Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://main.d3engbxc9elyir.amplifyapp.com/

Overview

General Information

Sample URL:https://main.d3engbxc9elyir.amplifyapp.com/
Analysis ID:1520606
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Installs a global event hook (focus changed)
Installs a global keyboard hook
Creates files inside the system directory
Deletes files inside the Windows folder
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTML body contains low number of good links
HTML title does not match URL
HTTP GET or POST without a user agent
Installs a global mouse hook
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 4392 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 5020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,1698617406949419602,7228872294080109155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 6552 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://main.d3engbxc9elyir.amplifyapp.com/" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • osk.exe (PID: 2724 cmdline: "C:\Windows\system32\osk.exe" MD5: 745F2DF5BEED97B8C751DF83938CB418)
  • osk.exe (PID: 4144 cmdline: "C:\Windows\system32\osk.exe" MD5: 745F2DF5BEED97B8C751DF83938CB418)
    • explorer.exe (PID: 4552 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: https://main.d3engbxc9elyir.amplifyapp.com/SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: Number of links: 0
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: Title: Security Check does not match URL
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No favicon
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No favicon
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No <meta name="author".. found
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No <meta name="author".. found
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No <meta name="copyright".. found
Source: https://main.d3engbxc9elyir.amplifyapp.com/HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\LICENSE.txtJump to behavior
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.130:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.189.173.23:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.5:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.189:443 -> 192.168.2.17:62293 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.17:62287 -> 1.1.1.1:53
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.13
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: main.d3engbxc9elyir.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://main.d3engbxc9elyir.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: main.d3engbxc9elyir.amplifyapp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://main.d3engbxc9elyir.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1Host: pbs.twimg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7w4lCmcLnSAMp5&MD=MGKTDmtu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=%27&oit=4&cp=1&pgcl=4&gs_rn=42&psi=CE2RIP3hMqCwg0VO&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rb/17/jnc,nj/8is6HLWQOmmjdhp0hh0w6MjZScI.js?bu=DygxcoQBiQGMAYEBe37EAccBMbcBMcoB&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
Source: global trafficHTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/CYGXBN1kkA_ojDY5vKbCoG4Zy0E.css?bu=C8MJmAO6BJ8KhAnuCPQGWlpaWg&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
Source: global trafficHTTP traffic detected: GET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: fp.msedge.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rb/1a/cir3,ortl,cc,nc/eNojzGTgc6FFJi_kGAzzghOMEG4.css?bu=B8ECRa8ClwFaWswC&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7w4lCmcLnSAMp5&MD=MGKTDmtu HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /rb/3F/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1Accept: */*Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: r.bing.comConnection: Keep-AliveCookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
Source: global trafficHTTP traffic detected: GET /ab HTTP/1.1Host: evoke-windowsservices-tas.msedge.netCache-Control: no-store, no-cacheX-PHOTOS-CALLERID: 9NMPJ99VJBWVX-EVOKE-RING: X-WINNEXT-RING: PublicX-WINNEXT-TELEMETRYLEVEL: BasicX-WINNEXT-OSVERSION: 10.0.19045.0X-WINNEXT-APPVERSION: 1.23082.131.0X-WINNEXT-PLATFORM: DesktopX-WINNEXT-CANTAILOR: FalseX-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=If-None-Match: 2056388360_-1434155563Accept-Encoding: gzip, deflate, br
Source: global trafficHTTP traffic detected: GET /client/config?cc=CH&setlang=en-CH HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: -240X-DeviceID: 01000A41090080B6X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard TimeX-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAASn14KcyreLXX78T5uYKSejBIybhIWPme3BzC2wWolWPEDuIla2puElquWcOHSDPfclMqv2tnoIW8JUsTTk/I8iNPTifwMOsIS9DCQQdocv6ABJbT0KuTkXNVEDs4V2msq/7LqwSSSCCiXnEFscPcypAp5Bfi1lx2wj4Vx/mOsq/1Nod%2BbwOZPNOL%2BwKYFN58d%2BW1Z2UMSuK7fsanBSnBpwldx2LpxkuC1g3Ve1JUCfAf6WxPEqDuGy5C1Hn1W9wkFzrli%2BgGFBvyhghBl8hz09Fe19jJahtwFnKjEFKkyO/3eGAmut%2BSaF/2Yz2HSgv4Mdki8kaM9FyJk1JrbABhCsQZgAAEBx79s31%2Bfn6%2Bxdll4OkxWKwAQ0t/gned/PYcRTAsulgJWCpytZ%2B/oM%2B9/0FvFAwKRHkd20FXJ/nmDwtT6g%2ByFs7X1Jrs0fgur9mt8e6gj0wUzpdQJLJUBq9AXqN3H7ODxpxlRzAFtHLu9n4ZXaj%2BxmKSlsSfSxVv5thPx6o10Ae7CHklVbWx4l9C7xsF9PAF9zcdXgfVISKjOqkKRlWvKrejVAOiogPUKQ6nzAH1qfL9RtvAEwXU19AYwC0yt8wUt1SBghwuRY1KnTHxAVIN/bkETYH9kGrOfEfU/9fVyAfbmCwW4exJ1y8FDD%2Bumc7/iJjQHUz7NiLXeUwkOpikwmHsGmlxLYwx8pL2DZCENbkIo1ypgWd9uShm2iD8V0miAkl9KGXFNTzOCqbmA7idn2NCox30g%2B5m3oxrTtAtC2u7T/pFGYCfyEovppdoOj4qmnRYXFSNCiDfhC02gdgfSZn2lEgDL3fhRl4bBLgtAOctDay8a7kQV%2Br0Qj5QNVJQzRGGij3JoMSHplVgd1YOwQZ3ymJMLJR0fbiUF7A/DSHoXxxu9pKzxmPJdhq1Rmu6rOUT96015lg4tq/kw2cs9xnoNcB%26p%3DX-Agent-DeviceId: 01000A41090080B6X-BM-CBT: 1727448426User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-GB, en, en-USX-Device-Touch: falseX-Device-ClientSession: D1688C44F2084BD3AAB35A5004AD6140X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
Source: global trafficDNS traffic detected: DNS query: main.d3engbxc9elyir.amplifyapp.com
Source: global trafficDNS traffic detected: DNS query: pbs.twimg.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: unknownHTTP traffic detected: POST /Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-CJS-1.2.0&x-apikey=33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176 HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: browser.pipe.aria.microsoft.comContent-Length: 994Connection: Keep-AliveCache-Control: no-cache
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 4343Connection: closeDate: Fri, 27 Sep 2024 14:46:09 GMTServer: AmazonS3Accept-Ranges: bytesETag: "029912fa35a1fe0ffd93c74661b3f40c"Last-Modified: Fri, 27 Sep 2024 09:39:59 GMTVary: Accept-EncodingX-Cache: Error from cloudfrontVia: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P2Alt-Svc: h3=":443"; ma=86400X-Amz-Cf-Id: 34-FoivZFMMgRTPbqAamY5-f2Ocp4SY-bwxQUD7L77aWjwGu-8X4SA==
Source: explorer.exe, 00000015.00000000.1561947476.0000000009065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.00000000090A6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2212425593.00000000090A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: explorer.exe, 00000015.00000003.2212425593.00000000091A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.000000000916A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2324726415.00000000091A1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
Source: explorer.exe, 00000015.00000000.1561947476.0000000009065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.00000000090A6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2212425593.00000000090A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: explorer.exe, 00000015.00000000.1561947476.0000000009065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.00000000090A6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2212425593.00000000090A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: explorer.exe, 00000015.00000000.1561947476.0000000009065000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.00000000090A6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000003.2212425593.00000000090A4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: explorer.exe, 00000015.00000000.1551773653.0000000007802000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2308966050.0000000007824000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
Source: explorer.exe, 00000015.00000000.1553098582.0000000007E80000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
Source: explorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByApp
Source: explorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2333061936.000000000C562000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppMEOW/r
Source: explorer.exe, 00000015.00000000.1572755344.000000000C655000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2338118422.000000000C694000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1549522056.0000000001287000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008ECC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
Source: explorer.exe, 00000015.00000000.1572755344.000000000C655000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2338118422.000000000C694000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS0
Source: explorer.exe, 00000015.00000000.1549522056.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSd
Source: explorer.exe, 00000015.00000000.1549522056.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOSp
Source: explorer.exe, 00000015.00000002.2321034431.0000000008F8C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008F19000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
Source: explorer.exe, 00000015.00000002.2308966050.0000000007739000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1551773653.000000000772A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
Source: explorer.exe, 00000015.00000002.2321034431.0000000008FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008F19000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=A201BF9CD1304F30B542E3825626C85B&timeOut=5000&oc
Source: explorer.exe, 00000015.00000002.2304434485.0000000003772000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1550463566.0000000003750000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
Source: explorer.exe, 00000015.00000000.1561947476.000000000903B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2321034431.000000000904B000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.compL
Source: explorer.exe, 00000015.00000000.1551773653.000000000774A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svg
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsi
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://becausemomsays.com
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://becausemomsays.com/she-wanted-to-keep-her-deceased-husbands-ring-so-she-selfishly-denied-her
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-dark
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govM
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govM-dark
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cookpolitical.com/2020-national-popular-vote-tracker
Source: explorer.exe, 00000015.00000000.1561947476.000000000908F000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
Source: explorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2333061936.000000000C4BC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://financebuzz.com/top-signs-of-financial-fitness?utm_source=msn&utm_medium=feed&synd_slide=1&s
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA11zmNj.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15Yat4.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15zgnY.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1bAqmF.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1eCpi4.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1h6zb1.img
Source: explorer.exe, 00000015.00000000.1551773653.000000000774A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2308966050.0000000007774000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2308966050.00000000077E4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hIktm.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1hMqKR.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AABp9vq.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AALo3og.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAywOab.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BBACBCB.img
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://news.gallup.com/poll/247016/conservatives-greatly-outnumber-liberals-states.aspx
Source: explorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
Source: explorer.exe, 00000015.00000002.2321034431.0000000008F3E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008F19000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comtextQ
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stacker.com/
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://stacker.com/politics/states-most-conservatives-0
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew
Source: explorer.exe, 00000015.00000002.2338118422.000000000C715000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1572755344.000000000C721000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/
Source: explorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.com
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.270towin.com/
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.financebuzz.com/clever-debt-payoff-55mp?utm_source=msn&utm_medium=feed&synd_slide=1&synd
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.forbes.com/sites/elanagross/2020/10/28/trump-administration-uses-philadelphia-protests-t
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/autos/buying/if-your-old-car-has-any-of-these-16-problems-consider-buying-
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/entertainment/entertainment-celebrity/mother-sued-and-won-against-school-d
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1h
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/medical/scientists-reveal-new-findings-about-older-adults-who-take-
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/if-any-of-these-11-things-describes-you-you-ve-climb
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/retirement/retirees-why-oct-12-is-social-security-s-most-important-d
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/many-gop-anti-trumpers-are-throwing-in-the-towel/ar-AA1hMmec
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/the-state-with-the-most-liberals-isn-t-california-or-new-yor
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2308966050.00000000077E4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/technology/the-most-stunning-space-images-captured-in-2023-so-far/ar-
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/ancient-footprints-upend-timeline-of-humans-arrival-in-north-ameri
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/a-russian-missile-attack-in-eastern-ukraine-kills-a-10-year-old
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/putin-s-plan-for-winning-the-war-in-ukraine-could-be-starting-t
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/seismologist-predicts-earthquake-in-asia-japan-issues-tsunami-w
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/these-new-overhead-aircraft-bins-could-be-an-inflight-game-cha
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com:443/en-us/feed
Source: explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/
Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62290 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62290
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62291
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62292
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 62293
Source: unknownNetwork traffic detected: HTTP traffic on port 62293 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 62292 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 62291 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.17:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.130:443 -> 192.168.2.17:49721 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.189.173.23:443 -> 192.168.2.17:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.17:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.17:49726 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.5.88:443 -> 192.168.2.17:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.126.29.5:443 -> 192.168.2.17:49729 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.23.209.189:443 -> 192.168.2.17:62293 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

barindex
Installs a global event hook (focus changed)
Source: C:\Windows\System32\osk.exeWindows user hook set: Path: unknown Event Start:focus Event End: focus Module: NULLJump to behavior
Installs a global keyboard hook
Source: C:\Windows\System32\osk.exeWindows user hook set: 0 keyboard low level C:\Windows\system32\osk.exeJump to behavior
Source: C:\Windows\System32\osk.exeWindows user hook set: 4748 call wnd proc C:\Windows\System32\uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\osk.exeWindows user hook set: 4748 get message C:\Windows\System32\uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\osk.exeWindows user hook set: 0 shell C:\Windows\system32\OskSupport.dllJump to behavior
Source: C:\Windows\System32\osk.exeWindows user hook set: 0 mouse low level C:\Windows\system32\osk.exeJump to behavior
Source: C:\Windows\System32\osk.exeWindows user hook set: 0 keyboard low level C:\Windows\system32\osk.exeJump to behavior
Source: C:\Windows\System32\osk.exeWindows user hook set: 0 mouse low level C:\Windows\system32\osk.exeJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\Google.Widevine.CDM.dllJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\sets.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\LICENSEJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\LICENSE.txtJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\Filtering RulesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\manifest.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\_metadata\Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\_metadata\verified_contents.jsonJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\manifest.fingerprintJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_1682649702Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_1682649702\cr_en-us_500000_index.binJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\chrome_BITS_4392_230120034Jump to behavior
Source: Google.Widevine.CDM.dll.0.drStatic PE information: Number of sections : 12 > 10
Source: classification engineClassification label: mal56.spyw.win@28/32@8/6
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Windows\System32\osk.exeMutant created: \Sessions\1\BaseNamedObjects\OSKRunning
Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
Source: C:\Windows\System32\osk.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,1698617406949419602,7228872294080109155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://main.d3engbxc9elyir.amplifyapp.com/"
Source: unknownProcess created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: unknownProcess created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,1698617406949419602,7228872294080109155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Windows\System32\osk.exe "C:\Windows\system32\osk.exe" Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: osksupport.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: winmm.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: wmsgapi.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: duser.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: mmdevapi.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: devobj.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: ksuser.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: avrt.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: audioses.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: midimap.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: xmllite.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: hid.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: mstextprediction.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: uiamanager.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: windowscodecs.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: actxprxy.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Windows\System32\osk.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.internal.shell.broker.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: cdprt.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: twext.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: duser.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: windows.ui.fileexplorer.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: uiribbon.dllJump to behavior
Source: C:\Windows\explorer.exeSection loaded: networkexplorer.dllJump to behavior
Source: C:\Windows\System32\osk.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29CE1D46-B481-4AA0-A08A-D3EBC8ACA402}\InProcServer32Jump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: Google.Widevine.CDM.dll.0.drStatic PE information: section name: .00cfg
Source: Google.Widevine.CDM.dll.0.drStatic PE information: section name: .gxfg
Source: Google.Widevine.CDM.dll.0.drStatic PE information: section name: .retplne
Source: Google.Widevine.CDM.dll.0.drStatic PE information: section name: .voltbl
Source: Google.Widevine.CDM.dll.0.drStatic PE information: section name: _RDATA
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\Google.Widevine.CDM.dllJump to dropped file
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\LICENSE.txtJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\osk.exeWindow / User API: threadDelayed 858Jump to behavior
Source: C:\Windows\System32\osk.exe TID: 7040Thread sleep time: -60000s >= -30000sJump to behavior
Source: explorer.exe, 00000015.00000002.2321034431.000000000904B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00dRom0
Source: explorer.exe, 00000015.00000003.2212425593.000000000918F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: explorer.exe, 00000015.00000003.2212425593.00000000091ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}Z
Source: explorer.exe, 00000015.00000003.2212425593.00000000091ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z
Source: explorer.exe, 00000015.00000000.1561947476.000000000903B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: 4NECVMWar VMware SATA CD00
Source: explorer.exe, 00000015.00000000.1561947476.000000000903B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWal@
Source: explorer.exe, 00000015.00000002.2321034431.000000000907B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTVMWare
Source: explorer.exe, 00000015.00000003.2212425593.00000000091ED000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}W)J
Source: explorer.exe, 00000015.00000000.1561947476.00000000090A6000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&0000007
Source: explorer.exe, 00000015.00000000.1549522056.0000000001287000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G4
Source: explorer.exe, 00000015.00000000.1561947476.000000000908F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: explorer.exe, 00000015.00000002.2321034431.0000000008FB9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008F19000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWUS;
Source: explorer.exe, 00000015.00000000.1561947476.000000000916A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000
Source: explorer.exe, 00000015.00000002.2295373599.00000000012C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000]
Source: explorer.exe, 00000015.00000002.2295373599.00000000012C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000=
Source: explorer.exe, 00000015.00000000.1550463566.00000000037BB000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
Source: explorer.exe, 00000015.00000000.1551596489.0000000004DD0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.00000000091C6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2324726415.0000000009212000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000015.00000000.1549861583.0000000001871000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000002.2301998106.0000000001874000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
Source: explorer.exe, 00000015.00000000.1549522056.0000000001267000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2295373599.0000000001267000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman&
Source: explorer.exe, 00000015.00000000.1549861583.0000000001871000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000002.2301998106.0000000001874000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: YProgram Manager
Source: explorer.exe, 00000015.00000000.1549861583.0000000001871000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000015.00000002.2301998106.0000000001874000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		2
Process Injection		23
Masquerading		1
Credential API Hooking		1
Security Software Discovery		Remote Services1
Credential API Hooking		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
Registry Run Keys / Startup Folder		1
Virtualization/Sandbox Evasion		111
Input Capture		1
Virtualization/Sandbox Evasion		Remote Desktop Protocol111
Input Capture		3
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		2
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS1
Application Window Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
File Deletion		LSA Secrets1
File and Directory Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC ScriptsSteganographyCached Domain Credentials1
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://main.d3engbxc9elyir.amplifyapp.com/100%SlashNextCredential Stealing type: Phishing & Social Engineering

Dropped Files

SourceDetectionScannerLabelLink
C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\Google.Widevine.CDM.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV0%URL Reputationsafe
https://api.msn.com:443/v1/news/Feed/Windows?0%URL Reputationsafe
https://excel.office.com0%URL Reputationsafe
http://schemas.micro0%URL Reputationsafe
https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNew0%URL Reputationsafe
https://outlook.com0%URL Reputationsafe
https://android.notify.windows.com/iOS0%URL Reputationsafe
https://api.msn.com/0%URL Reputationsafe
https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark0%URL Reputationsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
dualstack.twimg.twitter.map.fastly.net
199.232.188.159
truefalse
    		unknown
    main.d3engbxc9elyir.amplifyapp.com
    		18.66.102.22
    		truefalse
      		unknown
      www.google.com
      		142.250.186.36
      		truefalse
        		unknown
        pbs.twimg.com
        		unknown
        		unknowntrue
          		unknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://main.d3engbxc9elyir.amplifyapp.com/favicon.icotrue
            		unknown
            https://pbs.twimg.com/media/GGrR89_WgAAgrOI?format=jpg&name=largefalse
              		unknown
              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=%27&oit=4&cp=1&pgcl=4&gs_rn=42&psi=CE2RIP3hMqCwg0VO&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                		unknown
                https://main.d3engbxc9elyir.amplifyapp.com/true
                  		unknown
                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000015.00000002.2321034431.0000000008FA0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008F19000.00000004.00000001.00020000.00000000.sdmpfalse
                      		unknown
                      https://www.msn.com/en-us/news/politics/many-gop-anti-trumpers-are-throwing-in-the-towel/ar-AA1hMmecexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                        		unknown
                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DVexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000015.00000002.2304434485.0000000003772000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1550463566.0000000003750000.00000004.00000001.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://news.gallup.com/poll/247016/conservatives-greatly-outnumber-liberals-states.aspxexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                          		unknown
                          https://www.msn.com/en-us/news/politics/the-state-with-the-most-liberals-isn-t-california-or-new-yorexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                            		unknown
                            https://deff.nelreports.net/api/report?cat=msnexplorer.exe, 00000015.00000000.1561947476.000000000908F000.00000004.00000001.00020000.00000000.sdmpfalse
                              		unknown
                              https://excel.office.comexplorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2333061936.000000000C4BC000.00000004.00000001.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.msn.com/en-us/news/us/ancient-footprints-upend-timeline-of-humans-arrival-in-north-ameriexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                		unknown
                                http://schemas.microexplorer.exe, 00000015.00000000.1553098582.0000000007E80000.00000002.00000001.00040000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Teaser/recordhigh.svgexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://www.270towin.com/explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://www.msn.com/en-us/news/world/a-russian-missile-attack-in-eastern-ukraine-kills-a-10-year-oldexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govM-darkexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://www.msn.com/en-us/news/world/seismologist-predicts-earthquake-in-asia-japan-issues-tsunami-wexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://windows.msn.com:443/shellv2?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhbexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://api.msn.com/v1/news/Feed/Windows?activityId=A201BF9CD1304F30B542E3825626C85B&timeOut=5000&ocexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://android.notify.windows.com/iOSpexplorer.exe, 00000015.00000000.1549522056.0000000001287000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.msn.com/en-us/health/medical/mayo-clinic-minute-who-benefits-from-taking-statins/ar-AA1hexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://www.msn.com/en-us/entertainment/entertainment-celebrity/mother-sued-and-won-against-school-dexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://www.theatlantic.com/politics/archive/2014/02/the-origin-of-liberalism/283780/explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://wns.windows.com/explorer.exe, 00000015.00000002.2338118422.000000000C715000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1572755344.000000000C721000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://www.financebuzz.com/clever-debt-payoff-55mp?utm_source=msn&utm_medium=feed&synd_slide=1&syndexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://android.notify.windows.com/iOSdexplorer.exe, 00000015.00000000.1549522056.0000000001287000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/WeatherInsights/WeatherInsiexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://www.msn.com/en-us/money/retirement/retirees-why-oct-12-is-social-security-s-most-important-dexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://word.office.comexplorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svgexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://windows.msn.com:443/shell?osLocale=en-GB&chosenMarketReason=ImplicitNewexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://financebuzz.com/top-signs-of-financial-fitness?utm_source=msn&utm_medium=feed&synd_slide=1&sexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://outlook.comexplorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://cookpolitical.com/2020-national-popular-vote-trackerexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://www.msn.com/en-us/money/personalfinance/if-any-of-these-11-things-describes-you-you-ve-climbexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://powerpoint.office.comtextQexplorer.exe, 00000015.00000002.2321034431.0000000008F3E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008F19000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://stacker.com/politics/states-most-conservatives-0explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://becausemomsays.comexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://crl.microexplorer.exe, 00000015.00000003.2212425593.00000000091A1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.000000000916A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2324726415.00000000091A1000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                  		unknown
                                                                                  https://assets.msn.com/weathermapdata/1explorer.exe, 00000015.00000000.1551773653.000000000774A000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13govMexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://android.notify.windows.com/iOSexplorer.exe, 00000015.00000000.1572755344.000000000C655000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2338118422.000000000C694000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1549522056.0000000001287000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008ECC000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://www.forbes.com/sites/elanagross/2020/10/28/trump-administration-uses-philadelphia-protests-texplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://android.notify.windows.com/iOS0explorer.exe, 00000015.00000000.1572755344.000000000C655000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2338118422.000000000C694000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppexplorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppMEOW/rexplorer.exe, 00000015.00000000.1569943397.000000000C458000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2333061936.000000000C562000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://www.msn.com/en-us/news/technology/the-most-stunning-space-images-captured-in-2023-so-far/ar-explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000002.2308966050.00000000077E4000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://www.msn.com/en-us/autos/buying/if-your-old-car-has-any-of-these-16-problems-consider-buying-explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    https://www.msn.com/en-us/news/world/putin-s-plan-for-winning-the-war-in-ukraine-could-be-starting-texplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://api.msn.com/explorer.exe, 00000015.00000002.2321034431.0000000008F8C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000015.00000000.1561947476.0000000008F19000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13g0vJ-darkexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        • URL Reputation: safe
                                                                                                        		unknown
                                                                                                        https://www.msn.com/en-us/health/medical/scientists-reveal-new-findings-about-older-adults-who-take-explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://www.msn.com:443/en-us/feedexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://stacker.com/explorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://becausemomsays.com/she-wanted-to-keep-her-deceased-husbands-ring-so-she-selfishly-denied-herexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://www.msn.com/en-us/travel/news/these-new-overhead-aircraft-bins-could-be-an-inflight-game-chaexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-darkexplorer.exe, 00000015.00000000.1551773653.00000000077A0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		unknown

