *
                                                                                  cross-origin-resource-policy: cross-origin
                                                                                  cross-origin-embedder-policy: require-corp
                                                                                  accept-ranges: bytes
                                                                                  strict-transport-security: max-age=31536000; preload;
                                                                                  connection: close
                                                                                  2023-06-26 16:12:07 UTC6INData Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 76 d7 00 47 54 5e 00 24 64 99 00 12 6d b8 00 35 5c 7c 00 3e 58 6d 00 1a 69 a9 00 50 50 50 00 09 71 c6 00 2c 60 8b 00 04 74 cf 00 0e 6f bf 00 42 56 66 00 1e 67 a2 00 31 5e 83 00 28 62 92 00 4b 52 58 00 3a 5a 73 00 38 5b 78 00 07 72 ca 00 4d 51 54 00 14 6c b4 00 0b 70 c3 00 45 55 61 00 10 6e bb 00 1c 68 a6 00 26 63 96 00 2a 61 8e 00 02 74 d2 00 41 57 69 00 49 53 5a 00 20 66 a0 00 01 75 d5 00 4e 50 52 00 05 73 cd 00 3f 57 6b 00 3b 59 71 00 39 5a 76 00 32 5d 81 00 4c 51 56 00 0d 6f c1 00 48 53 5c 00 0e 6e bd 00 3d 58 6f 00 36 5c 7a 00 27 63 94 00 1e
                                                                                  Data Ascii: h( @vGT^$dm5\|>XmiPPPq,`toBVfg1^(bKRX:Zs8[xrMQTlpEUanh&c*atAWiISZ fuNPRs?Wk;Yq9Zv2]LQVoHS\n=Xo6\z'c


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  4192.168.2.349756178.250.1.6443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:08 UTC7OUTGET / HTTP/1.1
                                                                                  Host: cat.nl3.eu.criteo.com
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: max-age=0
                                                                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                  Sec-Fetch-Site: same-origin
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-Dest: document
                                                                                  Referer: https://cat.nl3.eu.criteo.com/
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:08 UTC8INHTTP/1.0 200 OK
                                                                                  cache-control: private, max-age=0
                                                                                  expires: -1
                                                                                  content-type: text/html
                                                                                  2023-06-26 16:12:08 UTC8INData Raw: 0a
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  5192.168.2.349757178.250.1.6443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:08 UTC8OUTGET /favicon.ico HTTP/1.1
                                                                                  Host: cat.nl3.eu.criteo.com
                                                                                  Connection: keep-alive
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept: */*
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:08 UTC8INHTTP/1.1 200 OK
                                                                                  server: nginx
                                                                                  date: Mon, 26 Jun 2023 16:12:08 GMT
                                                                                  content-type: text/plain; charset=UTF-8
                                                                                  content-length: 1406
                                                                                  last-modified: Tue, 01 Jul 2008 08:24:36 GMT
                                                                                  etag: "4869e9c4-57e"
                                                                                  expires: Thu, 20 Jun 2024 16:12:08 GMT
                                                                                  cache-control: max-age=31104000
                                                                                  cache-control: public
                                                                                  timing-allow-origin: *
                                                                                  access-control-allow-origin: *
                                                                                  cross-origin-resource-policy: cross-origin
                                                                                  cross-origin-embedder-policy: require-corp
                                                                                  accept-ranges: bytes
                                                                                  strict-transport-security: max-age=31536000; preload;
                                                                                  connection: close
                                                                                  2023-06-26 16:12:08 UTC9INData Raw: 00 00 01 00 01 00 10 10 00 00 00 00 00 00 68 05 00 00 16 00 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 08 00 00 00 00 00 40 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 76 d7 00 47 54 5e 00 24 64 99 00 12 6d b8 00 35 5c 7c 00 3e 58 6d 00 1a 69 a9 00 50 50 50 00 09 71 c6 00 2c 60 8b 00 04 74 cf 00 0e 6f bf 00 42 56 66 00 1e 67 a2 00 31 5e 83 00 28 62 92 00 4b 52 58 00 3a 5a 73 00 38 5b 78 00 07 72 ca 00 4d 51 54 00 14 6c b4 00 0b 70 c3 00 45 55 61 00 10 6e bb 00 1c 68 a6 00 26 63 96 00 2a 61 8e 00 02 74 d2 00 41 57 69 00 49 53 5a 00 20 66 a0 00 01 75 d5 00 4e 50 52 00 05 73 cd 00 3f 57 6b 00 3b 59 71 00 39 5a 76 00 32 5d 81 00 4c 51 56 00 0d 6f c1 00 48 53 5c 00 0e 6e bd 00 3d 58 6f 00 36 5c 7a 00 27 63 94 00 1e
                                                                                  Data Ascii: h( @vGT^$dm5\|>XmiPPPq,`toBVfg1^(bKRX:Zs8[xrMQTlpEUanh&c*atAWiISZ fuNPRs?Wk;Yq9Zv2]LQVoHS\n=Xo6\z'c


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  6192.168.2.349759142.250.186.100443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:13 UTC10OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:13 UTC11INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:12:13 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-khr9b-g7jsTrA84cW1e3cQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+259; expires=Wed, 25-Jun-2025 16:12:13 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:12:13 UTC13INData Raw: 31 33 32 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 76 69 72 61 74 20 6b 6f 68 6c 69 20 63 72 69 63 6b 65 74 22 2c 22 6f 6c 6c 69 65 20 72 6f 62 69 6e 73 6f 6e 20 63 72 69 63 6b 65 74 22 2c 22 72 61 63 65 68 6f 72 73 65 20 65 71 75 69 6e 6f 78 22 2c 22 72 6f 62 65 72 74 6f 20 66 69 72 6d 69 6e 6f 20 74 72 61 6e 73 66 65 72 22 2c 22 72 6f 6e 64 61 20 72 6f 75 73 65 79 20 75 66 63 20 72 65 74 75 72 6e 22 2c 22 6b 69 62 61 6e 20 72 61 69 22 2c 22 67 6f 6f 67 6c 65 20 70 69 78 65 6c 20 37 22 2c 22 62 72 69 74 61 69 6e 20 68 6f 75 73 65 20 70 72 69 63 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 70 72
                                                                                  Data Ascii: 132f)]}'["",["virat kohli cricket","ollie robinson cricket","racehorse equinox","roberto firmino transfer","ronda rousey ufc return","kiban rai","google pixel 7","britain house prices"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"pr
                                                                                  2023-06-26 16:12:13 UTC14INData Raw: 76 5a 4c 6d 6b 71 4f 69 45 42 47 33 62 53 79 6c 57 39 78 39 76 77 30 55 74 74 6c 6f 59 36 56 44 48 62 6f 34 4b 6c 59 67 72 47 4e 56 78 4c 67 64 7a 6a 31 4f 71 4f 75 67 31 71 6d 56 58 37 68 32 74 38 78 58 73 31 71 6f 4c 4e 5a 4a 55 68 66 77 71 6d 75 4b 55 34 6e 66 42 5a 70 48 4f 78 50 33 50 62 34 36 59 65 6f 65 6a 6f 70 6e 6d 71 61 4b 6d 69 5a 35 47 38 52 67 4d 42 79 33 71 51 66 6a 6b 36 4a 30 33 54 6c 4e 4a 61 6b 70 4b 2b 4a 58 47 56 59 71 4f 36 46 57 44 4c 68 68 36 67 67 63 36 4e 78 73 6a 46 76 44 59 4d 63 2b 62 7a 5a 77 64 4b 6e 54 37 4c 2b 54 6b 77 76 64 68 76 52 77 4a 6e 46 54 64 52 62 4c 65 31 4c 49 72 4a 4d 6f 32 68 47 47 44 6e 34 61 47 55 55 38 6b 5a 57 50 48 68 7a 53 74 6e 4a 50 66 57 70 58 43 31 55 4e 79 32 66 54 71 57 4b 59 6f 63 6f 7a 4c 35 6c
                                                                                  Data Ascii: vZLmkqOiEBG3bSylW9x9vw0UttloY6VDHbo4KlYgrGNVxLgdzj1OqOug1qmVX7h2t8xXs1qoLNZJUhfwqmuKU4nfBZpHOxP3Pb46YeoejopnmqaKmiZ5G8RgMBy3qQfjk6J03TlNJakpK+JXGVYqO6FWDLhh6ggc6NxsjFvDYMc+bzZwdKnT7L+TkwvdhvRwJnFTdRbLe1LIrJMo2hGGDn4aGUU8kZWPHhzStnJPfWpXC1UNy2fTqWKYocozL5l