                                                                                                                    World Map of Contacted IPs

                                                                                                                    • No. of IPs < 25%
                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                    • 75% < No. of IPs

                                                                                                                    Public IPs

                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                    18.66.102.22
                                                                                                                    		main.d3engbxc9elyir.amplifyapp.comUnited States
                                                                                                                    		3MIT-GATEWAYSUSfalse
                                                                                                                    142.250.186.36
                                                                                                                    		www.google.comUnited States
                                                                                                                    		15169GOOGLEUSfalse
                                                                                                                    239.255.255.250
                                                                                                                    		unknownReserved
                                                                                                                    		unknownunknownfalse
                                                                                                                    199.232.188.159
                                                                                                                    		dualstack.twimg.twitter.map.fastly.netUnited States
                                                                                                                    		54113FASTLYUSfalse

                                                                                                                    Private

                                                                                                                    IP
                                                                                                                    192.168.2.17
                                                                                                                    192.168.2.18

                                                                                                                    General Information

                                                                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                                                                    Analysis ID:1520606
                                                                                                                    Start date and time:2024-09-27 16:45:36 +02:00
                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                    Overall analysis duration:0h 4m 55s
                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                    Report type:full
                                                                                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                    Sample URL:https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                    Number of analysed new started processes analysed:30
                                                                                                                    Number of new started drivers analysed:0
                                                                                                                    Number of existing processes analysed:0
                                                                                                                    Number of existing drivers analysed:0
                                                                                                                    Number of injected processes analysed:1
                                                                                                                    Technologies:
                                                                                                                    • HCA enabled
                                                                                                                    • EGA enabled
                                                                                                                    • AMSI enabled
                                                                                                                    Analysis Mode:default
                                                                                                                    Analysis stop reason:Timeout
                                                                                                                    Detection:MAL
                                                                                                                    Classification:mal56.spyw.win@28/32@8/6
                                                                                                                    EGA Information:Failed
                                                                                                                    HCA Information:
                                                                                                                    • Successful, ratio: 100%
                                                                                                                    • Number of executed functions: 0
                                                                                                                    • Number of non-executed functions: 0

                                                                                                                    Warnings

                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, consent.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, TextInputHost.exe, svchost.exe
                                                                                                                    • Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.74.206, 173.194.76.84, 34.104.35.123, 216.58.212.138, 142.250.185.138, 172.217.16.138, 172.217.18.106, 142.250.184.202, 142.250.185.202, 142.250.185.170, 216.58.206.42, 142.250.186.170, 142.250.181.234, 142.250.185.74, 142.250.184.234, 216.58.212.170, 142.250.185.106, 172.217.23.106, 142.250.185.234, 142.250.186.142, 172.217.18.14, 142.250.186.78, 192.229.221.95, 199.232.214.172, 142.250.185.163, 216.58.212.174, 216.58.212.163
                                                                                                                    • Excluded domains from analysis (whitelisted): fp.msedge.net, www.bing.com, clients1.google.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, login.live.com, r.bing.com, evoke-windowsservices-tas.msedge.net, update.googleapis.com, clients.l.google.com, browser.pipe.aria.microsoft.com
                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                    • VT rate limit hit for: https://main.d3engbxc9elyir.amplifyapp.com/

                                                                                                                    Simulations

                                                                                                                    Behavior and APIs

                                                                                                                    TimeTypeDescription
                                                                                                                    10:47:00API Interceptor584x Sleep call for process: explorer.exe modified
                                                                                                                    10:47:43API Interceptor1x Sleep call for process: osk.exe modified

                                                                                                                    LLM Input / Output

                                                                                                                    InputOutput
                                                                                                                    URL: https://main.d3engbxc9elyir.amplifyapp.com/ Model: jbxai
                                                                                                                    {
"brand":["Microsoft Security"],
"contains_trigger_text":false,
"trigger_text":"unknown",
"prominent_buttonname":"Submit",
"text_input_field_labels":"unknown",
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}
                                                                                                                    URL: https://main.d3engbxc9elyir.amplifyapp.com/ Model: jbxai
                                                                                                                    {
"brand":["Microsoft"],
"contains_trigger_text":true,
"trigger_text":"Please enter a valid email address.",
"prominent_buttonname":"Submit",
"text_input_field_labels":["A"],
"pdf_icon_visible":false,
"has_visible_captcha":false,
"has_urgent_text":false,
"has_visible_qrcode":false}

                                                                                                                    Joe Sandbox View / Context

                                                                                                                    IPs

                                                                                                                    No context

                                                                                                                    Domains

                                                                                                                    No context

                                                                                                                    ASNs

                                                                                                                    No context

                                                                                                                    JA3 Fingerprints

                                                                                                                    No context

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:46:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2677
                                                                                                                    Entropy (8bit):3.991917691164676
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:8W4dDTI7NGHqidAKZdA1JehwiZUklqehv6y+3:8WQYjpy
                                                                                                                    MD5:E2C997C8D75F1E2B86617368480A7237
                                                                                                                    SHA1:7236734238035DD08E35C1C3BD0EFA52DFFC53D9
                                                                                                                    SHA-256:C5424367A9023ADD7D892D1E74B472B251E346E3FC0A5CDF40BAEF92B9DFBE6B
                                                                                                                    SHA-512:6D94629BF849A5728FA46F4D3B9D757ED1634E8A43F18A9F1A27A07BBACF32C77090F28F606797D2194A7ECA74C39B75AD2EB41D7EBCF0DB321C4FBC35253006
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.@.. ...$+.,....<.2.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I;Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V;Y.u....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V;Y.u...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V;Y.u...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........62.@.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:46:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2679
                                                                                                                    Entropy (8bit):4.006935454898817
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:8HJ4dDTI7NGHqidAKZdA10eh/iZUkAQkqehw6y+2:8HJQYh9QAy
                                                                                                                    MD5:8AD5FB88EAAE97F7499BF1A439023C07
                                                                                                                    SHA1:3F7DB458D845D6D84B2C519F753652947B360CBD
                                                                                                                    SHA-256:432E2488519AB576E0ED1849AE00BC49FB3F420241AF140CD16FD871C244D3C6
                                                                                                                    SHA-512:C69CE745424B4945D6F21FB0BD16F62DAE5CD14329200A73D3DC96C2DF0218E763C1FD215A254BB1E32B0C812680F57429D0B8451FB56C53B7779B5DC6035068
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.@.. ...$+.,......&.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I;Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V;Y.u....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V;Y.u...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V;Y.u...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........62.@.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2693
                                                                                                                    Entropy (8bit):4.015575034982848
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:8e4dDTI7NjHqidAKZdA14tIeh7sFiZUkmgqeh7s66y+BX:8eQYSn9y
                                                                                                                    MD5:BC607C6F35F57823B431D7014AACABBE
                                                                                                                    SHA1:CDB713D33EAA3560EC8AF8ECED73B6CCB3C01AC9
                                                                                                                    SHA-256:2857DD0AED86673435B6741B3706088297F8DB439840EA47FA547AAE2FF9E0F5
                                                                                                                    SHA-512:1F00BA5A55639DEE6F1B7020D69A5A9E8D21547B02E86783B6634087A22895DD235FA213ED641B9513E69E3642CBCF595E89710D546ECC11CE19ED74276B4249
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I;Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V;Y.u....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V;Y.u...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........62.@.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:46:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2681
                                                                                                                    Entropy (8bit):4.007119857870749
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:8h4dDTI7NGHqidAKZdA1behDiZUkwqeh86y+R:8hQYSHy
                                                                                                                    MD5:D310F3197A767B5B144E8632AA09CEF3
                                                                                                                    SHA1:156F3F3567B775A9E12B9EA25268319E58B53160
                                                                                                                    SHA-256:C498297738AD99C0A9AE321199C7BA193EF8AA870B9D94C21B6E221A1134B814
                                                                                                                    SHA-512:BBA205CC5617E6E26A1CF569181C6946A4DBEAB6DC4471236D2C0BB93DED0D7D9A1CE2ECC97FE037A9AC8768EE9CCE4CC9A1C9AE773653D8D57A8367D574B1E2
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.@.. ...$+.,.....-..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I;Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V;Y.u....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V;Y.u...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V;Y.u...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........62.@.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:46:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2681
                                                                                                                    Entropy (8bit):3.995440820701618
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:8j4dDTI7NGHqidAKZdA1VehBiZUk1W1qeh+6y+C:8jQYC9jy
                                                                                                                    MD5:BF3ED61DC018B5447D41565D96AE48A7
                                                                                                                    SHA1:8923B30A92B078809B9CCDDA269767D3952E2874
                                                                                                                    SHA-256:AB1F607E3676D2D8131128EF2805BC601A011BE2910749AA54FAEFC7ECBE92DA
                                                                                                                    SHA-512:759F0FB9C24F65522CE59A98D1D15EB7ACBF52A28931FA2273EF888960BA4F364EF671816DFF6BB5F1C04A8C3B22F2056569D42F74AF550A0C28612AFBA76B35
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.@.. ...$+.,.....^,.........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I;Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V;Y.u....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V;Y.u...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V;Y.u...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........62.@.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Sep 27 13:46:07 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2683
                                                                                                                    Entropy (8bit):4.002023990721365
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:814dDTI7NGHqidAKZdA1duT6ehOuTbbiZUk5OjqehOuTbU6y+yT+:81QYATTTbxWOvTb9y7T
                                                                                                                    MD5:6467274B4D6E603A3F44D3EAEC98D7CA
                                                                                                                    SHA1:980F8CD5241DFFE4E78DEB81B91C1AD459261636
                                                                                                                    SHA-256:BDF55550924E1CF33AAE756411012B15A785957CF48FA9E54CA0645FA6022EB6
                                                                                                                    SHA-512:612D296697727E31A72C41333EEA7A1ECDC33DB7A49BB005A5D7C40EB4CCCD1F7C3D21A98C5A428D717E0A654C7B3B141A0514E8B3BA57298551A791B8D464D9
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:L..................F.@.. ...$+.,.....1..........y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.I;Y.u....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V;Y.u....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.V;Y.u....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.V;Y.u...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.V;Y.u...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........62.@.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_1682649702\cr_en-us_500000_index.bin

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):7915327
                                                                                                                    Entropy (8bit):6.570635803882568
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:98304:QyIr+F14oHnOFaLct88SXmLiqZ3k5aDyS1WJDjm6J7Yfm7SQ8FWG1mx6Fq:QyRF14BYoSLqZUCyQWNOESQ8S0q
                                                                                                                    MD5:96DB58957B26AB466F04A49E564B88E9
                                                                                                                    SHA1:8F3A2CEE899435119189804820DA85E488876279
                                                                                                                    SHA-256:EC7173FCA63E6AE7185279F7B0977460D3824E1C124DDADEA0C1BF327C93FA76
                                                                                                                    SHA-512:C5CA6C0F99C8266C18CEAFFAF69874AE02F3BB1B088E96571A16D2AC6DBFBFA4AA2FBB7959817B629DD63211F43D5CC4E277C32F2DFC26BBA5CC7D684F14F9EF
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:......w.....h....a..#..y..1..f#~2..tw7;..r!.I..g.MR..c.)Z..ly.n..e3.w..d..}..i.O...mMB...p.x...bw....uk....sG<...o.....z.?...n.%...k.....vI|...j.....x.V...1.....q.....55....2.....9w....4.....3CU...7.....6.....8.5...0Ia.....h.....i...*cp.....p.....q...&.u.....v.....v........x...#.y.../.y....W{...$.|....... ...................-8-tetrahydrocannabinol.i........ to .....-.............. ....... meaning.................^............... ......>........ ......T....E....)e............ meaning.....G...... meaning.....dgar guzm.n l.pez..........<W..(....... meaning.=.........1...... meaning....@Q............ meaningh...........t.... meaning.....#....... ....... . .... ................r eldon...... meaning..... meaning.{..... ..... .......r........2l.... meaning.L.... meaning.C..... .......A........ . .....R..............

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\Google.Widevine.CDM.dll

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):2877728
                                                                                                                    Entropy (8bit):6.868480682648069
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:49152:GB6BoH5sOI2CHusbKOdskuoHHVjcY94RNETO2WYA4oPToqnQ3dK5zuqvGKGxofFo:M67hlnVjcYGRNETO2WYA4oLoqnJuZI5
                                                                                                                    MD5:477C17B6448695110B4D227664AA3C48
                                                                                                                    SHA1:949FF1136E0971A0176F6ADEA8ADCC0DD6030F22
                                                                                                                    SHA-256:CB190E7D1B002A3050705580DD51EBA895A19EB09620BDD48D63085D5D88031E
                                                                                                                    SHA-512:1E267B01A78BE40E7A02612B331B1D9291DA8E4330DEA10BF786ACBC69F25E0BAECE45FB3BAFE1F4389F420EBAA62373E4F035A45E34EADA6F72C7C61D2302ED
                                                                                                                    Malicious:false
                                                                                                                    Antivirus:
                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                    Reputation:low
                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....fd.........." ......(..........A&.......................................,.......,...`A.........................................V*......V*......`,......`+..p....+. )...p,......D*.8....................C*.(.....(.8...........p\*..............................text.....(.......(................. ..`.rdata..h.....(.......(.............@..@.data....l....*..&....*.............@....pdata...p...`+..r....*.............@..@.00cfg..(.....+......p+.............@..@.gxfg....$....+..&...r+.............@..@.retplnel.... ,.......+..................tls.........0,.......+.............@....voltbl.D....@,.......+................._RDATA.......P,.......+.............@..@.rsrc........`,.......+.............@..@.reloc.......p,.......+.............@..B........................................................................................................................................

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\_metadata\verified_contents.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1778
                                                                                                                    Entropy (8bit):6.02086725086136
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:p/hCdQAdJjRkakCi0LXjX9mqjW6JmfQkNWQzXXf2gTs:RtQ1aaxXrjW6JuQEWQKas
                                                                                                                    MD5:3E839BA4DA1FFCE29A543C5756A19BDF
                                                                                                                    SHA1:D8D84AC06C3BA27CCEF221C6F188042B741D2B91
                                                                                                                    SHA-256:43DAA4139D3ED90F4B4635BD4D32346EB8E8528D0D5332052FCDA8F7860DB729
                                                                                                                    SHA-512:19B085A9CFEC4D6F1B87CC6BBEEB6578F9CBA014704D05C9114CFB0A33B2E7729AC67499048CB33823C884517CBBDC24AA0748A9BB65E9C67714E6116365F1AB
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJHb29nbGUuV2lkZXZpbmUuQ0RNLmRsbCIsInJvb3RfaGFzaCI6Im9ZZjVLQ2Z1ai1MYmdLYkQyWFdBS1E5Nkp1bTR1Q2dCZTRVeEpGSExSNWMifSx7InBhdGgiOiJtYW5pZmVzdC5qc29uIiwicm9vdF9oYXNoIjoiYk01YTJOU1d2RkY1LW9Tdml2eFdqdXVwZ05pblVGakdPQXRrLTBJcGpDZyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6Im5laWZhb2luZGdnZmNqaWNmZmtncG1ubHBwZWZmYWJkIiwiaXRlbV92ZXJzaW9uIjoiMS4wLjI3MzguMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"KTPeHzS0ybFaz3_br3ASYWHjb6Ctul92067u2JMwtNYYm-4KxLiSkJZNBIzhm6hNSEW2p5kUEvHD0TjhhFGCZnWm9titj2bqJayCOAGxZb5BO74JJCRfy5Kwr1KSS4nvocsZepnHBmCiG2OV3by-Lyf1h1uU3X3bDfD92O0vJzrA8rwL2LrwIk-BolLo5nlM0I_MZwg8DhZ8SFBu9GGRVB2XrailDrv4SgupFE9gqA1HY6kjRjoyoAHbRRxZdBNNt9IKNdxNyaF9NcNRY8dAedNQ9Tw3YNp5jB7R9lcjO4knn58RdH2h_GiJ4l96StcXA4e7cqbJ77P-c

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\manifest.fingerprint

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):66
                                                                                                                    Entropy (8bit):3.974403644129192
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:SLVV8T+WSq2ykFDJp9qBn:SLVqZS5p0B
                                                                                                                    MD5:D30A5BBC00F7334EEDE0795D147B2E80
                                                                                                                    SHA1:78F3A6995856854CAD0C524884F74E182F9C3C57
                                                                                                                    SHA-256:A08C1BC41DE319392676C7389048D8B1C7424C4B74D2F6466BCF5732B8D86642
                                                                                                                    SHA-512:DACF60E959C10A3499D55DC594454858343BF6A309F22D73BDEE86B676D8D0CED10E86AC95ECD78E745E8805237121A25830301680BD12BFC7122A82A885FF4B
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:1.c900ba9a2d8318263fd43782ee6fd5fb50bad78bf0eb2c972b5922c458af45ed

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_323717889\manifest.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):145
                                                                                                                    Entropy (8bit):4.595307058143632
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:rR6TAulhFphifFooG+HhFFKS18CWjhXLXGPQ3TRpvF/FHddTcplFHddTcVYA:F6VlM5PpKS18hRIA
                                                                                                                    MD5:BBC03E9C7C5944E62EFC9C660B7BD2B6
                                                                                                                    SHA1:83F161E3F49B64553709994B048D9F597CDE3DC6
                                                                                                                    SHA-256:6CCE5AD8D496BC5179FA84AF8AFC568EEBA980D8A75058C6380B64FB42298C28
                                                                                                                    SHA-512:FB80F091468A299B5209ACC30EDAF2001D081C22C3B30AAD422CBE6FEA7E5FE36A67A8E000D5DD03A30C60C30391C85FA31F3931E804C351AB0A71E9A978CC0F
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:{. "manifest_version": 2,. "name": "windows-mf-cdm",. "version": "1.0.2738.0",. "accept_arch": [. "x64",. "x86_64",. "x86_64h". ].}

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\Filtering Rules

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):74272
                                                                                                                    Entropy (8bit):5.535436646838848
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:1536:GB9Cdg51kGLmOSe1pEQHdPr4l0TmmJ2I7CwguaRZrgMQUavJX5vwKf:Sok1RLtb1ptdPrYk1J2IPguangMQ3X5P
                                                                                                                    MD5:B23DD5B6ECCB460003EA37BA0F5E3730
                                                                                                                    SHA1:FD444553CB7699F84CE7E5664232771673DCF67D
                                                                                                                    SHA-256:7F7F432C27D97DEE184DCD3EA20F731674C008BE849C0136F9C5358E359F3EA9
                                                                                                                    SHA-512:7E47BD172C4BD4C65F063A8FA3FB33ED47F29156EB20E42D4E8EA73C6F02526A30FFE907BE5B7C1406D4EAA71FBEC7C0D557C376DCCD0A1A961E2F61B3431181
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:............0.8.@.R.-728x90...........0.8.@.R.adtdp.com^..........0.8.@.R.yomeno.xyz^..........0.8.@.R.yellowblue.io^..........0.8.@.R.thubanoa.com^..........0.8.@.R.ad999.biz^..........0.8.@.R._468_60...........0.8.@.R.adrecover.com^..........0.8.@.R.pemsrv.com^..........0.8.@.R.mnaspm.com^..........0.8.@.R..ar/ads/."......0.8.@.R./plugins/cactus-ads/.,........0.8.@.R.mysmth.net/nForum/*/ADAgent_.>........*...worldstar.com0.8.@.R.js.assemblyexchange.com/wana...........0.8.@.R.indoleads.com^.%......0.8.@.R.discordapp.com/banners/.(........0.8.@.R.looker.com/api/internal/.#........0.8.@.R.broadstreetads.com^.(........0.8.@.R.shikoku-np.co.jp/img/ad/..........0.8.@.R./banner.cgi?..........0.8.@.R./in/track?data=.!......0.8.@.R.linkbucks.com/tmpl/..........0.8.@.R.clicktripz.com^..........0.8.@.R.-ad-manager/..........0.8.@.R./page-links-to/dist/new-tab.js........0.8.@.R.files.slack.com^.$........0.8.@.R.admitad-connect.com^.2........0.8.@.R"cloudfront.net/js/common/invoke.js..........0.8