                                                                                  2023-06-26 16:12:13 UTC16INData Raw: 6a 43 53 72 47 51 44 31 2f 53 74 54 76 73 6c 56 39 6a 76 32 74 70 70 62 44 61 77 50 78 48 50 7a 48 66 47 33 6b 43 42 57 58 70 73 49 65 6b 74 4e 54 57 69 50 62 4b 43 43 63 46 4a 7a 75 4d 69 6c 4c 74 4e 6f 65 34 72 61 54 30 54 62 39 2b 59 55 35 33 65 43 79 58 58 6a 73 6c 4b 54 31 56 35 6b 2b 41 72 51 65 43 35 45 64 56 6f 52 44 62 65 51 75 54 47 4a 37 77 6b 64 55 71 55 6f 71 7a 6a 34 35 7a 56 4e 67 32 69 4a 62 6b 6c 4d 4f 4f 6c 76 62 63 6a 64 52 2b 66 57 70 6e 67 32 4b 57 4c 6a 64 5a 7a 5a 4f 48 65 53 30 52 34 46 53 41 6f 6e 37 4c 53 4b 7a 4c 4c 57 65 6a 66 49 58 61 62 62 4c 78 52 53 36 4a 53 65 6a 69 53 67 2b 66 55 56 33 53 6f 4b 41 4b 53 43 44 34 69 6e 54 6e 45 57 35 50 58 49 64 57 69 4f 72 53 30 6b 34 31 6a 71 6f 2f 44 79 46 63 6b 4e 37 35 48 6a 6e 66 7a
                                                                                  Data Ascii: jCSrGQD1/StTvslV9jv2tppbDawPxHPzHfG3kCBWXpsIektNTWiPbKCCcFJzuMilLtNoe4raT0Tb9+YU53eCyXXjslKT1V5k+ArQeC5EdVoRDbeQuTGJ7wkdUqUoqzj45zVNg2iJbklMOOlvbcjdR+fWpng2KWLjdZzZOHeS0R4FSAon7LSKzLLWejfIXabbLxRS6JSejiSg+fUV3SoKAKSCD4inTnEW5PXIdWiOrS0k41jqo/DyFckN75Hjnfz
                                                                                  2023-06-26 16:12:13 UTC17INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  7192.168.2.349760178.250.1.6443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:15 UTC17OUTGET / HTTP/1.1
                                                                                  Host: cat.nl3.eu.criteo.com
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: max-age=0
                                                                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-User: ?1
                                                                                  Sec-Fetch-Dest: document
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:15 UTC18INHTTP/1.0 200 OK
                                                                                  cache-control: private, max-age=0
                                                                                  expires: -1
                                                                                  content-type: text/html
                                                                                  2023-06-26 16:12:15 UTC18INData Raw: 0a
                                                                                  Data Ascii:


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  8192.168.2.349764142.250.186.100443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:23 UTC18OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                  Host: www.google.com
                                                                                  Connection: keep-alive
                                                                                  X-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJShywEIi6vMAQj7u8wBCKO9zAEI6sDMAQicycwBCOLLzAEImNHMAQiZ0swB
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: no-cors
                                                                                  Sec-Fetch-Dest: empty
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:23 UTC19INHTTP/1.1 200 OK
                                                                                  Date: Mon, 26 Jun 2023 16:12:23 GMT
                                                                                  Pragma: no-cache
                                                                                  Expires: -1
                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                  Content-Type: text/javascript; charset=UTF-8
                                                                                  Strict-Transport-Security: max-age=31536000
                                                                                  Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-T_CnzABmMn_ibqBrcPWgDA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                  Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                  Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                  Accept-CH: Sec-CH-UA-Platform
                                                                                  Accept-CH: Sec-CH-UA-Platform-Version
                                                                                  Accept-CH: Sec-CH-UA-Full-Version
                                                                                  Accept-CH: Sec-CH-UA-Arch
                                                                                  Accept-CH: Sec-CH-UA-Model
                                                                                  Accept-CH: Sec-CH-UA-Bitness
                                                                                  Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                  Accept-CH: Sec-CH-UA-WoW64
                                                                                  Permissions-Policy: unload=()
                                                                                  Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0=
                                                                                  Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
                                                                                  Content-Disposition: attachment; filename="f.txt"
                                                                                  Server: gws
                                                                                  X-XSS-Protection: 0
                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                  Set-Cookie: CONSENT=PENDING+006; expires=Wed, 25-Jun-2025 16:12:23 GMT; path=/; domain=.google.com; Secure
                                                                                  P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                  Accept-Ranges: none
                                                                                  Vary: Accept-Encoding
                                                                                  Connection: close
                                                                                  Transfer-Encoding: chunked
                                                                                  2023-06-26 16:12:23 UTC21INData Raw: 31 37 61 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 61 72 64 61 20 67 c3 bc 6c 65 72 22 2c 22 69 67 61 20 73 77 69 61 74 65 6b 22 2c 22 77 6f 72 6c 64 20 73 65 6e 69 6f 72 73 20 6d 61 73 74 65 72 73 22 2c 22 76 69 72 61 74 20 6b 6f 68 6c 69 20 63 72 69 63 6b 65 74 22 2c 22 73 6f 70 68 69 65 20 65 63 63 6c 65 73 74 6f 6e 65 22 2c 22 72 61 63 65 68 6f 72 73 65 20 65 71 75 69 6e 6f 78 22 2c 22 6b 69 62 61 6e 20 72 61 69 22 2c 22 67 6f 6f 67 6c 65 20 70 69 78 65 6c 20 37 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 70 72 65 22 3a 30 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 68 65 61