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\LICENSE.txt

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):24623
                                                                                                                    Entropy (8bit):4.588307081140814
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:mva5sf5dXrCN7tnBxpxkepTqzazijFgZk231Py9zD6WApYbm0:mvagXreRnTqzazWgj0v6XqD
                                                                                                                    MD5:D33AAA5246E1CE0A94FA15BA0C407AE2
                                                                                                                    SHA1:11D197ACB61361657D638154A9416DC3249EC9FB
                                                                                                                    SHA-256:1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
                                                                                                                    SHA-512:98B1B12FF0991FD7A5612141F83F69B86BC5A89DD62FC472EE5971817B7BBB612A034C746C2D81AE58FDF6873129256A89AA8BB7456022246DC4515BAAE2454B
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:EasyList Repository Licences.... Unless otherwise noted, the contents of the EasyList repository.. (https://github.com/easylist) is dual licensed under the GNU General.. Public License version 3 of the License, or (at your option) any later.. version, and Creative Commons Attribution-ShareAlike 3.0 Unported, or.. (at your option) any later version. You may use and/or modify the files.. as permitted by either licence; if required, "The EasyList authors.. (https://easylist.to/)" should be attributed as the source of the.. material. All relevant licence files are included in the repository..... Please be aware that files hosted externally and referenced in the.. repository, including but not limited to subscriptions other than.. EasyList, EasyPrivacy, EasyList Germany and EasyList Italy, may be.. available under other conditions; permission must be granted by the.. respective copyright holders to authorise the use of their material.......Creative Commons Attribut

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\_metadata\verified_contents.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1529
                                                                                                                    Entropy (8bit):5.990179229242317
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:24:pZRj/flTHYe1DxxpTkYbKCCojeT31zkaoX63wMHF48I31RwCCyqoX6kyKlklyJqw:p/h4YDxxlbKlTlkakgPLI3hCyqkwnlKD
                                                                                                                    MD5:2FF08C4B4128F634CBBFEA0C1C44AA2E
                                                                                                                    SHA1:45D11E57DDF29E843AC8545C7D06CDDB5DF3E962
                                                                                                                    SHA-256:33B6F2ECD5FB7F9FAF538F29808716EFA337A653809943A8E4B5E450B734DA09
                                                                                                                    SHA-512:14BD9E921E1DB9AC8720C1177897DB624292865D29B976ED9CCCEE572726D7D123A8F39E470987DF796AE0552861FBAE056CDB395F0CB8B0E699C28F5E221999
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJGaWx0ZXJpbmcgUnVsZXMiLCJyb290X2hhc2giOiJpQTVSR2RtNXU1ZjM2ZTJ0QlhPcmJEcEJQX0NxTFc1VW9GZ0NTQ0diU01rIn0seyJwYXRoIjoiTElDRU5TRS50eHQiLCJyb290X2hhc2giOiIyaWswNmk0TFlCdVNHNWphRGFIS253NE9pdnVSRzZsQ0JKMVk0TGtzRFJJIn0seyJwYXRoIjoibWFuaWZlc3QuanNvbiIsInJvb3RfaGFzaCI6IkZ3Q2hIOUhsZzJlMFVLUWJLdVg5SnV5MXpiUlpocHg1YkgzZUdQSFREM00ifV0sImZvcm1hdCI6InRyZWVoYXNoIiwiaGFzaF9ibG9ja19zaXplIjo0MDk2fV0sIml0ZW1faWQiOiJnY21qa21nZGxnbmtrY29jbW9laW1pbmFpam1tam5paSIsIml0ZW1fdmVyc2lvbiI6IjkuNTEuMCIsInByb3RvY29sX3ZlcnNpb24iOjF9","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"ifBoq-woYhqxB78EqRoo2fPRIEfkuykYMlD9kWeeG2QS6-R5YvGNJ9n5OljLXGjvK5U3MDFRLi-UCguxuUaoFjU_QeSCiOLxvDS5JHdk8Bbba8fCW6ZKnH_fvocQD8W7Hj0reH3gOPmD7sIraz8IvG86GRuGPqsxbgc_BRtOCa5KRgqaxfjt7tKlOtaUoO3_qsNlf_8F8k0tNZh131RRIEaXw53z3ZzGpWtgYC0u6s0JKag8l

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\manifest.fingerprint

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):66
                                                                                                                    Entropy (8bit):3.8568101737886993
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:SWcgK7GtszDAAnHT:SWc97GWzDlnHT
                                                                                                                    MD5:6DBEDE254AF8A23D6CB2ABAEA8D2E38F
                                                                                                                    SHA1:A827D46FA5D53CB7B134F143CC15A30BA015ED21
                                                                                                                    SHA-256:376ED55CD5AB45C0F7BAA1AF0AC2637C33DEA6D1D4683B729AE7CE764F70DAA1
                                                                                                                    SHA-512:0F28FD8AF582C18ECCCC1321B94902501D31C4B6C1D11684780DED6217C14E1B313F58A644516F37AE69232F1C2861915337A4D84185E18124F40C629A50B7F9
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:1.3651711652892acf34795b2c7e4d401ed2274c20e952f65cf52deeeef5bbf9b5

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_451530688\manifest.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):114
                                                                                                                    Entropy (8bit):4.547350270682037
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:rR6TAulhFphifFHXG7LGMdv5HcDKhtUJKS1KPYn:F6VlMZWuMt5SKPS1eY
                                                                                                                    MD5:3448D97DA638C7EF0FBCA9B6949FFC8F
                                                                                                                    SHA1:36D8434F26F0316FAB4627F7856FCA7291FE8ADF
                                                                                                                    SHA-256:1700A11FD1E58367B450A41B2AE5FD26ECB5CDB459869C796C7DDE18F1D30F73
                                                                                                                    SHA-512:9BF9055B2EF82BD1D2A1E94009FED2D3481FE2DC336D306FA0DB786658EFA5B72C9A9A214A829B9FCC4222476051871FF012009C64F09B9109072ABDF3DEF8CC
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:{. "manifest_version": 2,. "name": "Subresource Filtering Rules",. "ruleset_format": 1,. "version": "9.51.0".}

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\LICENSE

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1558
                                                                                                                    Entropy (8bit):5.11458514637545
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:OBOCrYJ4rYJVwUCLHDy43HV713XEyMmZ3teTHn:LCrYJ4rYJVwUCHZ3Z13XtdUTH
                                                                                                                    MD5:EE002CB9E51BB8DFA89640A406A1090A
                                                                                                                    SHA1:49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2
                                                                                                                    SHA-256:3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
                                                                                                                    SHA-512:D1FDCC436B8CA8C68D4DC7077F84F803A535BF2CE31D9EB5D0C466B62D6567B2C59974995060403ED757E92245DB07E70C6BDDBF1C3519FED300CC5B9BF9177C
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:// Copyright 2015 The Chromium Authors. All rights reserved..//.// Redistribution and use in source and binary forms, with or without.// modification, are permitted provided that the following conditions are.// met:.//.// * Redistributions of source code must retain the above copyright.// notice, this list of conditions and the following disclaimer..// * Redistributions in binary form must reproduce the above.// copyright notice, this list of conditions and the following disclaimer.// in the documentation and/or other materials provided with the.// distribution..// * Neither the name of Google Inc. nor the names of its.// contributors may be used to endorse or promote products derived from.// this software without specific prior written permission..//.// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS.// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT.// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR.// A PARTICULAR

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\_metadata\verified_contents.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):1864
                                                                                                                    Entropy (8bit):6.021127689065198
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:p/hUI1atAdI567akUmYWEFw/3+ovGJ4F3jkZUbvzk98g5m7:RnYQI47avYUwvVGJ41jkZIzxgA7
                                                                                                                    MD5:68E6B5733E04AB7BF19699A84D8ABBC2
                                                                                                                    SHA1:1C11F06CA1AD3ED8116D356AB9164FD1D52B5CF0
                                                                                                                    SHA-256:F095F969D6711F53F97747371C83D5D634EAEF21C54CB1A6A1CC5B816D633709
                                                                                                                    SHA-512:9DC5D824A55C969820D5D1FBB0CA7773361F044AE0C255E7C48D994E16CE169FCEAC3DE180A3A544EBEF32337EA535683115584D592370E5FE7D85C68B86C891
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiJMSUNFTlNFIiwicm9vdF9oYXNoIjoiUGIwc2tBVUxaUzFqWldTQnctV0hIRkltRlhVcExiZDlUcVkwR2ZHSHBWcyJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiIyNXB3SWdtQWU2QTVoeDVVTG9OV0laODBLbzJjbktOTHpacUdjbjlLT2c4In0seyJwYXRoIjoic2V0cy5qc29uIiwicm9vdF9oYXNoIjoiOWVza0FuRlBsM3VCQzkwUmFWakxNaVI3NXZIQi0wQUVmMmg0RzU3ZXNpcyJ9XSwiZm9ybWF0IjoidHJlZWhhc2giLCJoYXNoX2Jsb2NrX3NpemUiOjQwOTZ9XSwiaXRlbV9pZCI6ImdvbnBlbWRna2pjZWNkZ2JuYWFiaXBwcGJtZ2ZnZ2JlIiwiaXRlbV92ZXJzaW9uIjoiMjAyNC44LjEwLjAiLCJwcm90b2NvbF92ZXJzaW9uIjoxfQ","signatures":[{"header":{"kid":"publisher"},"protected":"eyJhbGciOiJSUzI1NiJ9","signature":"dU2MmRUQSugaJAJvEN4uaQHx-KXdOkjj0yK8_aH4Afr3kN7DPOZRt6yLTS3UchBE5M-dgPPPBuKADj4KEK4B22SO6WQquL5J27AUPqQBGgr44-iFGVJdOLLlfirFlJmcYv6DUFRYiPsQFGMr1JFqInj19jgkOxzR6qqcNuTCB0wGEMeTU80r-igCjeQG6TIzPro7yKd_-UxsxO6OGAySmlIJIoU54X0p0ATNoZyAfkhb8kb0oN8unOU

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\manifest.fingerprint

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):66
                                                                                                                    Entropy (8bit):3.9159446964030753
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:Sq5TQRaELVHecsUDBAeHD5k:Sq5gJ+csHej5k
                                                                                                                    MD5:CFB54589424206D0AE6437B5673F498D
                                                                                                                    SHA1:D1EF6314F0F68EFDD0BA8F6CA9E59BFF863B1609
                                                                                                                    SHA-256:285AC183C35350B4B77332172413902F83726CA8F53D63859B5DA082FD425A1C
                                                                                                                    SHA-512:70FDCA4A1E6B7A5FFED3414E2DB74FECA7E0FD17482B8CB30393DFEE20AB9AD2B0B00FF0C590DD0E8D744D0EAD876CE8844519AF66618ED14666BCA56DF2DA21
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:1.dbf288588465463a914bdfc5e86d465fb3592b2f1261dc0e40fcc5c1adc8e7e4

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\manifest.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):85
                                                                                                                    Entropy (8bit):4.4533115571544695
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:rR6TAulhFphifFCmMARWHJqS1tean:F6VlM8aRWpqS1ln
                                                                                                                    MD5:C3419069A1C30140B77045ABA38F12CF
                                                                                                                    SHA1:11920F0C1E55CADC7D2893D1EEBB268B3459762A
                                                                                                                    SHA-256:DB9A702209807BA039871E542E8356219F342A8D9C9CA34BCD9A86727F4A3A0F
                                                                                                                    SHA-512:C5E95A4E9F5919CB14F4127539C4353A55C5F68062BF6F95E1843B6690CEBED3C93170BADB2412B7FB9F109A620385B0AE74783227D6813F26FF8C29074758A1
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:{. "manifest_version": 2,. "name": "First Party Sets",. "version": "2024.8.10.0".}

                                                                                                                    C:\Windows\SystemTemp\chrome_PuffinComponentUnpacker_BeginUnzipping4392_641429222\sets.json

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JSON data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):9748
                                                                                                                    Entropy (8bit):4.629326694042306
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:Mon4mvC4qX19s1blbw/BNKLcxbdmf56MFJtRTGXvcxN43uP+8qJq:v5C4ql7BkIVmtRTGXvcxBsq
                                                                                                                    MD5:EEA4913A6625BEB838B3E4E79999B627
                                                                                                                    SHA1:1B4966850F1B117041407413B70BFA925FD83703
                                                                                                                    SHA-256:20EF4DE871ECE3C5F14867C4AE8465999C7A2CC1633525E752320E61F78A373C
                                                                                                                    SHA-512:31B1429A5FACD6787F6BB45216A4AB1C724C79438C18EBFA8C19CED83149C17783FD492A03197110A75AAF38486A9F58828CA30B58D41E0FE89DFE8BDFC8A004
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:{"primary":"https://bild.de","associatedSites":["https://welt.de","https://autobild.de","https://computerbild.de","https://wieistmeineip.de"],"serviceSites":["https://www.asadcdn.com"]}.{"primary":"https://blackrock.com","associatedSites":["https://blackrockadvisorelite.it","https://cachematrix.com","https://efront.com","https://etfacademy.it","https://ishares.com"]}.{"primary":"https://cafemedia.com","associatedSites":["https://cardsayings.net","https://nourishingpursuits.com"]}.{"primary":"https://caracoltv.com","associatedSites":["https://noticiascaracol.com","https://bluradio.com","https://shock.co","https://bumbox.com","https://hjck.com"]}.{"primary":"https://carcostadvisor.com","ccTLDs":{"https://carcostadvisor.com":["https://carcostadvisor.be","https://carcostadvisor.fr"]}}.{"primary":"https://citybibleforum.org","associatedSites":["https://thirdspace.org.au"]}.{"primary":"https://cognitiveai.ru","associatedSites":["https://cognitive-ai.ru"]}.{"primary":"https://drimer.io","asso

                                                                                                                    Chrome Cache Entry: 180

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1840x630, components 3
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):39755
                                                                                                                    Entropy (8bit):7.574348657479085
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:LYU5cIupDSkdi0l48StkLA1bAjtenAB7MGrv+/:TruJSkwIlDMBAjtenAB7xrW/
                                                                                                                    MD5:3972435031D02D6FF6CB8A5F2A786094
                                                                                                                    SHA1:0AE6D027CD444F4C4605B21486E919C310FD92D3
                                                                                                                    SHA-256:BA7E54CBF5CA0A4BBDAA39254C20EB8490ADBBA42CD0A14B5B0001A6AA51A26D
                                                                                                                    SHA-512:18BC5D61EC062605ADDB6B06FBA90283E24CA3D6D3333D3803EFCFCFEA100899AF23A5E21649BD0EE751001CF7402508D0817CB570D0243A0BBE4C40657B11BE
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    URL:https://pbs.twimg.com/media/GGrR89_WgAAgrOI?format=jpg&name=large
                                                                                                                    Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................v.0..".................................................................................@............................................................................................?+7r..O3q.3w.!..'..s......].v.7..^.qxQ..Z....@y.>.Y.O...4..|9.p.~.h..m..\.x.........?..i._.h.....YU.!...........................................................H...G....,5.....U..+.C....l..,...`A.z.V},..[.......;MX.e".D..I....[..y...kGYl..2...>..Ec?.hf...+.........Z..1..C3..fw.....5.c..[...............................................................".".-.+.....2.[i7jN4.........l.N......Y..........O...k.ff..+.g..5..9...........*IH.<.u.....c.[.vm..........#..;..>.X.}.:..Q.zI[.Q.R.A..rV...?...........................................................r.q......Xk..u....'.W.......T..'......L.......T|.6..R+y.....\.Q.l...d.....d|>....

                                                                                                                    Chrome Cache Entry: 181

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with very long lines (4742)
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):4747
                                                                                                                    Entropy (8bit):5.8247259751224005
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:K0gwGklift77oq1AB1rA3RszURusFSVaM5mLp4tV81Fjs6O4NAioffffffL:KgmtgDz2hUoMM+t2Fjs6rSP
                                                                                                                    MD5:DC65BC347A383E19EB6611EF9E7C0DD9
                                                                                                                    SHA1:21801F5155C3766729FB0818C7ECF66E4D5E7559
                                                                                                                    SHA-256:1C1C0CF37BF3A6941C318E870C2E2DA102352221CB91A01B9819DDC0B55F25A2
                                                                                                                    SHA-512:4A11778806878856675258B4F63DF2FF2A705C4FC0FD022DA0BDC641E1E0544E7787152D37C7E913E256486F28EF373A5A096B84DE1B51148B93FC99D0AE7FFF
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                                                                                                    Preview:)]}'.["",["twitch streamer moonmoon","seattle mariners playoffs","pokemon sword path shield path","national coffee day deals","orion augmented reality glasses","john wick ballerina movie trailer","the floridian train tickets","mlb oakland athletics"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wNW1fOBIjT2FrbGFuZCBBdGhsZXRpY3Mg4oCUIEJhc2ViYWxsIHRlYW0y5hVkYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQkFDQU1BQUFDZHQ0SHNBQUFBODFCTVZFWC8vLzhBT0RFQU1ESUFNekVBTlRFQU1Ta0FMRElBS2pJQU5TNEFLRElBTWpJQUxqSUFKUnNBS2lFQUxpWUFJeGtBQUFELytlN3Q3KzhBR3c0QUh4UC83OVArMzZxeGh3RCs4ZHlVbjUzSmxRRFBtQURNMGREQmtBRDl5bVNOY3hQKzY4bjh3a1ZHWDFvNFZFOEFGUUFpUmtELy9mZkF4c1haM2R3M1J5cDRaeG1BYVJEOTA0WCs1Ny84eFZUcnJBQ2Nld3dtUUNwc1lSOUJUQ2xuZVhiODE1S3p1N3FscjYxMGhJ

                                                                                                                    Chrome Cache Entry: 182

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):16
                                                                                                                    Entropy (8bit):3.875
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3:HoUinYn:IUyY
                                                                                                                    MD5:903747EA4323C522742842A52CE710C9
                                                                                                                    SHA1:9F806EA4288867A31A4AD53AC171AA4029DF182B
                                                                                                                    SHA-256:4BD8B60F91849C936AE45615145A7B7BE2CF803322A30BABBAE7267A142CA5BB
                                                                                                                    SHA-512:EEF73DC29A38ED70FFCFC321931BCB5B5A29FAAC356E8F6D84F57C532EEF44AE75021C341CF7DAE26B8211924A1C0E0EC4735F6BFC4AF3970A48EB63BFB7895F
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    URL:https://content-autofill.googleapis.com/v1/pages/ChVDaHJvbWUvMTE3LjAuNTkzOC4xNDkSEAkRpIMO4ph2dRIFDYOoWz0=?alt=proto
                                                                                                                    Preview:CgkKBw2DqFs9GgA=

                                                                                                                    Chrome Cache Entry: 183

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):4343
                                                                                                                    Entropy (8bit):4.4743461473840895
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:6cq2JDsm8FTcFF9cTWT645m+kTDJfVWLFxgudbb1GnaC+jHCj:6cq2Jgm8FTcFF9ce4XJg5uaCEHe
                                                                                                                    MD5:029912FA35A1FE0FFD93C74661B3F40C
                                                                                                                    SHA1:D60556BE77ACCA4428A17072F7CD8DDE09E062B9
                                                                                                                    SHA-256:FC8BA563575130DE3D9E75F953DA1834E1C5295E1D5FC482547E48AED82C0F31
                                                                                                                    SHA-512:6A930F1EB852C36F94E9B34B68A1AB46D540F7494C768DC738B0E3EF2924A0376AB17F6130814105350A30A12D39302DD1F88390C7CA3B7A188DAB685A9A10D3
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    URL:https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Security Check</title>. Security Headers -->. <meta name="robots" content="noindex, nofollow, noarchive">. <meta http-equiv="X-Content-Type-Options" content="nosniff">. <meta http-equiv="X-Frame-Options" content="DENY">. <meta http-equiv="X-XSS-Protection" content="1; mode=block">. <meta http-equiv="Strict-Transport-Security" content="max-age=31536000; includeSubDomains; preload">. <meta http-equiv="Referrer-Policy" content="no-referrer">. . <style>. body {. font-family: 'Arial', sans-serif;. background-color: #f9f9f9;. margin: 0;. padding: 0;. }.. .container {. display: flex;. flex-direction: column;. align-items: center;. justify-content: center;. min-height: 100vh;. positi

                                                                                                                    Chrome Cache Entry: 184

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:HTML document, ASCII text
                                                                                                                    Category:downloaded
                                                                                                                    Size (bytes):4343
                                                                                                                    Entropy (8bit):4.4743461473840895
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:48:6cq2JDsm8FTcFF9cTWT645m+kTDJfVWLFxgudbb1GnaC+jHCj:6cq2Jgm8FTcFF9ce4XJg5uaCEHe
                                                                                                                    MD5:029912FA35A1FE0FFD93C74661B3F40C
                                                                                                                    SHA1:D60556BE77ACCA4428A17072F7CD8DDE09E062B9
                                                                                                                    SHA-256:FC8BA563575130DE3D9E75F953DA1834E1C5295E1D5FC482547E48AED82C0F31
                                                                                                                    SHA-512:6A930F1EB852C36F94E9B34B68A1AB46D540F7494C768DC738B0E3EF2924A0376AB17F6130814105350A30A12D39302DD1F88390C7CA3B7A188DAB685A9A10D3
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    URL:https://main.d3engbxc9elyir.amplifyapp.com/favicon.ico
                                                                                                                    Preview:<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <title>Security Check</title>. Security Headers -->. <meta name="robots" content="noindex, nofollow, noarchive">. <meta http-equiv="X-Content-Type-Options" content="nosniff">. <meta http-equiv="X-Frame-Options" content="DENY">. <meta http-equiv="X-XSS-Protection" content="1; mode=block">. <meta http-equiv="Strict-Transport-Security" content="max-age=31536000; includeSubDomains; preload">. <meta http-equiv="Referrer-Policy" content="no-referrer">. . <style>. body {. font-family: 'Arial', sans-serif;. background-color: #f9f9f9;. margin: 0;. padding: 0;. }.. .container {. display: flex;. flex-direction: column;. align-items: center;. justify-content: center;. min-height: 100vh;. positi

                                                                                                                    Chrome Cache Entry: 185

                                                                                                                    Download File
                                                                                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    File Type:JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1840x630, components 3
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):39755
                                                                                                                    Entropy (8bit):7.574348657479085
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:768:LYU5cIupDSkdi0l48StkLA1bAjtenAB7MGrv+/:TruJSkwIlDMBAjtenAB7xrW/
                                                                                                                    MD5:3972435031D02D6FF6CB8A5F2A786094
                                                                                                                    SHA1:0AE6D027CD444F4C4605B21486E919C310FD92D3
                                                                                                                    SHA-256:BA7E54CBF5CA0A4BBDAA39254C20EB8490ADBBA42CD0A14B5B0001A6AA51A26D
                                                                                                                    SHA-512:18BC5D61EC062605ADDB6B06FBA90283E24CA3D6D3333D3803EFCFCFEA100899AF23A5E21649BD0EE751001CF7402508D0817CB570D0243A0BBE4C40657B11BE
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:......JFIF.............C..............................................!........."$".$.......C.......................................................................v.0..".................................................................................@............................................................................................?+7r..O3q.3w.!..'..s......].v.7..^.qxQ..Z....@y.>.Y.O...4..|9.p.~.h..m..\.x.........?..i._.h.....YU.!...........................................................H...G....,5.....U..+.C....l..,...`A.z.V},..[.......;MX.e".D..I....[..y...kGYl..2...>..Ec?.hf...+.........Z..1..C3..fw.....5.c..[...............................................................".".-.+.....2.[i7jN4.........l.N......Y..........O...k.ff..+.g..5..9...........*IH.<.u.....c.[.vm..........#..;..>.X.}.:..Q.zI[.Q.R.A..rV...?...........................................................r.q......Xk..u....'.W.......T..'......L.......T|.6..R+y.....\.Q.l...d.....d|>....

                                                                                                                    Static File Info

                                                                                                                    No static file info

                                                                                                                    Network Behavior

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Sep 27, 2024 16:46:06.981451988 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:06.981487036 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:06.981555939 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:06.981815100 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:06.981822014 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:06.981867075 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:06.982033014 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:06.982048988 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:06.982194901 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:06.982204914 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.613738060 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.614136934 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.614160061 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.615222931 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.615326881 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.616532087 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.616610050 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.616722107 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.616733074 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.630099058 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.630361080 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.630373001 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.631531000 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.631597996 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.642138958 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.642282963 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.662009954 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.695076942 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.695087910 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.741059065 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.883105993 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.883156061 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.883177996 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.883259058 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.883280993 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.883987904 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.884030104 CEST4434970118.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.884098053 CEST49701443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:07.904520035 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:07.904571056 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.904771090 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:07.905109882 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:07.905122042 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.297019958 CEST49678443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:08.297019958 CEST49677443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:08.297029018 CEST49676443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:08.752890110 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.753235102 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.753304005 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.754463911 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.754556894 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.755522013 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.755650043 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.755763054 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.755784035 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.807132006 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.944690943 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.944773912 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.944802999 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.944828033 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.944833040 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.944859028 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.944891930 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.950025082 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.950073957 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.950114012 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.950160980 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.950216055 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.955631018 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.961209059 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.961307049 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.961313009 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.961359024 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:08.961618900 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:08.961637974 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.015042067 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.033226967 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.033370018 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.033415079 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.033447027 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.033471107 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.033519030 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.033525944 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.034137011 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.034234047 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.034239054 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.034255981 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.034315109 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.034332037 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.035059929 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.035135031 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.035165071 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.035173893 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.035213947 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.038639069 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.038754940 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.038803101 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.038814068 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.044075966 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.044131994 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.044147015 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.044162989 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.044213057 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.044222116 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.044260979 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.044357061 CEST49703443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.044374943 CEST44349703199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.050282001 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:09.061929941 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.062021017 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.062134981 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.062336922 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.062371969 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.095417976 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.560127974 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.560179949 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.560256958 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:09.560290098 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.560338020 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:09.560604095 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.560744047 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.560791969 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:09.561754942 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:09.561772108 CEST4434970218.66.102.22192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.561810970 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:09.562418938 CEST49702443192.168.2.1718.66.102.22
                                                                                                                    Sep 27, 2024 16:46:09.726886034 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.727242947 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.727274895 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.728362083 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.728441954 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.728734016 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.728801966 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.728868008 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.775425911 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.779048920 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:09.779073000 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.826010942 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.012036085 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.012523890 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.012605906 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.012630939 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.012691975 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.012732029 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.012742996 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.012751102 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.012809038 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.012814999 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.018295050 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.018331051 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.018363953 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.018378019 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.018424034 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.112759113 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.112924099 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113019943 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113022089 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.113048077 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113100052 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.113136053 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113277912 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113322973 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.113336086 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113424063 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113467932 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.113476038 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113573074 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113617897 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.113626957 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113717079 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113761902 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.113770008 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113863945 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.113909006 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.113918066 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.114011049 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.114058971 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.114068985 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.114166021 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.114207983 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.114216089 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.114403963 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.114459038 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.114671946 CEST49706443192.168.2.17199.232.188.159
                                                                                                                    Sep 27, 2024 16:46:10.114686966 CEST44349706199.232.188.159192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.865288973 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:10.865331888 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.865446091 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:10.865751982 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:10.865763903 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:11.508837938 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:11.509227037 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:11.509252071 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:11.510270119 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:11.510912895 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:11.512206078 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:11.512317896 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:11.565036058 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:11.565088987 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:11.614056110 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:19.264271021 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:19.264313936 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:19.264401913 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:19.281919956 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:19.281949997 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.067954063 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.068058968 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.070183039 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.070195913 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.070456028 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.115053892 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.156599998 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.203401089 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.415211916 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.415234089 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.415246964 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.415262938 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.415292978 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.415317059 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.415333033 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.415370941 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.415397882 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.425688982 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.425751925 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.425762892 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.425774097 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.425836086 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.440118074 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.440144062 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:20.440155029 CEST49711443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:20.440161943 CEST443497114.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:21.421004057 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:21.421072960 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:21.421214104 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:22.342391968 CEST49709443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:22.342423916 CEST44349709142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:23.938520908 CEST49675443192.168.2.17204.79.197.203
                                                                                                                    Sep 27, 2024 16:46:24.242165089 CEST49675443192.168.2.17204.79.197.203
                                                                                                                    Sep 27, 2024 16:46:24.849111080 CEST49675443192.168.2.17204.79.197.203
                                                                                                                    Sep 27, 2024 16:46:26.063082933 CEST49675443192.168.2.17204.79.197.203
                                                                                                                    Sep 27, 2024 16:46:27.858601093 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:27.858644009 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:27.858732939 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:27.859738111 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:27.859760046 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.087444067 CEST49680443192.168.2.1720.189.173.13
                                                                                                                    Sep 27, 2024 16:46:28.387083054 CEST49680443192.168.2.1720.189.173.13
                                                                                                                    Sep 27, 2024 16:46:28.467181921 CEST49675443192.168.2.17204.79.197.203
                                                                                                                    Sep 27, 2024 16:46:28.519447088 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.519541025 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.522799015 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.522816896 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.523066998 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.569252014 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.611413956 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.795178890 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.795255899 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.795341969 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.795464039 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.795464039 CEST49716443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.795511961 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.795538902 CEST44349716184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.836720943 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.836760998 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.836836100 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.837126970 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:28.837140083 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:28.991107941 CEST49680443192.168.2.1720.189.173.13
                                                                                                                    Sep 27, 2024 16:46:29.543910027 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:29.544029951 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:29.545301914 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:29.545316935 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:29.546021938 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:29.547060013 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:29.587409019 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:29.820972919 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:29.821055889 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:29.821729898 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:29.821918011 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:29.821939945 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:29.821952105 CEST49717443192.168.2.17184.28.90.27
                                                                                                                    Sep 27, 2024 16:46:29.821957111 CEST44349717184.28.90.27192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:30.197079897 CEST49680443192.168.2.1720.189.173.13
                                                                                                                    Sep 27, 2024 16:46:30.211977005 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:30.212025881 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:30.212096930 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:30.212363958 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:30.212380886 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:30.904273987 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:30.904584885 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:30.904602051 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:30.904942036 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:30.905242920 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:30.905301094 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:30.905369997 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:30.947411060 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:31.402607918 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:31.402662992 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:31.402697086 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:31.402811050 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:31.402832031 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:31.402853966 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:31.402884960 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:31.402919054 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:31.403960943 CEST49718443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:31.403975010 CEST44349718142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:32.605166912 CEST49680443192.168.2.1720.189.173.13
                                                                                                                    Sep 27, 2024 16:46:33.275242090 CEST49675443192.168.2.17204.79.197.203
                                                                                                                    Sep 27, 2024 16:46:36.537432909 CEST4968280192.168.2.17192.229.211.108
                                                                                                                    Sep 27, 2024 16:46:36.841157913 CEST4968280192.168.2.17192.229.211.108
                                                                                                                    Sep 27, 2024 16:46:37.416146040 CEST49680443192.168.2.1720.189.173.13
                                                                                                                    Sep 27, 2024 16:46:37.448170900 CEST4968280192.168.2.17192.229.211.108
                                                                                                                    Sep 27, 2024 16:46:38.659251928 CEST4968280192.168.2.17192.229.211.108
                                                                                                                    Sep 27, 2024 16:46:41.066325903 CEST4968280192.168.2.17192.229.211.108
                                                                                                                    Sep 27, 2024 16:46:42.887181997 CEST49675443192.168.2.17204.79.197.203
                                                                                                                    Sep 27, 2024 16:46:45.106082916 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:45.106188059 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:45.106302977 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:45.106693029 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:45.106720924 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:45.767960072 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:45.768379927 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:45.768423080 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:45.768774986 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:45.769088984 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:45.769167900 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:45.769236088 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:45.811408043 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:45.869160891 CEST4968280192.168.2.17192.229.211.108
                                                                                                                    Sep 27, 2024 16:46:46.077547073 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:46.077600956 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:46.077637911 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:46.077656031 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:46.077685118 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:46.077728033 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:46.077738047 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:46.079427958 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:46.079521894 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:46.079560041 CEST49719443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:46.079580069 CEST44349719142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:47.021179914 CEST49680443192.168.2.1720.189.173.13
                                                                                                                    Sep 27, 2024 16:46:49.744884968 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:49.744946957 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:49.745028973 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:49.745351076 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:49.745373011 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:50.385273933 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:50.386528015 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:50.386554003 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:50.386945009 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:50.387404919 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:50.387479067 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:50.387558937 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:50.431411982 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:50.521995068 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:50.522124052 CEST44349720142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:50.522196054 CEST49720443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:46:53.871654034 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:53.876908064 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:53.973344088 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:53.973479033 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.007936001 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.007999897 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.008040905 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.008137941 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.008169889 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.012936115 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.012959003 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.012967110 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.013001919 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.013012886 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.013025045 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.107470036 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.107634068 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.121041059 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.124268055 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.124413013 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.124510050 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.125926018 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.129084110 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.129333973 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.129343987 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.137937069 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.142837048 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.218704939 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.218866110 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.218961000 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.223985910 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.270682096 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.270828962 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.271047115 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.271137953 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.295177937 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:54.295242071 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.295350075 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:54.295679092 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:54.295695066 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.418991089 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.419058084 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.615197897 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.620110989 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.766699076 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.766725063 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.766762018 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.766803980 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.926071882 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:54.931261063 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.931298971 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.939564943 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.939651966 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:54.961968899 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:54.962007046 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.962217093 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:54.962232113 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.962363958 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:54.962506056 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.096518993 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.096616983 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.096724987 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.096786022 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.188700914 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.188760996 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.188854933 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.189209938 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.189218998 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.246519089 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.246545076 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.246560097 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.246635914 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.246671915 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.246723890 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.305567026 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.305655003 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.305669069 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.305712938 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.305763960 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.305788994 CEST443497212.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.305799961 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.305840015 CEST49721443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.310416937 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.310455084 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.310616016 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.310842991 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.310863018 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.477181911 CEST4968280192.168.2.17192.229.211.108
                                                                                                                    Sep 27, 2024 16:46:55.827589035 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.827805996 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.827836037 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.832498074 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832565069 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.832675934 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832789898 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.832798004 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832808971 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832861900 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.832873106 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832882881 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832892895 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832925081 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.832942963 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.832964897 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.832989931 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.833005905 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.833018064 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.833046913 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:55.833053112 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.833062887 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.833089113 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.833097935 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.833106995 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.833111048 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.838175058 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.838224888 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.838500023 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.839071035 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.839107990 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.839148045 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.938540936 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:46:55.938590050 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.938976049 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:46:55.939315081 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:46:55.939332008 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.957655907 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.957756996 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.958184958 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.958199978 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.958329916 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:55.958337069 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.987528086 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.987669945 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.990906954 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.990923882 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.991267920 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:55.991749048 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.992176056 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.992423058 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:55.992429972 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.054932117 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.055018902 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:46:56.172641039 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.172709942 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:56.172720909 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.172801971 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:56.172822952 CEST4434972220.189.173.23192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.172848940 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:56.172880888 CEST49722443192.168.2.1720.189.173.23
                                                                                                                    Sep 27, 2024 16:46:56.279365063 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.279413939 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.279432058 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.279436111 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.279452085 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.279478073 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.279541016 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.336469889 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.336535931 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.336550951 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.336566925 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.336621046 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.336642981 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.336656094 CEST443497232.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.336673975 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.336719990 CEST49723443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.338881016 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.338927031 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.339019060 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.339214087 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:56.339224100 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.511903048 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.511991024 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:46:56.515033960 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:46:56.515049934 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.515229940 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:46:56.515238047 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.515317917 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:56.515377998 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:46:57.006361961 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.006525993 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:57.006836891 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:57.006856918 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.007783890 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:57.007792950 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.071844101 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:57.071885109 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.071969986 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:57.073029995 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:57.073043108 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.296590090 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.296617031 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.296684980 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.296782017 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:57.296916962 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:46:57.864312887 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.864408970 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:57.866127968 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:57.866142035 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.866372108 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:57.871376991 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:57.919400930 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.219285965 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.219306946 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.219321966 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.219393969 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:58.219424963 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.219440937 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.219496012 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:58.219499111 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.219540119 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:58.222646952 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:58.222672939 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:58.222682953 CEST49726443192.168.2.174.175.87.197
                                                                                                                    Sep 27, 2024 16:46:58.222688913 CEST443497264.175.87.197192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.840195894 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.840229034 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.840337038 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:02.840354919 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.840428114 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:02.840497017 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.840545893 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:02.841419935 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.841466904 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:02.842247963 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.842334032 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:02.932625055 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.932692051 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:02.932708979 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.932718992 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:02.932775974 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:07.065076113 CEST49725443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:07.065131903 CEST443497252.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.066991091 CEST49724443192.168.2.17204.79.197.222
                                                                                                                    Sep 27, 2024 16:47:07.067025900 CEST44349724204.79.197.222192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.069590092 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:07.069643021 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.069741011 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:07.070255041 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:07.070281982 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.106096983 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:47:07.106264114 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:47:07.106292009 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:47:07.111033916 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.111113071 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.111124992 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.111206055 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.111248970 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.111258984 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.225471020 CEST44349691204.79.197.200192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.225554943 CEST49691443192.168.2.17204.79.197.200
                                                                                                                    Sep 27, 2024 16:47:07.696388960 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:07.696429014 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.696505070 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:07.697424889 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:07.697438955 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.709182024 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.709259033 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:07.709676027 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:07.709682941 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.709872961 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:07.709877968 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.874743938 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:07.874787092 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:07.874857903 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:07.909328938 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:07.909346104 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.025825977 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.025854111 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.025871038 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.025888920 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.025908947 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.025923014 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.025986910 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.025986910 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.026031971 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.030925989 CEST49728443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.030945063 CEST443497282.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.038285971 CEST49731443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.038324118 CEST443497312.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.038395882 CEST49731443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.038813114 CEST49731443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.038835049 CEST443497312.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.489406109 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.489563942 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:08.492692947 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:08.492710114 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.492961884 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.528877974 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.528992891 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.534054995 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:08.563997030 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.564028978 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.564311981 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.565732956 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.565732956 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.565767050 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.579406023 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.629523039 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.630026102 CEST4434973013.107.5.88192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.630181074 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:08.633306026 CEST49730443192.168.2.1713.107.5.88
                                                                                                                    Sep 27, 2024 16:47:08.677380085 CEST443497312.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.677573919 CEST49731443192.168.2.172.23.209.130
                                                                                                                    Sep 27, 2024 16:47:08.793245077 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.793268919 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.793302059 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.793353081 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.793359041 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.793406010 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.793932915 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.793987989 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.794091940 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.794126034 CEST4434972940.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.794203997 CEST49729443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.932071924 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.932122946 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:08.932216883 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.932477951 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:08.932491064 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.158910036 CEST6228753192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:47:09.163821936 CEST53622871.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.163911104 CEST6228753192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:47:09.163924932 CEST6228753192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:47:09.168766022 CEST53622871.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.600208998 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.600867033 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.600889921 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.601612091 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.601612091 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.601620913 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.601635933 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.607706070 CEST53622871.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.612876892 CEST6228753192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:47:09.618377924 CEST53622871.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.618448019 CEST6228753192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:47:09.758181095 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.758233070 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.758264065 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.758327961 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.758343935 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.758382082 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.758769035 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.758776903 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.758817911 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.758822918 CEST49732443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.758843899 CEST4434973240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.857155085 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.857202053 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.857284069 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.857491016 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:09.857503891 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:10.921499014 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:10.921531916 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:10.921833992 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:10.922250032 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:10.922266960 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.528991938 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.529582024 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.529613972 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.530335903 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.530340910 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.530389071 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.530397892 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.921186924 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.921212912 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.921257019 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.921287060 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.921303034 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.921318054 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.921333075 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.921370983 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.921787977 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.921801090 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:11.921834946 CEST62290443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:11.921842098 CEST4436229040.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.004678965 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:12.004757881 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.004834890 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:12.005402088 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:12.005431890 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.394741058 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.395092964 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:12.395123005 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.396243095 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.396336079 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:12.396744967 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:12.396831036 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.436305046 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:12.436321020 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.484309912 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:12.666687012 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.667265892 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:12.667325974 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.668067932 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:12.668082952 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:12.668106079 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:12.668118954 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.061388969 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.061414957 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.061455965 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.061495066 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:13.061532021 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.061544895 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:13.061548948 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.061590910 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:13.062740088 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:13.062763929 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.062772989 CEST62292443192.168.2.1740.126.29.5
                                                                                                                    Sep 27, 2024 16:47:13.062779903 CEST4436229240.126.29.5192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.287511110 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:13.287583113 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.287666082 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:13.290556908 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:13.290585995 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.934225082 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.934341908 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:13.983644962 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:13.983720064 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.984008074 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:13.984082937 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:13.986118078 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:13.986166000 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:14.267692089 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:14.267738104 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:14.267775059 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:14.267810106 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:14.267823935 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:14.267858982 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:14.268301964 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:14.268356085 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:14.268366098 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:14.268413067 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:14.270523071 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:14.270560026 CEST443622932.23.209.189192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:14.270572901 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:14.270606995 CEST62293443192.168.2.172.23.209.189
                                                                                                                    Sep 27, 2024 16:47:22.323863029 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:22.323931932 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:22.324049950 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:22.336189985 CEST62291443192.168.2.17142.250.186.36
                                                                                                                    Sep 27, 2024 16:47:22.336227894 CEST44362291142.250.186.36192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:27.869227886 CEST443497312.23.209.130192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:27.869298935 CEST49731443192.168.2.172.23.209.130

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Sep 27, 2024 16:46:06.092653990 CEST53604741.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:06.202960968 CEST53568961.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:06.948941946 CEST5069253192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:06.949573994 CEST5162553192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:06.978722095 CEST53516251.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:06.980609894 CEST53506921.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.191072941 CEST53595891.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.895706892 CEST6543253192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:07.895890951 CEST5982553192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:07.903587103 CEST53598251.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.904064894 CEST53654321.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:07.938334942 CEST53543951.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.053370953 CEST5091653192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:09.053644896 CEST4958653192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:09.061191082 CEST53509161.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:09.061247110 CEST53495861.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.856313944 CEST5245253192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:10.856457949 CEST5281453192.168.2.171.1.1.1
                                                                                                                    Sep 27, 2024 16:46:10.863976002 CEST53524521.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:10.864095926 CEST53528141.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:14.098925114 CEST53503761.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:24.122586012 CEST53538951.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:46:42.863368988 CEST53589711.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:05.375598907 CEST53544001.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:06.042366982 CEST53495431.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:09.158463955 CEST53510741.1.1.1192.168.2.17
                                                                                                                    Sep 27, 2024 16:47:25.318973064 CEST138138192.168.2.17192.168.2.255
                                                                                                                    Sep 27, 2024 16:48:10.982147932 CEST53559101.1.1.1192.168.2.17