                                                                                  Data Ascii: 17a6)]}'["",["arda gler","iga swiatek","world seniors masters","virat kohli cricket","sophie ecclestone","racehorse equinox","kiban rai","google pixel 7"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"pre":0,"tlw":false},"google:hea
                                                                                  2023-06-26 16:12:23 UTC22INData Raw: 62 5a 43 38 67 41 66 71 4f 69 54 71 64 34 45 67 52 74 4e 55 65 45 63 55 44 66 4c 51 74 52 47 51 39 49 32 42 31 39 4a 72 66 34 79 46 61 73 2b 7a 7a 4f 66 35 44 42 6e 68 2f 74 42 56 37 74 78 4a 35 67 4d 71 43 63 53 2f 57 54 4f 67 54 72 38 52 38 64 52 36 30 6e 46 7a 49 73 69 61 6e 78 72 45 37 7a 46 48 4c 56 79 37 63 53 56 4e 4e 41 4d 67 43 41 6b 43 5a 48 6e 4e 55 48 56 42 51 43 67 54 35 39 4b 71 79 68 36 39 4e 76 71 53 74 71 76 73 56 68 4b 79 64 68 39 48 66 4e 45 38 53 78 6d 30 74 75 57 7a 64 6f 6c 53 68 49 6b 47 41 4b 58 72 56 33 39 52 4a 32 41 49 6b 30 30 58 46 6f 39 66 38 41 4c 4c 54 4c 62 34 51 42 42 56 2b 36 68 74 51 41 6a 4d 61 70 79 65 70 5a 34 58 78 66 68 6d 7a 58 37 56 7a 6a 62 33 41 30 4b 31 74 78 49 50 63 61 66 72 62 69 4b 78 75 62 47 34 76 6d 37
                                                                                  Data Ascii: bZC8gAfqOiTqd4EgRtNUeEcUDfLQtRGQ9I2B19Jrf4yFas+zzOf5DBnh/tBV7txJ5gMqCcS/WTOgTr8R8dR60nFzIsianxrE7zFHLVy7cSVNNAMgCAkCZHnNUHVBQCgT59Kqyh69NvqStqvsVhKydh9HfNE8Sxm0tuWzdolShIkGAKXrV39RJ2AIk00XFo9f8ALLTLb4QBBV+6htQAjMapyepZ4XxfhmzX7Vzjb3A0K1txIPcafrbiKxubG4vm7
                                                                                  2023-06-26 16:12:23 UTC24INData Raw: 76 72 70 70 73 4d 74 49 48 4b 67 42 52 77 62 71 67 6a 6c 72 70 6b 55 6c 63 44 6e 32 30 32 66 79 6e 4e 45 6e 39 71 79 54 4c 30 34 37 70 2b 58 36 36 39 34 74 6d 34 71 4f 46 71 6d 34 6b 46 67 4d 69 4a 4f 76 6b 54 38 74 52 77 79 75 71 47 35 49 31 64 69 49 74 74 62 77 39 38 4c 37 7a 5a 4a 38 74 45 62 46 53 53 32 2b 6f 2b 30 75 77 77 47 42 38 4e 68 77 59 39 76 72 34 38 64 47 56 52 51 4d 59 47 65 65 52 77 78 39 66 49 39 64 65 4d 61 43 61 57 52 67 42 34 55 51 4b 6a 67 4f 4c 64 66 54 6c 36 36 76 42 42 5a 4d 2f 2f 32 51 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 71 22 3a 22 67 73 5f 73 73 70 5c 75 30 30 33 64 65 4a 7a 6a 34 74 56 50 31 7a 63 30 54 44 59 31 53 53 6f 7a 4e 43 67 7a 59 50 54 69 7a 6b 78 50 56 43 67 75 7a 30 77 73 53 63 30 47 41 48 45 31 43 49 6b 22
                                                                                  Data Ascii: vrppsMtIHKgBRwbqgjlrpkUlcDn202fynNEn9qyTL047p+X6694tm4qOFqm4kFgMiJOvkT8tRwyuqG5I1diIttbw98L7zZJ8tEbFSS2+o+0uwwGB8NhwY9vr48dGVRQMYGeeRwx9fI9deMaCaWRgB4UQKjgOLdfTl66vBBZM//2Q\u003d\u003d","q":"gs_ssp\u003deJzj4tVP1zc0TDY1SSozNCgzYPTizkxPVCguz0wsSc0GAHE1CIk"
                                                                                  2023-06-26 16:12:23 UTC26INData Raw: 34 4b 6c 59 67 72 47 4e 56 78 4c 67 64 7a 6a 31 4f 71 4f 75 67 31 71 6d 56 58 37 68 32 74 38 78 58 73 31 71 6f 4c 4e 5a 4a 55 68 66 77 71 6d 75 4b 55 34 6e 66 42 5a 70 48 4f 78 50 33 50 62 34 36 59 65 6f 65 6a 6f 70 6e 6d 71 61 4b 6d 69 5a 35 47 38 52 67 4d 42 79 33 71 51 66 6a 6b 36 4a 30 33 54 6c 4e 4a 61 6b 70 4b 2b 4a 58 47 56 59 71 4f 36 46 57 44 4c 68 68 36 67 67 63 36 4e 78 73 6a 46 76 44 59 4d 63 2b 62 7a 5a 77 64 4b 6e 54 37 4c 2b 54 6b 77 76 64 68 76 52 77 4a 6e 46 54 64 52 62 4c 65 31 4c 49 72 4a 4d 6f 32 68 47 47 44 6e 34 61 47 55 55 38 6b 5a 57 50 48 68 7a 53 74 6e 4a 50 66 57 70 58 43 31 55 4e 79 32 66 54 71 57 4b 59 6f 63 6f 7a 4c 35 6c 2b 42 37 6a 57 5a 2f 77 41 51 62 50 55 77 58 69 69 57 42 35 49 36 5a 75 30 71 38 65 76 62 50 35 61 4e 31
                                                                                  Data Ascii: 4KlYgrGNVxLgdzj1OqOug1qmVX7h2t8xXs1qoLNZJUhfwqmuKU4nfBZpHOxP3Pb46YeoejopnmqaKmiZ5G8RgMBy3qQfjk6J03TlNJakpK+JXGVYqO6FWDLhh6ggc6NxsjFvDYMc+bzZwdKnT7L+TkwvdhvRwJnFTdRbLe1LIrJMo2hGGDn4aGUU8kZWPHhzStnJPfWpXC1UNy2fTqWKYocozL5l+B7jWZ/wAQbPUwXiiWB5I6Zu0q8evbP5aN1