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Sep 27, 2024 16:46:06.948941946 CEST192.168.2.171.1.1.10x3f3cStandard query (0)main.d3engbxc9elyir.amplifyapp.comA (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:06.949573994 CEST192.168.2.171.1.1.10x902fStandard query (0)main.d3engbxc9elyir.amplifyapp.com65IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:07.895706892 CEST192.168.2.171.1.1.10x14ecStandard query (0)pbs.twimg.comA (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:07.895890951 CEST192.168.2.171.1.1.10x6a86Standard query (0)pbs.twimg.com65IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:09.053370953 CEST192.168.2.171.1.1.10x9940Standard query (0)pbs.twimg.comA (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:09.053644896 CEST192.168.2.171.1.1.10x164dStandard query (0)pbs.twimg.com65IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:10.856313944 CEST192.168.2.171.1.1.10x29e4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:10.856457949 CEST192.168.2.171.1.1.10x71b9Standard query (0)www.google.com65IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Sep 27, 2024 16:46:06.980609894 CEST1.1.1.1192.168.2.170x3f3cNo error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.22A (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:06.980609894 CEST1.1.1.1192.168.2.170x3f3cNo error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.75A (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:06.980609894 CEST1.1.1.1192.168.2.170x3f3cNo error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.84A (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:06.980609894 CEST1.1.1.1192.168.2.170x3f3cNo error (0)main.d3engbxc9elyir.amplifyapp.com18.66.102.36A (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:07.903587103 CEST1.1.1.1192.168.2.170x6a86No error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:07.904064894 CEST1.1.1.1192.168.2.170x14ecNo error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:07.904064894 CEST1.1.1.1192.168.2.170x14ecNo error (0)dualstack.twimg.twitter.map.fastly.net199.232.188.159A (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:09.061191082 CEST1.1.1.1192.168.2.170x9940No error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:09.061191082 CEST1.1.1.1192.168.2.170x9940No error (0)dualstack.twimg.twitter.map.fastly.net199.232.188.159A (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:09.061247110 CEST1.1.1.1192.168.2.170x164dNo error (0)pbs.twimg.comdualstack.twimg.twitter.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:10.863976002 CEST1.1.1.1192.168.2.170x29e4No error (0)www.google.com142.250.186.36A (IP address)IN (0x0001)false
                                                                                                                    Sep 27, 2024 16:46:10.864095926 CEST1.1.1.1192.168.2.170x71b9No error (0)www.google.com65IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • main.d3engbxc9elyir.amplifyapp.com
                                                                                                                    • https:
                                                                                                                      • pbs.twimg.com
                                                                                                                      • r.bing.com
                                                                                                                      • browser.pipe.aria.microsoft.com
                                                                                                                      • fp.msedge.net
                                                                                                                    • slscr.update.microsoft.com
                                                                                                                    • fs.microsoft.com
                                                                                                                    • www.google.com
                                                                                                                    • evoke-windowsservices-tas.msedge.net
                                                                                                                    • login.live.com
                                                                                                                    • www.bing.com

                                                                                                                    HTTPS Proxied Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.174970118.66.102.224435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:07 UTC677OUTGET / HTTP/1.1
                                                                                                                    Host: main.d3engbxc9elyir.amplifyapp.com
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                    Sec-Fetch-User: ?1
                                                                                                                    Sec-Fetch-Dest: document
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-09-27 14:46:07 UTC564INHTTP/1.1 200 OK
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 4343
                                                                                                                    Connection: close
                                                                                                                    Date: Fri, 27 Sep 2024 09:42:54 GMT
                                                                                                                    Server: AmazonS3
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    ETag: "029912fa35a1fe0ffd93c74661b3f40c"
                                                                                                                    Last-Modified: Fri, 27 Sep 2024 09:39:59 GMT
                                                                                                                    Cache-Control: public, max-age=0, s-maxage=31536000
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    X-Cache: Hit from cloudfront
                                                                                                                    Via: 1.1 4a502b22092e94faddf9a5b056e273ae.cloudfront.net (CloudFront)
                                                                                                                    X-Amz-Cf-Pop: FRA56-P2
                                                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                                                    X-Amz-Cf-Id: GyTRwWBMrQy8YWukB-gWMpuNo-a42mD-IHCHLUpOPAnApsptZ7A-Pg==
                                                                                                                    Age: 18193
                                                                                                                    2024-09-27 14:46:07 UTC3198INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 63 75 72 69 74 79 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 21 2d 2d 20 53 65 63 75 72 69 74 79 20 48 65 61 64 65 72 73 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Security Check</title> ... Security Headers --> <meta name="robots" content="noindex, nofollo
                                                                                                                    2024-09-27 14:46:07 UTC1145INData Raw: 73 56 61 6c 69 64 45 6d 61 69 6c 28 65 6d 61 69 6c 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 65 6d 61 69 6c 50 61 74 74 65 72 6e 20 3d 20 2f 5e 5b 5e 5c 73 40 5d 2b 40 5b 5e 5c 73 40 5d 2b 5c 2e 5b 5e 5c 73 40 5d 2b 24 2f 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 72 65 74 75 72 6e 20 65 6d 61 69 6c 50 61 74 74 65 72 6e 2e 74 65 73 74 28 65 6d 61 69 6c 29 3b 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 73 75 62 6d 69 74 42 75 74 74 6f 6e 27 29 2e 6f 6e 63 6c 69 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6f 6e 73 74 20 65 6d 61 69 6c 46
                                                                                                                    Data Ascii: sValidEmail(email) { const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/; return emailPattern.test(email); } document.getElementById('submitButton').onclick = function() { const emailF


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.1749703199.232.188.1594435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:08 UTC634OUTGET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1
                                                                                                                    Host: pbs.twimg.com
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-09-27 14:46:08 UTC740INHTTP/1.1 200 OK
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 39755
                                                                                                                    perf: 7402827104
                                                                                                                    cache-tag: media,media/bucket/3,media/1759449449804234752
                                                                                                                    content-type: image/jpeg
                                                                                                                    cache-control: max-age=604800, must-revalidate
                                                                                                                    last-modified: Mon, 19 Feb 2024 05:24:52 GMT
                                                                                                                    x-transaction-id: f067b583c6195c32
                                                                                                                    timing-allow-origin: https://twitter.com, https://mobile.twitter.com
                                                                                                                    strict-transport-security: max-age=631138519
                                                                                                                    access-control-allow-origin: *
                                                                                                                    access-control-expose-headers: Content-Length
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:08 GMT
                                                                                                                    X-Cache: HIT, HIT
                                                                                                                    x-tw-cdn: FT
                                                                                                                    x-served-by: cache-lhr-egll1980036-LHR, cache-muc13956-MUC, cache-tw-ZZZ1
                                                                                                                    Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 02 76 07 30 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 05 06 07 01 04 03 02 08 ff c4 00 1b 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 03 06 02 04 05 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d9 40 00 00 00
                                                                                                                    Data Ascii: JFIFC!"$"$Cv0"@
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 2c 39 d2 7f 38 0e f0 3b ce f0 3a 39 d0 38 3b c0 eb 83 bc e8 e1 d3 8e f0 e9 c1 de 07 41 ce f0 03 a0 71 d3 80 eb 80 74 e1 d3 9d e7 47 00 ef 0e 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 1b 25 1b 24 79 c1 cb 25 6f a0 00 04 ec 14 ec 13 5b 2b 96 3a ef ce 6e dc 1c bd a0 00 02 5e 6e 12 6e d3 c9 3a e8 6b f1 d1 cf c7 e3 2a 2f 1e 1a 17 b0 bd 4f e3 97 d2 de e8 e3 bc 3b c0 3a 1c 74 e7 79 d3 8e 80 39 d0 e7 43 8e f0 3b c2 13 c9 53 8a 36 73 cc 7a 7b 48 b4 9e de 87 3a 1c 74 73 bc e9 c7 78 77 9d 1c 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii: ,98;:98;AqtG%$y%o[+:n^nn:k*/O;:ty9C;S6sz{H:tsxwt
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 00 00 00 00 67 f5 6b 4d 58 d7 72 6d 97 05 36 ea 35 ce 00 f0 5e 32 ab 89 0a 83 d5 8f 16 41 b0 51 08 bd 52 af 7b 00 ae d7 7f 36 e2 81 a6 66 36 22 ee 08 7c e3 5f fe 70 34 fa ae b9 4d 24 2a 7f 3d 80 cb f5 0f e7 4f e8 52 0a bb 41 fe 83 32 9b df 70 b3 76 ce 35 ff 00 e7 03 4f aa eb 94 d2 42 a7 f3 d8 0c bf 50 fe 74 fe 81 20 60 69 da 11 5c d3 f0 5d 28 85 fb f8 a4 ca e5 d6 77 1c 36 0f e7 df e9 cf e7 13 51 be 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 e7 9e ad 68 86 35 ac 17 7a c2 0d 96 02 4e b4 42 eb 59 0d dc a2 56 f7 ea 71 65 a1 f3 f6 4b 5e e8 17 73 d0 0a f5 4e 9d b1 99 cd 9a bd 3c 5f 80 fe 73 fe 8c fe 73 3f
                                                                                                                    Data Ascii: gkMXrm65^2AQR{6f6"|_p4M$*=ORA2pv5OBPt `i\](w6Q(h5zNBYVqeK^sN<_ss?
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f ff c4 00 35 10 00 02 02 01 02 04 05 03 03 03 04 02 03 00 00 00 04 05 02 03 01 00 06 14 15 34 35 10 11 12 13 30 20 33 70 21 32 36 16 31 40 22 24 25 60 50 80 90 a0 c0 ff da 00 08 01 01 00 01 05 02 ff 00 dd 3b ac 8d 35 73 60 b5 cd 82
                                                                                                                    Data Ascii: 5450 3p!261@"$%`P;5s`
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 87 3e 78 45 7e 87 47 44 33 ab 52 55 65 ab 96 c0 3b 7c 4c 52 2d f9 92 1b 75 14 36 e8 45 22 d1 9d 67 1e 78 bd 15 59 d6 51 5f aa 50 fe a2 8d 48 d0 f0 2d 38 d7 66 48 6e d4 10 d9 e6 1a b1 47 cf 83 15 b0 32 ea 92 55 5d 9e 06 89 49 75 d8 86 cf 3a 90 cf ce b8 fa 2b fc 30 65 59 bc 6e 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e 96 ad 98 a4 9b 4e 6f a3 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 a5 e2 48 69 7e 50 22 cc 53 4f 37 ab 5c e2 ad 73 7a b5 cd ea d7 37 ab 5c de ad 73 8a b5 cd ea d7 37 ab 42 30 81 37 5d 66 2a 87 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 51 7e 2e cf e5 06 7d 07 c2 8f ae 3f a7 f8 56 fe ef aa 72 8c 23 73 91 21 9e 7d 56 ab 76 2c b4 3d f5 11 0f f2 18 b2 a8 3c 84 e2 ab
                                                                                                                    Data Ascii: >xE~GD3RUe;|LR-u6E"gxYQ_PH-8fHnG2U]Iu:+0eYnIn%[In%[InNoYUfUVkYUfUVkYHi~P"SO7\sz7\s7B07]f*qqqqQ~.}?Vr#s!}Vv,=<
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 95 6e 5e 67 92 36 f4 dd 44 25 99 33 22 78 3c 6b 52 ca 40 cb d6 74 16 c9 ca 72 c2 22 b2 c5 f0 66 c2 95 f0 27 74 93 6d a7 bf b6 76 c9 fb 91 6f fe a0 0f 0b 0b 72 f6 51 45 b8 ee b8 ad 3a 6e 3a c8 0d 76 e3 61 59 2d 9d ab bd 43 31 d9 52 cd 85 2b e0 4e e9 26 db 4f 7f 6c ed 93 f7 22 df fd 40 1e 16 16 e5 ec a2 8b 71 dd 71 5a 74 e2 b0 33 64 b7 54 e0 06 e6 22 ab e5 74 38 66 3b 9c 88 48 5d c5 98 2b 31 c3 fa b3 b6 dc e5 8e 1c 48 fc 08 44 6d 89 34 d9 b9 fd ef c6 3b eb b5 ec 7e ef ad d9 df d5 76 bd e3 d8 f6 27 59 bb 71 3c a2 da 6d e9 0e 37 c2 a2 c4 4a 35 82 2c df da d8 fd a3 c7 75 28 30 e2 92 8b 30 d5 ef 8b e8 b7 3b 2a 5e a4 de 2d e3 88 b6 04 4a 02 1f 7c 53 19 2e d9 02 d1 79 1a 6b 0c 0a e2 eb 23 55 02 fa 9a bd c7 e9 a7 41 e0 e5 aa 0b 98 2c 34 de 38 8b 60 44 a0 21 f7 c5
                                                                                                                    Data Ascii: n^g6D%3"x<kR@tr"f'tmvorQE:n:vaY-C1R+N&Ol"@qqZt3dT"t8f;H]+1HDm4;~v'Yq<m7J5,u(00;*^-J|S.yk#UA,48`D!
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 9f 16 dd b4 41 b4 57 57 60 d1 58 fb ed cf 63 c2 b0 62 f7 01 b0 93 7e 1d 56 5e 95 4e 2a b2 16 d5 ff 00 71 62 1d 67 6e e8 ed 75 d8 96 e8 ae 14 ed c7 1e ee 66 7d 0f 6c 0e eb a2 02 07 10 77 95 78 a4 62 36 a5 b8 7c b8 67 b7 e0 b0 8a a5 fc c5 db 34 e6 85 3b 82 91 88 5f 6e 1f 2e 19 f1 15 95 b5 5f 17 01 c1 71 07 79 56 77 f0 75 f0 8e 14 57 99 7f 47 03 ed f0 1b 2f d3 ec b6 ed 5b 47 d1 c8 97 e2 39 de 21 93 c9 f5 b5 85 e1 93 eb 76 0f ef a6 cf fc e9 81 dd cc a6 da 38 96 ec de bd 99 bf 75 af f9 b2 58 b3 99 d7 8a c2 6d f4 ce cc 2c dc a3 53 c0 d4 ab d5 70 5b 72 0e 32 b1 58 a4 c3 71 68 42 8f 38 85 b1 22 1b b9 14 71 fd 46 db 05 4b 77 38 19 c5 c1 01 1c c0 1d d7 fa b1 63 91 70 13 6c 0f 36 3b bb b0 b7 f7 65 23 e8 7b 60 65 d5 ed d2 c7 22 e0 27 f8 f5 93 b6 b3 cb 9a 5f fc d9 6c
                                                                                                                    Data Ascii: AWW`Xcb~V^N*qbgnuf}lwxb6|g4;_n._qyVwuWG/[G9!v8uXm,Sp[r2XqhB8"qFKw8cpl6;e#{`e"'_l
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: fd 7f 9a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 33 f4 6c 8c c5 f9 1c c5 f9 1c c5 f9 1c c5 f9 1c c2 cf 69 34 99 91 08 83 92 ab 2b 69 82 18 5b c6 43 0b 78 c8 61 6f 19 0c 2d e3 20 e2 93 49 22 4c b5 fb fe 9f 3f ff c4 00 4f 10 00 01 02 03 03 07 06 0c 03 05 05 06 07 00 00 00 01 02 03 00 04 11 12 21 31 05 10 13 22 32 41 71 33 42 51 61 72 91 14 20 23 30 52 70 73 81 82 a1 b1 c1 62 92 d1 15 34 40 43 f0 63 83 b2 c2 e1 24 50 60 74 a2 f1 53 80 90 a0 a3 c0 d2 ff da 00 08 01 01 00 06 3f 02 ff 00 ce 99 71 7b 23 18 e5 15 f9 63 94 57 e5 8e 51 5f 96 39 43 f9 63 94 57 e5 8e 51 5f 96 39 45 7e 58 e5 0f e5 8e 51 5f 96 34 6d 28 95 70 8b 6b 34 11 b6
                                                                                                                    Data Ascii: IXgZIXgZIXgZIXgZ3li4+i[Cxao- I"L?O!1"2Aq3BQar #0Rpsb4@Cc$P`tS?q{#cWQ_9CcWQ_9E~XQ_4m(pk4
                                                                                                                    2024-09-27 14:46:08 UTC1379INData Raw: 43 dd b3 0b ec 67 33 4c 8a fa 63 ef 9a c8 72 d0 fc 57 c5 2d 25 1d 91 15 30 26 9e 14 03 60 42 fb 26 3c 8b 85 3d 51 7a 1a 3e e8 1a 52 28 30 02 12 d2 07 13 d1 01 23 00 29 06 69 a1 54 1d a1 d1 9a cd b0 b1 f8 84 59 b6 10 3f 08 cd e1 4f 0a 1e 60 fb e6 47 62 1a ed 8c ee 5d 72 8d a1 01 c6 d5 65 42 2c da 40 eb 09 86 c9 bc 94 8f 53 2f 70 f3 5f 09 83 c4 79 a7 38 78 ca 64 aa c8 3b e3 97 5f 74 21 a0 6b 64 53 32 da 56 0a 14 8e 5d 7d d0 12 9c 00 a6 6d 12 94 53 7d 6e 8e 5d 7d d0 86 41 a8 4e f8 0d a9 65 34 35 ba 39 75 f7 42 51 e8 8a 66 f2 a8 bf d2 18 c7 92 7c 53 f1 08 bd e6 e2 af 2c b9 d5 80 cc a5 e9 d7 ac 6b 84 17 12 e2 95 51 4b c7 89 68 55 a5 74 a6 35 5f 41 e2 23 59 f4 0e 02 2d 2a ae ab f1 66 20 ef 8a b2 f2 93 d4 6f 8e 59 b8 f2 cf fe 51 16 19 45 9f be 7b 48 ab 4a ea c2
                                                                                                                    Data Ascii: Cg3LcrW-%0&`B&<=Qz>R(0#)iTY?O`Gb]reB,@S/p_y8xd;_t!kdS2V]}mS}n]}ANe459uBQf|S,kQKhUt5_A#Y-*f oYQE{HJ


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.174970218.66.102.224435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:09 UTC624OUTGET /favicon.ico HTTP/1.1
                                                                                                                    Host: main.d3engbxc9elyir.amplifyapp.com
                                                                                                                    Connection: keep-alive
                                                                                                                    sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                    Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: image
                                                                                                                    Referer: https://main.d3engbxc9elyir.amplifyapp.com/
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-09-27 14:46:09 UTC508INHTTP/1.1 404 Not Found
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 4343
                                                                                                                    Connection: close
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:09 GMT
                                                                                                                    Server: AmazonS3
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    ETag: "029912fa35a1fe0ffd93c74661b3f40c"
                                                                                                                    Last-Modified: Fri, 27 Sep 2024 09:39:59 GMT
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    X-Cache: Error from cloudfront
                                                                                                                    Via: 1.1 80a51c83bb9479e2a3aa1ea59b366458.cloudfront.net (CloudFront)
                                                                                                                    X-Amz-Cf-Pop: FRA56-P2
                                                                                                                    Alt-Svc: h3=":443"; ma=86400
                                                                                                                    X-Amz-Cf-Id: 34-FoivZFMMgRTPbqAamY5-f2Ocp4SY-bwxQUD7L77aWjwGu-8X4SA==
                                                                                                                    2024-09-27 14:46:09 UTC4343INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 53 65 63 75 72 69 74 79 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 21 2d 2d 20 53 65 63 75 72 69 74 79 20 48 65 61 64 65 72 73 20 2d 2d 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f
                                                                                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Security Check</title> ... Security Headers --> <meta name="robots" content="noindex, nofollo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.1749706199.232.188.1594435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:09 UTC380OUTGET /media/GGrR89_WgAAgrOI?format=jpg&name=large HTTP/1.1
                                                                                                                    Host: pbs.twimg.com
                                                                                                                    Connection: keep-alive
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept: */*
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-09-27 14:46:10 UTC740INHTTP/1.1 200 OK
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 39755
                                                                                                                    perf: 7402827104
                                                                                                                    cache-tag: media,media/bucket/3,media/1759449449804234752
                                                                                                                    content-type: image/jpeg
                                                                                                                    cache-control: max-age=604800, must-revalidate
                                                                                                                    last-modified: Mon, 19 Feb 2024 05:24:52 GMT
                                                                                                                    x-transaction-id: f067b583c6195c32
                                                                                                                    timing-allow-origin: https://twitter.com, https://mobile.twitter.com
                                                                                                                    strict-transport-security: max-age=631138519
                                                                                                                    access-control-allow-origin: *
                                                                                                                    access-control-expose-headers: Content-Length
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:09 GMT
                                                                                                                    X-Cache: HIT, HIT
                                                                                                                    x-tw-cdn: FT
                                                                                                                    x-served-by: cache-lhr-egll1980036-LHR, cache-muc13924-MUC, cache-tw-ZZZ1
                                                                                                                    Server-Timing: x-cache;desc=HIT, x-tw-cdn;desc=FT
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff db 00 43 00 05 03 04 04 04 03 05 04 04 04 05 05 05 06 07 0c 08 07 07 07 07 0f 0b 0b 09 0c 11 0f 12 12 11 0f 11 11 13 16 1c 17 13 14 1a 15 11 11 18 21 18 1a 1d 1d 1f 1f 1f 13 17 22 24 22 1e 24 1c 1e 1f 1e ff db 00 43 01 05 05 05 07 06 07 0e 08 08 0e 1e 14 11 14 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e 1e ff c2 00 11 08 02 76 07 30 03 01 22 00 02 11 01 03 11 01 ff c4 00 1c 00 01 00 03 01 01 01 01 01 00 00 00 00 00 00 00 00 00 05 06 07 01 04 03 02 08 ff c4 00 1b 01 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 03 06 02 04 05 01 07 ff da 00 0c 03 01 00 02 10 03 10 00 00 01 d9 40 00 00 00
                                                                                                                    Data Ascii: JFIFC!"$"$Cv0"@
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 2c 39 d2 7f 38 0e f0 3b ce f0 3a 39 d0 38 3b c0 eb 83 bc e8 e1 d3 8e f0 e9 c1 de 07 41 ce f0 03 a0 71 d3 80 eb 80 74 e1 d3 9d e7 47 00 ef 0e 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 1b 25 1b 24 79 c1 cb 25 6f a0 00 04 ec 14 ec 13 5b 2b 96 3a ef ce 6e dc 1c bd a0 00 02 5e 6e 12 6e d3 c9 3a e8 6b f1 d1 cf c7 e3 2a 2f 1e 1a 17 b0 bd 4f e3 97 d2 de e8 e3 bc 3b c0 3a 1c 74 e7 79 d3 8e 80 39 d0 e7 43 8e f0 3b c2 13 c9 53 8a 36 73 cc 7a 7b 48 b4 9e de 87 3a 1c 74 73 bc e9 c7 78 77 9d 1c 74 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii: ,98;:98;AqtG%$y%o[+:n^nn:k*/O;:ty9C;S6sz{H:tsxwt
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                    Data Ascii:
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 00 00 00 00 67 f5 6b 4d 58 d7 72 6d 97 05 36 ea 35 ce 00 f0 5e 32 ab 89 0a 83 d5 8f 16 41 b0 51 08 bd 52 af 7b 00 ae d7 7f 36 e2 81 a6 66 36 22 ee 08 7c e3 5f fe 70 34 fa ae b9 4d 24 2a 7f 3d 80 cb f5 0f e7 4f e8 52 0a bb 41 fe 83 32 9b df 70 b3 76 ce 35 ff 00 e7 03 4f aa eb 94 d2 42 a7 f3 d8 0c bf 50 fe 74 fe 81 20 60 69 da 11 5c d3 f0 5d 28 85 fb f8 a4 ca e5 d6 77 1c 36 0f e7 df e9 cf e7 13 51 be 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 e7 9e ad 68 86 35 ac 17 7a c2 0d 96 02 4e b4 42 eb 59 0d dc a2 56 f7 ea 71 65 a1 f3 f6 4b 5e e8 17 73 d0 0a f5 4e 9d b1 99 cd 9a bd 3c 5f 80 fe 73 fe 8c fe 73 3f
                                                                                                                    Data Ascii: gkMXrm65^2AQR{6f6"|_p4M$*=ORA2pv5OBPt `i\](w6Q(h5zNBYVqeK^sN<_ss?
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1f ff c4 00 35 10 00 02 02 01 02 04 05 03 03 03 04 02 03 00 00 00 04 05 02 03 01 00 06 14 15 34 35 10 11 12 13 30 20 33 70 21 32 36 16 31 40 22 24 25 60 50 80 90 a0 c0 ff da 00 08 01 01 00 01 05 02 ff 00 dd 3b ac 8d 35 73 60 b5 cd 82
                                                                                                                    Data Ascii: 5450 3p!261@"$%`P;5s`
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 87 3e 78 45 7e 87 47 44 33 ab 52 55 65 ab 96 c0 3b 7c 4c 52 2d f9 92 1b 75 14 36 e8 45 22 d1 9d 67 1e 78 bd 15 59 d6 51 5f aa 50 fe a2 8d 48 d0 f0 2d 38 d7 66 48 6e d4 10 d9 e6 1a b1 47 cf 83 15 b0 32 ea 92 55 5d 9e 06 89 49 75 d8 86 cf 3a 90 cf ce b8 fa 2b fc 30 65 59 bc 6e 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e b9 25 ba e4 96 eb 92 5b ae 49 6e 96 ad 98 a4 9b 4e 6f a3 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 ae 55 66 b9 55 9a e5 56 6b 95 59 a5 e2 48 69 7e 50 22 cc 53 4f 37 ab 5c e2 ad 73 7a b5 cd ea d7 37 ab 5c de ad 73 8a b5 cd ea d7 37 ab 42 30 81 37 5d 66 2a 87 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 71 b0 d7 1b 0d 51 7e 2e cf e5 06 7d 07 c2 8f ae 3f a7 f8 56 fe ef aa 72 8c 23 73 91 21 9e 7d 56 ab 76 2c b4 3d f5 11 0f f2 18 b2 a8 3c 84 e2 ab
                                                                                                                    Data Ascii: >xE~GD3RUe;|LR-u6E"gxYQ_PH-8fHnG2U]Iu:+0eYnIn%[In%[InNoYUfUVkYUfUVkYHi~P"SO7\sz7\s7B07]f*qqqqQ~.}?Vr#s!}Vv,=<
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 95 6e 5e 67 92 36 f4 dd 44 25 99 33 22 78 3c 6b 52 ca 40 cb d6 74 16 c9 ca 72 c2 22 b2 c5 f0 66 c2 95 f0 27 74 93 6d a7 bf b6 76 c9 fb 91 6f fe a0 0f 0b 0b 72 f6 51 45 b8 ee b8 ad 3a 6e 3a c8 0d 76 e3 61 59 2d 9d ab bd 43 31 d9 52 cd 85 2b e0 4e e9 26 db 4f 7f 6c ed 93 f7 22 df fd 40 1e 16 16 e5 ec a2 8b 71 dd 71 5a 74 e2 b0 33 64 b7 54 e0 06 e6 22 ab e5 74 38 66 3b 9c 88 48 5d c5 98 2b 31 c3 fa b3 b6 dc e5 8e 1c 48 fc 08 44 6d 89 34 d9 b9 fd ef c6 3b eb b5 ec 7e ef ad d9 df d5 76 bd e3 d8 f6 27 59 bb 71 3c a2 da 6d e9 0e 37 c2 a2 c4 4a 35 82 2c df da d8 fd a3 c7 75 28 30 e2 92 8b 30 d5 ef 8b e8 b7 3b 2a 5e a4 de 2d e3 88 b6 04 4a 02 1f 7c 53 19 2e d9 02 d1 79 1a 6b 0c 0a e2 eb 23 55 02 fa 9a bd c7 e9 a7 41 e0 e5 aa 0b 98 2c 34 de 38 8b 60 44 a0 21 f7 c5
                                                                                                                    Data Ascii: n^g6D%3"x<kR@tr"f'tmvorQE:n:vaY-C1R+N&Ol"@qqZt3dT"t8f;H]+1HDm4;~v'Yq<m7J5,u(00;*^-J|S.yk#UA,48`D!
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 9f 16 dd b4 41 b4 57 57 60 d1 58 fb ed cf 63 c2 b0 62 f7 01 b0 93 7e 1d 56 5e 95 4e 2a b2 16 d5 ff 00 71 62 1d 67 6e e8 ed 75 d8 96 e8 ae 14 ed c7 1e ee 66 7d 0f 6c 0e eb a2 02 07 10 77 95 78 a4 62 36 a5 b8 7c b8 67 b7 e0 b0 8a a5 fc c5 db 34 e6 85 3b 82 91 88 5f 6e 1f 2e 19 f1 15 95 b5 5f 17 01 c1 71 07 79 56 77 f0 75 f0 8e 14 57 99 7f 47 03 ed f0 1b 2f d3 ec b6 ed 5b 47 d1 c8 97 e2 39 de 21 93 c9 f5 b5 85 e1 93 eb 76 0f ef a6 cf fc e9 81 dd cc a6 da 38 96 ec de bd 99 bf 75 af f9 b2 58 b3 99 d7 8a c2 6d f4 ce cc 2c dc a3 53 c0 d4 ab d5 70 5b 72 0e 32 b1 58 a4 c3 71 68 42 8f 38 85 b1 22 1b b9 14 71 fd 46 db 05 4b 77 38 19 c5 c1 01 1c c0 1d d7 fa b1 63 91 70 13 6c 0f 36 3b bb b0 b7 f7 65 23 e8 7b 60 65 d5 ed d2 c7 22 e0 27 f8 f5 93 b6 b3 cb 9a 5f fc d9 6c
                                                                                                                    Data Ascii: AWW`Xcb~V^N*qbgnuf}lwxb6|g4;_n._qyVwuWG/[G9!v8uXm,Sp[r2XqhB8"qFKw8cpl6;e#{`e"'_l
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: fd 7f 9a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 1a 8c ca f1 49 a1 16 af da 58 67 0c 5a a1 33 f4 6c 8c c5 f9 1c c5 f9 1c c5 f9 1c c5 f9 1c c2 cf 69 34 99 91 08 83 92 ab 2b 69 82 18 5b c6 43 0b 78 c8 61 6f 19 0c 2d e3 20 e2 93 49 22 4c b5 fb fe 9f 3f ff c4 00 4f 10 00 01 02 03 03 07 06 0c 03 05 05 06 07 00 00 00 01 02 03 00 04 11 12 21 31 05 10 13 22 32 41 71 33 42 51 61 72 91 14 20 23 30 52 70 73 81 82 a1 b1 c1 62 92 d1 15 34 40 43 f0 63 83 b2 c2 e1 24 50 60 74 a2 f1 53 80 90 a0 a3 c0 d2 ff da 00 08 01 01 00 06 3f 02 ff 00 ce 99 71 7b 23 18 e5 15 f9 63 94 57 e5 8e 51 5f 96 39 43 f9 63 94 57 e5 8e 51 5f 96 39 45 7e 58 e5 0f e5 8e 51 5f 96 34 6d 28 95 70 8b 6b 34 11 b6
                                                                                                                    Data Ascii: IXgZIXgZIXgZIXgZ3li4+i[Cxao- I"L?O!1"2Aq3BQar #0Rpsb4@Cc$P`tS?q{#cWQ_9CcWQ_9E~XQ_4m(pk4
                                                                                                                    2024-09-27 14:46:10 UTC1379INData Raw: 43 dd b3 0b ec 67 33 4c 8a fa 63 ef 9a c8 72 d0 fc 57 c5 2d 25 1d 91 15 30 26 9e 14 03 60 42 fb 26 3c 8b 85 3d 51 7a 1a 3e e8 1a 52 28 30 02 12 d2 07 13 d1 01 23 00 29 06 69 a1 54 1d a1 d1 9a cd b0 b1 f8 84 59 b6 10 3f 08 cd e1 4f 0a 1e 60 fb e6 47 62 1a ed 8c ee 5d 72 8d a1 01 c6 d5 65 42 2c da 40 eb 09 86 c9 bc 94 8f 53 2f 70 f3 5f 09 83 c4 79 a7 38 78 ca 64 aa c8 3b e3 97 5f 74 21 a0 6b 64 53 32 da 56 0a 14 8e 5d 7d d0 12 9c 00 a6 6d 12 94 53 7d 6e 8e 5d 7d d0 86 41 a8 4e f8 0d a9 65 34 35 ba 39 75 f7 42 51 e8 8a 66 f2 a8 bf d2 18 c7 92 7c 53 f1 08 bd e6 e2 af 2c b9 d5 80 cc a5 e9 d7 ac 6b 84 17 12 e2 95 51 4b c7 89 68 55 a5 74 a6 35 5f 41 e2 23 59 f4 0e 02 2d 2a ae ab f1 66 20 ef 8a b2 f2 93 d4 6f 8e 59 b8 f2 cf fe 51 16 19 45 9f be 7b 48 ab 4a ea c2
                                                                                                                    Data Ascii: Cg3LcrW-%0&`B&<=Qz>R(0#)iTY?O`Gb]reB,@S/p_y8xd;_t!kdS2V]}mS}n]}ANe459uBQf|S,kQKhUt5_A#Y-*f oYQE{HJ


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.17497114.175.87.197443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:20 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7w4lCmcLnSAMp5&MD=MGKTDmtu HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                    2024-09-27 14:46:20 UTC560INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    Expires: -1
                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                    ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                    MS-CorrelationId: 38f9be95-50eb-4dd1-97af-d44e537bc022
                                                                                                                    MS-RequestId: 40c7fc60-58ea-46ee-ae92-aa8715c41525
                                                                                                                    MS-CV: 3dPldOizIUSKiTrv.0
                                                                                                                    X-Microsoft-SLSClientCache: 2880
                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:19 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 24490
                                                                                                                    2024-09-27 14:46:20 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                    Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                    2024-09-27 14:46:20 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                    Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.1749716184.28.90.27443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:28 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: identity
                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                    Host: fs.microsoft.com
                                                                                                                    2024-09-27 14:46:28 UTC466INHTTP/1.1 200 OK
                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                    Server: ECAcc (lpl/EF06)
                                                                                                                    X-CID: 11
                                                                                                                    X-Ms-ApiVersion: Distribute 1.2
                                                                                                                    X-Ms-Region: prod-weu-z1
                                                                                                                    Cache-Control: public, max-age=25936
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:28 GMT
                                                                                                                    Connection: close
                                                                                                                    X-CID: 2


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.1749717184.28.90.27443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:29 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    Accept-Encoding: identity
                                                                                                                    If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                    Range: bytes=0-2147483646
                                                                                                                    User-Agent: Microsoft BITS/7.8
                                                                                                                    Host: fs.microsoft.com
                                                                                                                    2024-09-27 14:46:29 UTC514INHTTP/1.1 200 OK
                                                                                                                    ApiVersion: Distribute 1.1
                                                                                                                    Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                    Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                    Server: ECAcc (lpl/EF06)
                                                                                                                    X-CID: 11
                                                                                                                    X-Ms-ApiVersion: Distribute 1.2
                                                                                                                    X-Ms-Region: prod-weu-z1
                                                                                                                    Cache-Control: public, max-age=25965
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:29 GMT
                                                                                                                    Content-Length: 55
                                                                                                                    Connection: close
                                                                                                                    X-CID: 2
                                                                                                                    2024-09-27 14:46:29 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                    Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.1749718142.250.186.364435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:30 UTC613OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUX
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-09-27 14:46:31 UTC1266INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:31 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: -1
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-daUgTG_03_ijNGo0XsWPWg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                    Permissions-Policy: unload=()
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: gws
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-09-27 14:46:31 UTC124INData Raw: 63 34 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6e 76 69 64 69 61 20 72 74 78 20 35 30 39 30 22 2c 22 70 6f 72 74 20 73 74 72 69 6b 65 73 22 2c 22 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22 2c 22 63 68 69 6e 61 20 62 61 6c 6c 69 73 74 69 63 20 6d 69 73 73 69 6c 65 73 22 2c 22 73 68 65 6c 62 79 20 64 61 6e 69 65 6c 65 20 63 61 6c 20 70 6f 6c 79 22
                                                                                                                    Data Ascii: c44)]}'["",["nvidia rtx 5090","port strikes","daily horoscope today","china ballistic missiles","shelby daniele cal poly"
                                                                                                                    2024-09-27 14:46:31 UTC1390INData Raw: 2c 22 6b 65 6e 74 75 63 6b 79 20 73 63 68 6f 6f 6c 20 63 6c 6f 73 69 6e 67 73 22 2c 22 6f 63 65 61 6e 67 61 74 65 20 74 69 74 61 6e 20 73 75 62 6d 65 72 73 69 62 6c 65 22 2c 22 75 62 69 73 6f 66 74 20 61 73 73 61 73 73 69 6e 20 63 72 65 65 64 20 73 68 61 64 6f 77 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 64 65 74 61 69 6c 22 3a
                                                                                                                    Data Ascii: ,"kentucky school closings","oceangate titan submersible","ubisoft assassin creed shadows"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":
                                                                                                                    2024-09-27 14:46:31 UTC1390INData Raw: 48 4a 42 4f 46 52 30 59 6e 46 54 59 7a 46 70 5a 48 4e 72 65 47 52 76 62 32 52 4a 62 48 6c 6c 65 46 42 6f 61 44 68 75 53 55 64 73 4d 56 45 72 59 56 42 47 56 56 64 78 55 56 45 31 63 6c 64 52 52 45 35 52 63 58 70 72 4e 44 45 30 4e 32 35 6c 53 54 46 77 4d 30 64 6f 55 46 52 72 65 57 31 74 52 58 6c 44 54 48 4a 6e 51 57 39 58 59 6c 42 78 64 6e 64 70 57 46 52 6a 5a 58 4e 69 61 56 49 34 62 58 49 79 64 44 55 34 59 31 51 7a 62 30 70 4c 57 46 68 78 54 6d 5a 69 5a 6e 52 4a 64 54 68 6a 52 31 4e 4d 5a 54 64 33 52 30 6c 47 63 31 67 34 65 54 42 35 55 45 77 35 52 45 56 33 54 44 56 59 56 45 78 74 62 30 51 76 4b 31 4d 31 5a 56 4d 33 61 45 70 79 61 45 78 5a 63 56 56 6d 53 6d 4a 7a 51 58 52 69 54 7a 55 72 64 57 64 30 53 47 4e 4f 4f 55 4e 79 4e 53 74 7a 56 44 4e 32 61 6d 4a 6f
                                                                                                                    Data Ascii: HJBOFR0YnFTYzFpZHNreGRvb2RJbHlleFBoaDhuSUdsMVErYVBGVVdxUVE1cldRRE5RcXprNDE0N25lSTFwM0doUFRreW1tRXlDTHJnQW9XYlBxdndpWFRjZXNiaVI4bXIydDU4Y1Qzb0pLWFhxTmZiZnRJdThjR1NMZTd3R0lGc1g4eTB5UEw5REV3TDVYVExtb0QvK1M1ZVM3aEpyaExZcVVmSmJzQXRiTzUrdWd0SGNOOUNyNStzVDN2amJo
                                                                                                                    2024-09-27 14:46:31 UTC243INData Raw: 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 5d 7d 5d 0d 0a
                                                                                                                    Data Ascii: 55,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","ENTITY"]}]
                                                                                                                    2024-09-27 14:46:31 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.1749719142.250.186.364435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:45 UTC613OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUX
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                                                    2024-09-27 14:46:46 UTC1266INHTTP/1.1 200 OK
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:45 GMT
                                                                                                                    Pragma: no-cache
                                                                                                                    Expires: -1
                                                                                                                    Cache-Control: no-cache, must-revalidate
                                                                                                                    Content-Type: text/javascript; charset=UTF-8
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-rt1j6cKRRTSPoK-3gsVd9Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                    Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                    Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                    Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                    Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                    Accept-CH: Sec-CH-UA-Platform
                                                                                                                    Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                    Accept-CH: Sec-CH-UA-Arch
                                                                                                                    Accept-CH: Sec-CH-UA-Model
                                                                                                                    Accept-CH: Sec-CH-UA-Bitness
                                                                                                                    Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                    Accept-CH: Sec-CH-UA-WoW64
                                                                                                                    Permissions-Policy: unload=()
                                                                                                                    Content-Disposition: attachment; filename="f.txt"
                                                                                                                    Server: gws
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    X-Frame-Options: SAMEORIGIN
                                                                                                                    Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                    Accept-Ranges: none
                                                                                                                    Vary: Accept-Encoding
                                                                                                                    Connection: close
                                                                                                                    Transfer-Encoding: chunked
                                                                                                                    2024-09-27 14:46:46 UTC124INData Raw: 65 38 61 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 77 69 74 63 68 20 73 74 72 65 61 6d 65 72 20 6d 6f 6f 6e 6d 6f 6f 6e 22 2c 22 73 65 61 74 74 6c 65 20 6d 61 72 69 6e 65 72 73 20 70 6c 61 79 6f 66 66 73 22 2c 22 70 6f 6b 65 6d 6f 6e 20 73 77 6f 72 64 20 70 61 74 68 20 73 68 69 65 6c 64 20 70 61 74 68 22 2c 22 6e 61 74 69 6f 6e 61 6c 20 63 6f 66 66 65 65 20 64 61 79 20
                                                                                                                    Data Ascii: e8a)]}'["",["twitch streamer moonmoon","seattle mariners playoffs","pokemon sword path shield path","national coffee day
                                                                                                                    2024-09-27 14:46:46 UTC1390INData Raw: 64 65 61 6c 73 22 2c 22 6f 72 69 6f 6e 20 61 75 67 6d 65 6e 74 65 64 20 72 65 61 6c 69 74 79 20 67 6c 61 73 73 65 73 22 2c 22 6a 6f 68 6e 20 77 69 63 6b 20 62 61 6c 6c 65 72 69 6e 61 20 6d 6f 76 69 65 20 74 72 61 69 6c 65 72 22 2c 22 74 68 65 20 66 6c 6f 72 69 64 69 61 6e 20 74 72 61 69 6e 20 74 69 63 6b 65 74 73 22 2c 22 6d 6c 62 20 6f 61 6b 6c 61 6e 64 20 61 74 68 6c 65 74 69 63 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32
                                                                                                                    Data Ascii: deals","orion augmented reality glasses","john wick ballerina movie trailer","the floridian train tickets","mlb oakland athletics"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2
                                                                                                                    2024-09-27 14:46:46 UTC1390INData Raw: 54 68 5a 51 6d 64 6b 63 56 4e 33 55 54 4d 77 52 45 5a 4b 61 57 39 77 62 55 78 6a 51 32 5a 78 63 45 46 7a 4d 6b 5a 32 4c 30 6c 6e 62 6d 35 33 61 33 59 32 62 31 52 49 5a 33 55 78 54 57 31 6e 62 30 6c 33 54 54 6c 44 64 6b 4e 42 4c 7a 52 52 62 47 56 72 55 31 42 47 53 6e 52 79 64 45 74 6a 63 54 56 76 64 6b 38 32 63 6a 63 34 64 55 5a 46 51 55 73 78 4d 32 74 73 61 57 73 34 52 45 4a 6b 61 46 64 72 59 6e 56 53 61 58 4e 69 53 30 46 43 64 48 46 54 54 6a 6c 52 4f 47 52 5a 59 58 52 36 56 6e 4e 48 54 48 6c 58 54 6e 4e 70 57 6b 64 6e 51 31 42 4d 63 6b 6c 46 55 46 46 6e 51 31 42 52 62 44 4a 74 4d 31 46 55 64 57 64 5a 51 6e 52 78 62 45 78 31 53 45 4e 51 55 54 46 58 64 6c 68 42 53 30 64 4f 62 32 46 53 62 47 4e 55 4d 45 77 30 54 6c 70 31 64 54 5a 71 5a 31 5a 47 59 6c 4a 7a
                                                                                                                    Data Ascii: ThZQmdkcVN3UTMwREZKaW9wbUxjQ2ZxcEFzMkZ2L0lnbm53a3Y2b1RIZ3UxTW1nb0l3TTlDdkNBLzRRbGVrU1BGSnRydEtjcTVvdk82cjc4dUZFQUsxM2tsaWs4REJkaFdrYnVSaXNiS0FCdHFTTjlROGRZYXR6VnNHTHlXTnNpWkdnQ1BMcklFUFFnQ1BRbDJtM1FUdWdZQnRxbEx1SENQUTFXdlhBS0dOb2FSbGNUMEw0Tlp1dTZqZ1ZGYlJz
                                                                                                                    2024-09-27 14:46:46 UTC825INData Raw: 33 53 6c 6b 31 65 44 6b 79 54 6c 52 4a 59 30 46 54 54 47 78 5a 4c 7a 42 6c 64 44 4e 31 54 32 56 4c 59 6b 31 49 4e 6c 56 54 53 46 5a 77 4d 58 5a 52 62 55 55 30 4c 7a 56 55 54 33 64 79 65 54 64 73 53 6e 42 49 63 54 5a 75 56 53 39 73 4b 31 52 58 56 6e 5a 61 57 54 52 54 5a 33 56 4d 55 6c 6c 72 59 6c 52 73 52 48 5a 57 52 32 4a 32 56 58 68 75 4e 55 39 47 64 6e 6c 30 57 6e 42 61 52 33 5a 61 54 31 6c 4e 53 31 49 78 53 69 74 6a 4b 79 39 54 5a 46 6c 79 63 47 5a 36 63 6b 56 72 62 69 74 73 53 56 68 48 51 55 4a 49 61 32 46 77 5a 44 46 69 4d 48 5a 77 65 48 5a 48 5a 32 38 72 62 56 52 44 53 6d 34 34 61 32 6c 68 55 6e 68 50 55 6e 4e 4e 51 69 39 4c 5a 56 52 31 56 57 35 74 51 55 70 5a 64 6d 6c 50 56 6d 4a 48 61 32 78 69 4d 6e 56 55 62 48 4e 35 51 56 56 51 62 6a 46 50 62 6d
                                                                                                                    Data Ascii: 3Slk1eDkyTlRJY0FTTGxZLzBldDN1T2VLYk1INlVTSFZwMXZRbUU0LzVUT3dyeTdsSnBIcTZuVS9sK1RXVnZaWTRTZ3VMUllrYlRsRHZWR2J2VXhuNU9Gdnl0WnBaR3ZaT1lNS1IxSitjKy9TZFlycGZ6ckVrbitsSVhHQUJIa2FwZDFiMHZweHZHZ28rbVRDSm44a2lhUnhPUnNNQi9LZVR1VW5tQUpZdmlPVmJHa2xiMnVUbHN5QVVQbjFPbm
                                                                                                                    2024-09-27 14:46:46 UTC1032INData Raw: 34 30 31 0d 0a 46 6e 56 57 78 77 55 55 4e 76 4d 56 68 6b 5a 47 39 6b 64 79 39 46 51 6d 46 50 4b 33 46 52 51 30 52 52 51 6e 4e 42 62 30 63 32 4f 57 78 5a 5a 56 56 30 65 47 78 51 63 57 39 47 55 55 39 56 51 6a 5a 49 65 57 30 32 51 7a 4e 53 62 6a 4a 52 4b 7a 4a 49 59 31 4e 4a 52 32 46 53 55 57 30 79 63 44 5a 58 4d 56 42 32 52 54 41 77 51 57 74 74 62 46 46 56 4d 30 70 31 63 30 68 4f 54 58 6c 43 62 48 52 71 4f 57 46 52 64 54 46 30 52 7a 6b 77 4d 46 56 73 51 6d 31 45 51 56 42 72 55 45 39 51 4b 7a 52 4a 59 6b 74 70 4d 45 59 7a 4d 48 4e 46 57 55 4e 61 56 6c 46 6b 53 30 73 34 53 7a 42 42 63 55 31 57 4f 45 5a 32 56 6d 64 6a 4f 48 46 59 4f 55 46 30 64 47 73 34 62 6d 4a 46 65 47 64 74 62 32 31 58 61 58 55 77 52 47 51 34 52 45 68 42 61 55 4e 5a 64 32 46 43 65 56 5a 35
                                                                                                                    Data Ascii: 401FnVWxwUUNvMVhkZG9kdy9FQmFPK3FRQ0RRQnNBb0c2OWxZZVV0eGxQcW9GUU9VQjZIeW02QzNSbjJRKzJIY1NJR2FSUW0ycDZXMVB2RTAwQWttbFFVM0p1c0hOTXlCbHRqOWFRdTF0RzkwMFVsQm1EQVBrUE9QKzRJYktpMEYzMHNFWUNaVlFkS0s4SzBBcU1WOEZ2VmdjOHFYOUF0dGs4bmJFeGdtb21XaXUwRGQ4REhBaUNZd2FCeVZ5
                                                                                                                    2024-09-27 14:46:46 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                    Data Ascii: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.1749720142.250.186.364435020C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:50 UTC649OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=%27&oit=4&cp=1&pgcl=4&gs_rn=42&psi=CE2RIP3hMqCwg0VO&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                                                                                                    Host: www.google.com
                                                                                                                    Connection: keep-alive
                                                                                                                    X-Client-Data: CJC2yQEIprbJAQipncoBCLf3ygEIlaHLAQiFoM0BCNy9zQEIucrNAQi2y80BCOnSzQEIitPNAQjB1M0BCM/WzQEI49bNAQiO180BCKfYzQEIutjNAQj5wNQVGLi/zQEY9snNARjrjaUX
                                                                                                                    Sec-Fetch-Site: none
                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    Accept-Language: en-US,en;q=0.9