                                                                                  2023-06-26 16:12:23 UTC27INData Raw: 39 65 34 0d 0a 67 50 54 76 70 37 72 72 6a 57 52 56 73 6b 56 4e 39 48 4f 30 34 6a 52 77 63 6b 37 4e 34 79 64 33 59 38 6a 37 76 48 66 50 6f 58 46 59 58 79 4a 5a 6b 59 67 47 48 35 68 76 52 30 79 56 33 44 47 52 71 70 51 55 68 68 64 53 54 48 39 6d 75 7a 37 4e 63 5a 2b 50 36 61 46 54 58 39 6c 53 6b 6d 51 52 6d 4b 65 45 56 44 35 7a 39 6c 47 58 69 41 4a 35 34 77 6a 73 53 65 32 56 50 73 4f 72 6c 48 64 6e 71 54 54 4e 48 34 44 51 56 42 63 71 79 74 79 56 44 45 4b 66 7a 41 4a 7a 32 34 39 34 30 32 4a 50 74 73 42 43 7a 45 41 61 58 50 34 67 49 38 76 54 45 7a 51 78 68 35 56 64 64 68 2f 43 63 39 2f 6c 6f 35 4f 54 76 52 51 63 45 36 71 58 68 44 55 57 35 36 59 52 46 6b 6b 51 6b 74 36 4c 74 77 52 38 74 4c 2b 33 69 42 66 42 7a 50 2f 39 6b 5c 75 30 30 33 64 22 2c 22 71 22 3a 22
                                                                                  Data Ascii: 9e4gPTvp7rrjWRVskVN9HO04jRwck7N4yd3Y8j7vHfPoXFYXyJZkYgGH5hvR0yV3DGRqpQUhhdSTH9muz7NcZ+P6aFTX9lSkmQRmKeEVD5z9lGXiAJ54wjsSe2VPsOrlHdnqTTNH4DQVBcqytyVDEKfzAJz249402JPtsBCzEAaXP4gI8vTEzQxh5Vddh/Cc9/lo5OTvRQcE6qXhDUW56YRFkkQkt6LtwR8tL+3iBfBzP/9k\u003d","q":"
                                                                                  2023-06-26 16:12:23 UTC28INData Raw: 33 4c 57 34 39 46 44 69 33 45 4b 43 6d 74 79 63 4b 53 51 66 61 69 50 53 39 6b 33 36 70 30 58 6e 52 53 6c 72 6d 6f 75 46 75 6a 54 47 2f 77 43 6c 39 70 4c 67 48 62 49 38 71 61 72 63 4c 6a 4e 63 37 55 45 46 4e 78 73 30 75 4b 74 4a 55 46 6f 79 45 6a 7a 4a 42 79 50 75 42 58 52 6f 6f 66 6d 53 6e 70 37 4b 72 68 70 52 48 6a 73 73 75 4b 42 43 55 67 4b 49 36 39 7a 57 5a 6b 2b 46 46 4b 45 72 63 55 6c 73 71 78 75 49 55 6f 66 36 72 66 55 36 47 48 37 7a 4a 59 5a 77 30 6c 6c 77 42 53 57 2b 50 4d 44 6e 35 43 76 69 75 63 69 31 50 4e 75 6c 70 63 70 53 6f 68 78 74 53 6c 70 42 56 6a 72 6e 63 44 6e 31 34 70 65 31 71 74 44 4f 57 6e 4b 59 39 62 5a 6b 4f 57 74 38 65 4a 76 59 43 73 37 73 4b 53 4d 6e 74 35 56 70 49 44 54 34 64 62 51 64 72 5a 47 33 50 61 6b 33 62 62 49 57 38 32 77
                                                                                  Data Ascii: 3LW49FDi3EKCmtycKSQfaiPS9k36p0XnRSlrmouFujTG/wCl9pLgHbI8qarcLjNc7UEFNxs0uKtJUFoyEjzJByPuBXRoofmSnp7KrhpRHjssuKBCUgKI69zWZk+FFKErcUlsqxuIUof6rfU6GH7zJYZw0llwBSW+PMDn5Cviuci1PNulpcpSohxtSlpBVjrncDn14pe1qtDOWnKY9bZkOWt8eJvYCs7sKSMnt5VpIDT4dbQdrZG3Pak3bbIW82w
                                                                                  2023-06-26 16:12:23 UTC29INData Raw: 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a
                                                                                  Data Ascii: TITY","QUERY","ENTITY","QUERY"]}]
                                                                                  2023-06-26 16:12:23 UTC29INData Raw: 30 0d 0a 0d 0a
                                                                                  Data Ascii: 0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  9192.168.2.349765178.250.1.6443C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  2023-06-26 16:12:26 UTC29OUTGET / HTTP/1.1
                                                                                  Host: cat.nl3.eu.criteo.com
                                                                                  Connection: keep-alive
                                                                                  Cache-Control: max-age=0
                                                                                  sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"
                                                                                  sec-ch-ua-mobile: ?0
                                                                                  sec-ch-ua-platform: "Windows"
                                                                                  Upgrade-Insecure-Requests: 1
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                                                                  Sec-Fetch-Site: none
                                                                                  Sec-Fetch-Mode: navigate