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    10192.168.2.17497212.23.209.130443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:54 UTC787OUTGET /rb/17/jnc,nj/8is6HLWQOmmjdhp0hh0w6MjZScI.js?bu=DygxcoQBiQGMAYEBe37EAccBMbcBMcoB&or=w HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                    Host: r.bing.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=en&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
                                                                                                                    2024-09-27 14:46:55 UTC1225INHTTP/1.1 200 OK
                                                                                                                    Content-Type: application/x-javascript; charset=utf-8
                                                                                                                    Server: Kestrel
                                                                                                                    Access-Control-Allow-Headers: *
                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                    Last-Modified: Mon, 23 Sep 2024 06:53:05 GMT
                                                                                                                    X-EventID: 66f1a7e8c2e34f1cbb85a7ab902c3b43
                                                                                                                    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                    X-AS-InstrumentationOptions: AppServerLoggingMaster=1
                                                                                                                    X-AS-MACHINENAME: DUBEEAP0000E0C2
                                                                                                                    X-AS-SuppressSetCookie: 1
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    cross-origin-resource-policy: cross-origin
                                                                                                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75}
                                                                                                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
                                                                                                                    Cache-Control: public, max-age=96783
                                                                                                                    Expires: Sat, 28 Sep 2024 17:39:58 GMT
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:55 GMT
                                                                                                                    Content-Length: 21965
                                                                                                                    Connection: close
                                                                                                                    Alt-Svc: h3=":443"; ma=93600
                                                                                                                    Akamai-GRN: 0.30d01702.1727448415.18b850b
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    2024-09-27 14:46:55 UTC15159INData Raw: 2f 2a 21 44 69 73 61 62 6c 65 4a 61 76 61 73 63 72 69 70 74 50 72 6f 66 69 6c 65 72 2a 2f 0a 76 61 72 20 42 4d 3d 42 4d 7c 7c 7b 7d 3b 42 4d 2e 63 6f 6e 66 69 67 3d 7b 42 3a 7b 74 69 6d 65 6f 75 74 3a 31 65 33 2c 64 65 6c 61 79 3a 37 35 30 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 2c 73 65 6e 64 6c 69 6d 69 74 3a 32 30 2c 6d 61 78 50 61 79 6c 6f 61 64 53 69 7a 65 3a 37 65 33 7d 2c 56 3a 7b 64 69 73 74 61 6e 63 65 3a 32 30 7d 2c 4e 3a 7b 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 45 3a 7b 62 75 66 66 65 72 3a 33 30 2c 74 69 6d 65 6f 75 74 3a 35 65 33 2c 6d 61 78 55 72 6c 4c 65 6e 67 74 68 3a 33 30 30 7d 2c 43 3a 7b 64 69 73 74 61 6e 63 65 3a 35 30 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 76 74 28 29 7b 69
                                                                                                                    Data Ascii: /*!DisableJavascriptProfiler*/var BM=BM||{};BM.config={B:{timeout:1e3,delay:750,maxUrlLength:300,sendlimit:20,maxPayloadSize:7e3},V:{distance:20},N:{maxUrlLength:300},E:{buffer:30,timeout:5e3,maxUrlLength:300},C:{distance:50}},function(n){function vt(){i
                                                                                                                    2024-09-27 14:46:55 UTC6806INData Raw: 73 65 63 75 72 65 43 6f 6e 6e 65 63 74 69 6f 6e 53 74 61 72 74 2c 69 29 2c 79 74 3d 74 28 6f 2e 63 6f 6e 6e 65 63 74 45 6e 64 2c 69 29 2c 70 74 3d 74 28 6f 2e 72 65 71 75 65 73 74 53 74 61 72 74 2c 69 29 2c 77 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 53 74 61 72 74 2c 69 29 2c 62 74 3d 74 28 6f 2e 72 65 73 70 6f 6e 73 65 45 6e 64 2c 69 29 2c 6f 74 3d 6e 75 6c 6c 2c 73 74 3d 6e 2e 6c 61 79 6f 75 74 28 29 3b 66 6f 72 28 74 74 3d 30 3b 74 74 3c 73 74 2e 6c 65 6e 67 74 68 3b 74 74 2b 2b 29 7b 76 61 72 20 62 3d 73 74 5b 74 74 5d 2c 64 74 3d 62 2e 5f 65 2c 68 74 3d 62 2e 5f 73 3b 69 66 28 68 74 26 26 67 3d 3d 3d 68 74 29 7b 6f 74 3d 62 2e 69 3b 62 2e 78 3c 68 2e 77 26 26 62 2e 79 3c 68 2e 68 26 26 28 66 3d 65 74 29 3b 62 72 65 61 6b 7d 7d 72 74 3d 7b 5f 72 3a
                                                                                                                    Data Ascii: secureConnectionStart,i),yt=t(o.connectEnd,i),pt=t(o.requestStart,i),wt=t(o.responseStart,i),bt=t(o.responseEnd,i),ot=null,st=n.layout();for(tt=0;tt<st.length;tt++){var b=st[tt],dt=b._e,ht=b._s;if(ht&&g===ht){ot=b.i;b.x<h.w&&b.y<h.h&&(f=et);break}}rt={_r:


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    11192.168.2.17497232.23.209.130443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:55 UTC801OUTGET /rb/1a/cir3,ortl,cc,nc/CYGXBN1kkA_ojDY5vKbCoG4Zy0E.css?bu=C8MJmAO6BJ8KhAnuCPQGWlpaWg&or=w HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                    Host: r.bing.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
                                                                                                                    2024-09-27 14:46:56 UTC1210INHTTP/1.1 200 OK
                                                                                                                    Content-Type: text/css; charset=utf-8
                                                                                                                    Server: Kestrel
                                                                                                                    Access-Control-Allow-Headers: *
                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                    Last-Modified: Wed, 26 Jun 2024 16:57:25 GMT
                                                                                                                    X-EventID: 66f6583ca59a4bf2970ab51a46fe0fdc
                                                                                                                    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                    X-AS-InstrumentationOptions: AppServerLoggingMaster=1
                                                                                                                    X-AS-MACHINENAME: DUBEEAP0000E079
                                                                                                                    X-AS-SuppressSetCookie: 1
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    cross-origin-resource-policy: cross-origin
                                                                                                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75}
                                                                                                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
                                                                                                                    Cache-Control: public, max-age=403944
                                                                                                                    Expires: Wed, 02 Oct 2024 06:59:20 GMT
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:56 GMT
                                                                                                                    Content-Length: 20421
                                                                                                                    Connection: close
                                                                                                                    Alt-Svc: h3=":443"; ma=93600
                                                                                                                    Akamai-GRN: 0.39d01702.1727448416.e5dbad6
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    2024-09-27 14:46:56 UTC15174INData Raw: 2e 73 77 5f 70 6c 75 73 2c 2e 73 77 5f 75 70 2c 2e 73 77 5f 64 6f 77 6e 2c 2e 73 77 5f 73 74 2c 2e 73 77 5f 73 74 68 2c 2e 73 77 5f 73 74 65 2c 2e 73 77 5f 74 70 63 62 6b 2c 2e 73 77 5f 70 6c 61 79 2c 2e 73 77 5f 70 6c 61 79 64 2c 2e 73 77 5f 70 6c 61 79 61 2c 2e 73 77 5f 70 6c 61 79 70 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 4d 44 4c 32 20 41 73 73 65 74 73 22 7d 2e 73 77 5f 70 6c 75 73 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 22 ee 9c 90 22 7d 2e 73 77 5f 70 6c 61 79 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 61 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 64 3a 61 66 74 65 72 2c 2e 73 77 5f 70 6c 61 79 70 3a 61 66 74 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 63 6f
                                                                                                                    Data Ascii: .sw_plus,.sw_up,.sw_down,.sw_st,.sw_sth,.sw_ste,.sw_tpcbk,.sw_play,.sw_playd,.sw_playa,.sw_playp{font-family:"Segoe MDL2 Assets"}.sw_plus:after{content:""}.sw_play:after,.sw_playa:after,.sw_playd:after,.sw_playp:after{font-size:16px;line-height:16px;co
                                                                                                                    2024-09-27 14:46:56 UTC5247INData Raw: 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6c 67 6f 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 61 6e 73 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6e 73 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 61 6c 67 6f 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6e 73 2c 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 2e 62 5f 6e 61 76 2b 73 63 72 69 70 74 2b 73 63 72 69 70 74 2b 2e 62 5f 61 6c 67 6f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 23 62 5f 72 65 73 75 6c 74 73 3e 6c 69 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f 64 79 5b 64 69 72 5d 20 2e 62 5f 63 61 70 74 69 6f 6e 3e 2a 3a 6c 61 73 74 2d 63 68 69 6c 64 2c 62 6f
                                                                                                                    Data Ascii: pt+script+.b_algo,body[dir] #b_results>.b_ans+script+script+.b_ans,body[dir] #b_results>.b_algo+script+script+.b_ans,body[dir] #b_results>.b_nav+script+script+.b_algo{margin-top:4px}body[dir] #b_results>li>*:last-child,body[dir] .b_caption>*:last-child,bo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    12192.168.2.174972220.189.173.23443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:55 UTC684OUTPOST /Collector/3.0/?qsp=true&content-type=application%2Fbond-compact-binary&client-id=NO_AUTH&sdk-version=AWT-Web-CJS-1.2.0&x-apikey=33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176 HTTP/1.1
                                                                                                                    Origin: https://www.bing.com
                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-CH
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                    Host: browser.pipe.aria.microsoft.com
                                                                                                                    Content-Length: 994
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    2024-09-27 14:46:55 UTC994OUTData Raw: 6d 09 0b 01 4a 33 33 64 37 30 61 38 36 34 35 39 39 34 39 36 62 39 38 32 61 33 39 66 30 33 36 66 37 31 31 32 32 2d 32 30 36 34 37 30 33 65 2d 33 61 39 64 2d 34 64 39 30 2d 38 33 36 32 2d 65 65 63 30 38 64 66 66 65 38 65 38 2d 37 31 37 36 0a 01 49 12 61 63 74 5f 64 65 66 61 75 6c 74 5f 73 6f 75 72 63 65 a9 24 34 33 30 30 36 61 37 62 2d 36 31 39 33 2d 34 38 39 34 2d 39 35 65 35 2d 63 34 33 64 34 31 37 35 38 38 65 64 d1 06 ce da 97 bf c6 64 cb 08 0a 01 29 24 33 39 63 35 61 66 31 36 2d 65 66 33 37 2d 34 33 36 33 2d 39 30 35 64 2d 30 62 66 35 37 34 34 38 36 63 61 32 71 f6 ca 97 bf c6 64 a9 14 63 75 73 74 6f 6d 2e 43 6c 69 65 6e 74 5f 45 76 65 6e 74 73 c9 06 0e 76 61 72 69 61 6e 74 5f 65 76 65 6e 74 73 cd 0d 09 09 19 0a 64 65 76 69 63 65 54 79 70 65 07 44 45 53
                                                                                                                    Data Ascii: mJ33d70a864599496b982a39f036f71122-2064703e-3a9d-4d90-8362-eec08dffe8e8-7176Iact_default_source$43006a7b-6193-4894-95e5-c43d417588edd)$39c5af16-ef37-4363-905d-0bf574486ca2qdcustom.Client_Eventsvariant_eventsdeviceTypeDES
                                                                                                                    2024-09-27 14:46:56 UTC462INHTTP/1.1 200 OK
                                                                                                                    Content-Length: 0
                                                                                                                    Content-Type: application/json
                                                                                                                    Server: Microsoft-HTTPAPI/2.0
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    time-delta-millis: 2213
                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                    Access-Control-Allow-Methods: POST
                                                                                                                    Access-Control-Allow-Headers: Accept, Content-Type, Content-Encoding, Client-Id
                                                                                                                    Access-Control-Expose-Headers: kill-tokens, kill-duration-seconds, time-delta-millis
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:55 GMT
                                                                                                                    Connection: close


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    13192.168.2.1749724204.79.197.222443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:56 UTC462OUTGET /conf/v2/asgw/fpconfig.min.json?monitorId=asgw HTTP/1.1
                                                                                                                    Origin: https://www.bing.com
                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                    Accept: */*
                                                                                                                    Accept-Language: en-CH
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                    Host: fp.msedge.net
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-09-27 14:47:02 UTC428INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: public,max-age=900
                                                                                                                    Content-Length: 20022
                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                    ETag: "754550904"
                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                    Request-Context: appId=cid-v1:b183296d-485b-49fc-81c7-a511e61d1309
                                                                                                                    X-Cache: CONFIG_NOCACHE
                                                                                                                    X-MSEdge-Ref: Ref A: 511229612FC3408DAA56F85EC96A730D Ref B: EWR30EDGE0817 Ref C: 2024-09-27T14:46:56Z
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:02 GMT
                                                                                                                    Connection: close
                                                                                                                    2024-09-27 14:47:02 UTC1058INData Raw: 7b 22 73 22 3a 35 30 30 30 2c 22 6e 22 3a 33 2c 22 65 22 3a 5b 7b 22 65 22 3a 22 2a 2e 61 7a 72 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 35 30 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 2a 2e 63 6c 6f 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 2a 2e 6e 72 62 2e 66 6f 6f 74 70 72 69 6e 74 64 6e 73 2e 63 6f 6d 22 2c 22 77 22 3a 34 32 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 66 64 78 74 65 73 74 2e 7a 30 31 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 35 30 30 2c 22 6d 22 3a 31 7d 2c 7b
                                                                                                                    Data Ascii: {"s":5000,"n":3,"e":[{"e":"*.azr.footprintdns.com","w":5000,"m":128},{"e":"*.clo.footprintdns.com","w":2000,"m":1},{"e":"*.clo.footprintdns.com","w":100,"m":128},{"e":"*.nrb.footprintdns.com","w":420,"m":3},{"e":"afdxtest.z01.azurefd.net","w":500,"m":1},{
                                                                                                                    2024-09-27 14:47:02 UTC2741INData Raw: 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 61 78 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 62 64 33 61 7a 66 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 62 64 33 61 7a 66 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 62 64 38 61 7a 66 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 62 64 38 61 7a 66 61 70 70 30
                                                                                                                    Data Ascii: :2000,"m":3},{"e":"ax-ring-fallback.msedge.net","w":50,"m":3},{"e":"bd3azfapp01-canary.netmon.azure.us","w":3,"m":128},{"e":"bd3azfapp02-canary.netmon.azure.us","w":3,"m":128},{"e":"bd8azfapp01-canary-opaph.netmon.azure.us","w":3,"m":128},{"e":"bd8azfapp0
                                                                                                                    2024-09-27 14:47:02 UTC4096INData Raw: 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 71 31 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 32 30 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 2d 72 69 6e 67 2d 66 61 6c 6c 62 61 63 6b 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 35 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 63 76 6c 30 32 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22
                                                                                                                    Data Ascii: -opaph.netmon.azure.com","w":3,"m":128},{"e":"cq1prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"c-ring.msedge.net","w":2000,"m":3},{"e":"c-ring-fallback.msedge.net","w":50,"m":3},{"e":"cvl02prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e"
                                                                                                                    2024-09-27 14:47:02 UTC4096INData Raw: 22 66 72 61 32 32 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 66 72 61 32 33 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22 2c 22 77 22 3a 31 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 67 72 61 70 68 2e 61 7a 75 72 65 66 64 2e 6e 65 74 22
                                                                                                                    Data Ascii: "fra22prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"fra23prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"fra23prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"graph.azurefd.net","w":1,"m":1},{"e":"graph.azurefd.net"
                                                                                                                    2024-09-27 14:47:02 UTC4096INData Raw: 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 7d 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6e 61 67 32 30 70 72 64 61 70 70 30 32 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2e 6d 73 65 64 67 65 2e 6e 65 74 22 2c 22 77 22 3a 31 30 30 2c 22 6d 22 3a 33 7d 2c 7b 22 65 22 3a 22 6f 2d 72 69 6e 67 2d 66 61 6c 6c 62
                                                                                                                    Data Ascii: ,{"e":"nag20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":1},{"e":"nag20prdapp01-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"nag20prdapp02-canary-opaph.netmon.azure.com","w":3,"m":128},{"e":"o-ring.msedge.net","w":100,"m":3},{"e":"o-ring-fallb
                                                                                                                    2024-09-27 14:47:02 UTC3935INData Raw: 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 34 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 63 6f 6d 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 35 61 7a 66 61 70 70 30 31 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 35 61 7a 66 61 70 70 30 32 2d 63 61 6e 61 72 79 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e 75 73 22 2c 22 77 22 3a 33 2c 22 6d 22 3a 31 32 38 7d 2c 7b 22 65 22 3a 22 73 6e 37 70 72 64 61 70 70 30 31 2d 63 61 6e 61 72 79 2d 6f 70 61 70 68 2e 6e 65 74 6d 6f 6e 2e 61 7a 75 72 65 2e
                                                                                                                    Data Ascii: anary.netmon.azure.com","w":3,"m":128},{"e":"sn4prdapp01-canary.netmon.azure.com","w":3,"m":128},{"e":"sn5azfapp01-canary.netmon.azure.us","w":3,"m":128},{"e":"sn5azfapp02-canary.netmon.azure.us","w":3,"m":128},{"e":"sn7prdapp01-canary-opaph.netmon.azure.


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    14192.168.2.17497252.23.209.130443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:57 UTC791OUTGET /rb/1a/cir3,ortl,cc,nc/eNojzGTgc6FFJi_kGAzzghOMEG4.css?bu=B8ECRa8ClwFaWswC&or=w HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                    Host: r.bing.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
                                                                                                                    2024-09-27 14:46:57 UTC1208INHTTP/1.1 200 OK
                                                                                                                    Content-Type: text/css; charset=utf-8
                                                                                                                    Server: Kestrel
                                                                                                                    Access-Control-Allow-Headers: *
                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                    Last-Modified: Thu, 05 Sep 2024 19:10:57 GMT
                                                                                                                    X-EventID: 66edef558dc44c72be220d10c3ac0b22
                                                                                                                    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                    X-AS-InstrumentationOptions: AppServerLoggingMaster=1
                                                                                                                    X-AS-MACHINENAME: DUBEEAP0000DFFA
                                                                                                                    X-AS-SuppressSetCookie: 1
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    cross-origin-resource-policy: cross-origin
                                                                                                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75}
                                                                                                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
                                                                                                                    Cache-Control: public, max-age=79938
                                                                                                                    Expires: Sat, 28 Sep 2024 12:59:15 GMT
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:57 GMT
                                                                                                                    Content-Length: 6058
                                                                                                                    Connection: close
                                                                                                                    Alt-Svc: h3=":443"; ma=93600
                                                                                                                    Akamai-GRN: 0.36d01702.1727448417.2cc7bc5
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    2024-09-27 14:46:57 UTC6058INData Raw: 2e 62 5f 73 65 61 72 63 68 62 6f 78 53 75 62 6d 69 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 72 70 2f 34 69 5a 49 7a 5f 6f 41 4c 31 79 70 37 64 69 5f 36 44 39 65 32 65 6e 58 69 4d 4d 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 20 2d 34 32 70 78 20 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 33 32 30 70 78 20 33 38 70 78 7d 2e 62 5f 6c 6f 67 6f 7b 77 69 64 74 68 3a 32 32 70 78 3b 68 65 69 67 68 74 3a 33 37 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 64 69 72 65 63 74 69 6f 6e 3a 6c 74 72 7d 2e 62 5f 6c 6f 67 6f 3a 61 66 74 65 72 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 64
                                                                                                                    Data Ascii: .b_searchboxSubmit{background:url(/rp/4iZIz_oAL1yp7di_6D9e2enXiMM.png) no-repeat -42px 0;background-size:320px 38px}.b_logo{width:22px;height:37px;position:relative;display:inline-block;overflow:hidden;direction:ltr}.b_logo:after{position:absolute;top:0;d


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    15192.168.2.17497264.175.87.197443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:46:57 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=b7w4lCmcLnSAMp5&MD=MGKTDmtu HTTP/1.1
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                    Host: slscr.update.microsoft.com
                                                                                                                    2024-09-27 14:46:58 UTC560INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/octet-stream
                                                                                                                    Expires: -1
                                                                                                                    Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                    ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                    MS-CorrelationId: 61d1000f-66b2-412e-8379-a725bb60b1dd
                                                                                                                    MS-RequestId: 39d13685-7f98-4568-92c5-deef40de0eca
                                                                                                                    MS-CV: fb80CmSGrUC1Uaw2.0
                                                                                                                    X-Microsoft-SLSClientCache: 1440
                                                                                                                    Content-Disposition: attachment; filename=environment.cab
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Date: Fri, 27 Sep 2024 14:46:57 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 30005
                                                                                                                    2024-09-27 14:46:58 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                    Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                    2024-09-27 14:46:58 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                    Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    16192.168.2.17497282.23.209.130443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:47:07 UTC780OUTGET /rb/3F/ortl,cc,nc/4-xJy3tX6bM2BGl5zKioiEcQ1TU.css?bu=A4gCjAKPAg&or=w HTTP/1.1
                                                                                                                    Accept: */*
                                                                                                                    Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                    Host: r.bing.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: MUID=4590362BB5CF472B95BBEDB3112D4B7B; _SS=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&CPID=1707317459775&AC=1&CPH=a4f3c03a; _EDGE_S=SID=0D9D1D1BB22D6FFF29B20905B3B46EB0&mkt=de-ch; SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775
                                                                                                                    2024-09-27 14:47:08 UTC1210INHTTP/1.1 200 OK
                                                                                                                    Content-Type: text/css; charset=utf-8
                                                                                                                    Server: Kestrel
                                                                                                                    Access-Control-Allow-Headers: *
                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                    Last-Modified: Thu, 07 Dec 2023 22:46:12 GMT
                                                                                                                    X-EventID: 66e2b8499a4f401c959e10ac1859cbc9
                                                                                                                    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                    X-AS-InstrumentationOptions: AppServerLoggingMaster=1
                                                                                                                    X-AS-MACHINENAME: DUBEEAP0000E03E
                                                                                                                    X-AS-SuppressSetCookie: 1
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    cross-origin-resource-policy: cross-origin
                                                                                                                    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":0.75}
                                                                                                                    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingrms"}]}
                                                                                                                    Cache-Control: public, max-age=287534
                                                                                                                    Expires: Mon, 30 Sep 2024 22:39:21 GMT
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:07 GMT
                                                                                                                    Content-Length: 15967
                                                                                                                    Connection: close
                                                                                                                    Alt-Svc: h3=":443"; ma=93600
                                                                                                                    Akamai-GRN: 0.0cd01702.1727448427.7333afe
                                                                                                                    Timing-Allow-Origin: *
                                                                                                                    2024-09-27 14:47:08 UTC15174INData Raw: 68 74 6d 6c 7b 2d 6d 73 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 68 69 64 64 65 6e 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 7d 62 6f 64 79 5b 64 69 72 5d 20 74 61 62 6c 65 2c 62 6f 64 79 5b 64 69 72 5d 20 74 64 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 62 6f 64 79 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 53 65 67 6f 65 20 55 49 22 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 53 61 6e 73 2d 53 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 62 6f 64 79 5b 64 69 72 5d 7b 6d 61 72 67 69 6e 3a 30 7d 62 6f 64 79 20 2e 74 61 6c 6c 55 78 7b
                                                                                                                    Data Ascii: html{-ms-user-select:none;overflow-y:hidden;overflow-x:hidden;cursor:default}body[dir] table,body[dir] td{margin:0;padding:0}body{font-size:15px;line-height:20px;font-family:"Segoe UI",Arial,Helvetica,Sans-Serif;color:#000}body[dir]{margin:0}body .tallUx{
                                                                                                                    2024-09-27 14:47:08 UTC793INData Raw: 74 28 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 29 3a 6e 6f 74 28 2e 63 6f 72 74 61 6e 61 49 63 6f 6e 29 20 2e 69 63 6f 6e 20 69 6d 67 7b 77 69 64 74 68 3a 31 33 70 78 3b 68 65 69 67 68 74 3a 31 33 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 6d 69 6e 2d 77 69 64 74 68 3a 34 34 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 34 70 78 3b 6d 61 78 2d 68 65 69 67 68 74 3a 34 34 70 78 7d 62 6f 64 79 5b 64 69 72 5d 20 2e 61 73 50 61 64 64 69 6e 67 20 2e 64 6f 75 62 6c 65 4c 69 6e 65 20 2e 73 65 63 6f 6e 64 61 72 79 49 63 6f 6e 3e 2e 69 63 6f 6e 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 36 70 78 7d 2e 61 73 50 61 64 64 69 6e 67 20 2e 6e 6f 72 6d 61 6c 69 7a 65 64 42 69 67
                                                                                                                    Data Ascii: t(.secondaryIcon):not(.cortanaIcon) .icon img{width:13px;height:13px}.asPadding .doubleLine .secondaryIcon>.icon{min-width:44px;min-height:44px;max-height:44px}body[dir] .asPadding .doubleLine .secondaryIcon>.icon{padding-top:6px}.asPadding .normalizedBig


                                                                                                                    Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                    17192.168.2.174973013.107.5.88443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:47:08 UTC537OUTGET /ab HTTP/1.1
                                                                                                                    Host: evoke-windowsservices-tas.msedge.net
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    X-PHOTOS-CALLERID: 9NMPJ99VJBWV
                                                                                                                    X-EVOKE-RING:
                                                                                                                    X-WINNEXT-RING: Public
                                                                                                                    X-WINNEXT-TELEMETRYLEVEL: Basic
                                                                                                                    X-WINNEXT-OSVERSION: 10.0.19045.0
                                                                                                                    X-WINNEXT-APPVERSION: 1.23082.131.0
                                                                                                                    X-WINNEXT-PLATFORM: Desktop
                                                                                                                    X-WINNEXT-CANTAILOR: False
                                                                                                                    X-MSEDGE-CLIENTID: {c1afbad7-f7da-40f2-92f9-8846a91d69bd}
                                                                                                                    X-WINNEXT-PUBDEVICEID: dbfen2nYS7HW6ON4OdOknKxxv2CCI5LJBTojzDztjwI=
                                                                                                                    If-None-Match: 2056388360_-1434155563
                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                    2024-09-27 14:47:08 UTC209INHTTP/1.1 400 Bad Request
                                                                                                                    X-MSEdge-Ref: Ref A: EF793E5F94C240FAB8F631ED321C83B6 Ref B: EWR311000103051 Ref C: 2024-09-27T14:47:08Z
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:08 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 0


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    18192.168.2.174972940.126.29.5443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:47:08 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 3592
                                                                                                                    Host: login.live.com
                                                                                                                    2024-09-27 14:47:08 UTC3592OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-09-27 14:47:08 UTC569INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 27 Sep 2024 14:46:08 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C529_BAY
                                                                                                                    x-ms-request-id: 0c0e2a6e-3ed2-4138-b1be-48f2a0e5a681
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF0001B646 V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:08 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11389
                                                                                                                    2024-09-27 14:47:08 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    19192.168.2.174973240.126.29.5443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:47:09 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 4775
                                                                                                                    Host: login.live.com
                                                                                                                    2024-09-27 14:47:09 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-09-27 14:47:09 UTC569INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 27 Sep 2024 14:46:09 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C529_SN1
                                                                                                                    x-ms-request-id: e8e5f8a6-b8f1-4dbb-b6b7-c55c5727f444
                                                                                                                    PPServer: PPV: 30 H: SN1PEPF0002F15D V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:09 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11389
                                                                                                                    2024-09-27 14:47:09 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    20192.168.2.176229040.126.29.5443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:47:11 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 4775
                                                                                                                    Host: login.live.com
                                                                                                                    2024-09-27 14:47:11 UTC4775OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-09-27 14:47:11 UTC569INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 27 Sep 2024 14:46:11 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C529_SN1
                                                                                                                    x-ms-request-id: fb128e73-9ee1-4af5-ad4f-1557205716b7
                                                                                                                    PPServer: PPV: 30 H: SN1PEPF0002F16A V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:11 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11389
                                                                                                                    2024-09-27 14:47:11 UTC11389INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    21192.168.2.176229240.126.29.5443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:47:12 UTC422OUTPOST /RST2.srf HTTP/1.0
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Content-Type: application/soap+xml
                                                                                                                    Accept: */*
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29743.00; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68})
                                                                                                                    Content-Length: 4808
                                                                                                                    Host: login.live.com
                                                                                                                    2024-09-27 14:47:12 UTC4808OUTData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
                                                                                                                    2024-09-27 14:47:13 UTC569INHTTP/1.1 200 OK
                                                                                                                    Cache-Control: no-store, no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    Content-Type: application/soap+xml; charset=utf-8
                                                                                                                    Expires: Fri, 27 Sep 2024 14:46:12 GMT
                                                                                                                    P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
                                                                                                                    Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                    x-ms-route-info: C529_BAY
                                                                                                                    x-ms-request-id: de0e4e80-98ee-4011-9e3a-9165c9a282db
                                                                                                                    PPServer: PPV: 30 H: PH1PEPF000183BF V: 0
                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                    Strict-Transport-Security: max-age=31536000
                                                                                                                    X-XSS-Protection: 1; mode=block
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:12 GMT
                                                                                                                    Connection: close
                                                                                                                    Content-Length: 11177
                                                                                                                    2024-09-27 14:47:13 UTC11177INData Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30
                                                                                                                    Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    22192.168.2.17622932.23.209.189443
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-09-27 14:47:13 UTC2633OUTGET /client/config?cc=CH&setlang=en-CH HTTP/1.1
                                                                                                                    X-Search-CortanaAvailableCapabilities: None
                                                                                                                    X-Search-SafeSearch: Moderate
                                                                                                                    Accept-Encoding: gzip, deflate
                                                                                                                    X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
                                                                                                                    X-UserAgeClass: Unknown
                                                                                                                    X-BM-Market: CH
                                                                                                                    X-BM-DateFormat: dd/MM/yyyy
                                                                                                                    X-Device-OSSKU: 48
                                                                                                                    X-BM-DTZ: -240
                                                                                                                    X-DeviceID: 01000A41090080B6
                                                                                                                    X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
                                                                                                                    X-Search-TimeZone: Bias=300; DaylightBias=-60; TimeZoneKeyName=Eastern Standard Time
                                                                                                                    X-BM-Theme: 000000;0078d7
                                                                                                                    X-Search-RPSToken: t%3DEwDoAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAASn14KcyreLXX78T5uYKSejBIybhIWPme3BzC2wWolWPEDuIla2puElquWcOHSDPfclMqv2tnoIW8JUsTTk/I8iNPTifwMOsIS9DCQQdocv6ABJbT0KuTkXNVEDs4V2msq/7LqwSSSCCiXnEFscPcypAp5Bfi1lx2wj4Vx/mOsq/1Nod%2BbwOZPNOL%2BwKYFN58d%2BW1Z2UMSuK7fsanBSnBpwldx2LpxkuC1g3Ve1JUCfAf6WxPEqDuGy5C1Hn1W9wkFzrli%2BgGFBvyhghBl8hz09Fe19jJahtwFnKjEFKkyO/3eGAmut%2BSaF/2Yz2HSgv4Mdki8kaM9FyJk1JrbABhCsQZgAAEBx79s31%2Bfn6%2Bxdll4OkxWKwAQ0t/gned/PYcRTAsulgJWCpytZ%2B/oM%2B9/0FvFAwKRHkd20FXJ/nmDwtT6g%2ByFs7X1Jrs0fgur9mt8e6gj0wUzpdQJLJUBq9AXqN3H7ODxpxlRzAFtHLu9n4ZXaj%2BxmKSlsSfSxVv5thPx6o10Ae7CHklVbWx4l9C7xsF9PAF9zcdXgfVISKjOqkKRlWvKrejVAOiogPUKQ6nzAH1qfL9RtvAEwXU19AYwC0yt8wUt1SBghwuRY1KnTHxAVIN/bkETYH9kGrOfEfU/9fVyAfbmCwW4exJ1y8FDD%2Bumc7/iJjQHUz7NiLXeUwkOpikwmHsGmlxLYwx8pL2DZCENbkIo1ypgWd9uShm2iD8V0miAkl9KGXFNTzOCqbmA7idn2NCox30g%2B5m3oxrTtAtC2u7T/pFGYCfyEovppdoOj4qmnRYXFSNCiDfhC02gdgfSZn2lEgDL3fhRl4bBLgtAOctDay8a7kQV%2Br0Qj5QNVJQzRGGij3JoMSHplVgd1YOwQZ3ymJMLJR0fbiUF7A/DSHoXxxu9pKzxmPJdhq1Rmu6rOUT9601 [TRUNCATED]
                                                                                                                    X-Agent-DeviceId: 01000A41090080B6
                                                                                                                    X-BM-CBT: 1727448426
                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
                                                                                                                    X-Device-isOptin: false
                                                                                                                    Accept-language: en-GB, en, en-US
                                                                                                                    X-Device-Touch: false
                                                                                                                    X-Device-ClientSession: D1688C44F2084BD3AAB35A5004AD6140
                                                                                                                    X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
                                                                                                                    Host: www.bing.com
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Cookie: SRCHUID=V=2&GUID=C4EAB6C130004333A34B5668AE4E4D10&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20240207; SRCHHPGUSR=SRCHLANG=de&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775; MUID=4590362BB5CF472B95BBEDB3112D4B7B; MUIDB=4590362BB5CF472B95BBEDB3112D4B7B
                                                                                                                    2024-09-27 14:47:14 UTC1319INHTTP/1.1 200 OK
                                                                                                                    Content-Length: 2215
                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                    Cache-Control: private
                                                                                                                    X-EventID: 66f6c572f4144841a1e19c5162dfe9a4
                                                                                                                    X-AS-SetSessionMarket: de-ch
                                                                                                                    UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0=
                                                                                                                    X-XSS-Protection: 0
                                                                                                                    P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
                                                                                                                    Date: Fri, 27 Sep 2024 14:47:14 GMT
                                                                                                                    Connection: close
                                                                                                                    Set-Cookie: _EDGE_S=SID=3D760C07A017631525BE1900A1A162BC&mkt=de-ch; domain=.bing.com; path=/; HttpOnly
                                                                                                                    Set-Cookie: SRCHHPGUSR=SRCHLANG=en&HV=1727448413&IPMH=fd04f626&IPMID=1707317459775; domain=.bing.com; expires=Wed, 22-Oct-2025 14:47:14 GMT; path=/; secure; SameSite=None
                                                                                                                    Set-Cookie: ANON=A=84BEA1DAAAB85FA790252CDAFFFFFFFF; domain=.bing.com; expires=Wed, 22-Oct-2025 14:47:14 GMT; path=/; secure; SameSite=None
                                                                                                                    Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                    Set-Cookie: _SS=SID=3D760C07A017631525BE1900A1A162BC; domain=.bing.com; path=/; secure; SameSite=None
                                                                                                                    Alt-Svc: h3=":443"; ma=93600
                                                                                                                    X-CDN-TraceID: 0.33d01702.1727448434.6a3b82d
                                                                                                                    2024-09-27 14:47:14 UTC2215INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65
                                                                                                                    Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:10:46:04
                                                                                                                    Start date:27/09/2024
                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
                                                                                                                    Imagebase:0x7ff7d6f10000
                                                                                                                    File size:3'242'272 bytes
                                                                                                                    MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:10:46:04
                                                                                                                    Start date:27/09/2024
                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1972,i,1698617406949419602,7228872294080109155,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                                                                                                    Imagebase:0x7ff7d6f10000
                                                                                                                    File size:3'242'272 bytes
                                                                                                                    MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    General

                                                                                                                    Target ID:3
                                                                                                                    Start time:10:46:05
                                                                                                                    Start date:27/09/2024
                                                                                                                    Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://main.d3engbxc9elyir.amplifyapp.com/"
                                                                                                                    Imagebase:0x7ff7d6f10000
                                                                                                                    File size:3'242'272 bytes
                                                                                                                    MD5 hash:83395EAB5B03DEA9720F8D7AC0D15CAA
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:18
                                                                                                                    Start time:10:46:54
                                                                                                                    Start date:27/09/2024
                                                                                                                    Path:C:\Windows\System32\osk.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\system32\osk.exe"
                                                                                                                    Imagebase:0x7ff7352e0000
                                                                                                                    File size:653'312 bytes
                                                                                                                    MD5 hash:745F2DF5BEED97B8C751DF83938CB418
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:20
                                                                                                                    Start time:10:46:54
                                                                                                                    Start date:27/09/2024
                                                                                                                    Path:C:\Windows\System32\osk.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:"C:\Windows\system32\osk.exe"
                                                                                                                    Imagebase:0x7ff7352e0000
                                                                                                                    File size:653'312 bytes
                                                                                                                    MD5 hash:745F2DF5BEED97B8C751DF83938CB418
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:21
                                                                                                                    Start time:10:46:55
                                                                                                                    Start date:27/09/2024
                                                                                                                    Path:C:\Windows\explorer.exe
                                                                                                                    Wow64 process (32bit):false
                                                                                                                    Commandline:C:\Windows\Explorer.EXE
                                                                                                                    Imagebase:0x7ff672e00000
                                                                                                                    File size:5'141'208 bytes
                                                                                                                    MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                                                                                                    Has elevated privileges:false
                                                                                                                    Has administrator privileges:false
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Reputation:low
                                                                                                                    Has exited:false

                                                                                                                    Disassembly

                                                                                                                    No disassembly