                                                                                  Sec-Fetch-User: ?1
                                                                                  Sec-Fetch-Dest: document
                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                  Accept-Language: en-US,en;q=0.9
                                                                                  2023-06-26 16:12:26 UTC30INHTTP/1.0 200 OK
                                                                                  cache-control: private, max-age=0
                                                                                  expires: -1
                                                                                  content-type: text/html
                                                                                  2023-06-26 16:12:26 UTC30INData Raw: 0a
                                                                                  Data Ascii:


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  050100s020406080100

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  050100s0.0050100MB

                                                                                  Click to jump to process

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:18:12:04
                                                                                  Start date:26/06/2023
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://cat.nl3.eu.criteo.com/
                                                                                  Imagebase:0x7ff70f0c0000
                                                                                  File size:2'852'640 bytes
                                                                                  MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Show Windows behavior

                                                                                  File Activities

                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                  Show Windows behavior

                                                                                  Process Activities

                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                  Show Windows behavior

                                                                                  Memory Activities

                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                  Show Windows behavior

                                                                                  Process Token Activities


                                                                                  General

                                                                                  Target ID:1
                                                                                  Start time:18:12:05
                                                                                  Start date:26/06/2023
                                                                                  Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 --field-trial-handle=1768,i,9653423935331324691,15110827108972514347,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                                                                  Imagebase:0x7ff70f0c0000
                                                                                  File size:2'852'640 bytes
                                                                                  MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:low
                                                                                  Show Windows behavior

                                                                                  File Activities

                                                                                  There is hidden Windows Behavior. Click on Show Windows Behavior to show it.
                                                                                  Show Windows behavior

                                                                                  Memory Activities


                                                                                  Disassembly

                                                                                  No disassembly