Edit tour

Windows Analysis Report
http://Dear%20Roxana,%20Because%20you%20are%20a%20dedicated%20supporter%20of%20VHC%20Health,%20I%E2%80%99m%20excited%20to%20share%20with%20you%E2%80%94before%20our%20official%20announcement%E2%80%94our%20brand-new%20podcast,%20Living%20Well%20with%20Alison%20Starling,%20in%20partnership%20with%20the

Overview

General Information

Sample URL:	http://Dear%20Roxana,%20Because%20you%20are%20a%20dedicated%20supporter%20of%20VHC%20Health,%20I%E2%80%99m%20excited%20to%20share%20with%20you%E2%80%94before%20our%20official%20announcement%E2%80%94ou
Analysis ID:	1522884
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 5208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2016,i,9884357908905585262,13301633652303811183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

chrome.exe (PID: 6928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://Dear%20Roxana,%20Because%20you%20are%20a%20dedicated%20supporter%20of%20VHC%20Health,%20I m%20excited%20to%20share%20with%20you before%20our%20official%20announcement our%20brand-new%20podcast,%20Living%20Well%20with%20Alison%20Starling,%20in%20partnership%20with%20the%20Washington%20Business%20Journal.%20Listen%20and%20Subscribe%20to%20Living%20Well%20Today%20 %20%20%20%20Hosted%20by%20former%20ABC%207News%20anchor%20and%20Emmy%20Award%20winner%20Alison%20Starling,%20this%20series%20brings%20you%20exclusive%20insights%20from%20leading%20health%20advocates%20on%20today s%20most%20important%20health%20issues.%20In%20the%20premiere%20episode,%20Living%20Well%20with%20Alison%20Starling%20dives%20into%20the%20topic%20of%20menopause,%20an%20issue%20that s%20shifting%20from%20whispers%20to%20open%20conversations.%20Listen%20in%20as%20two%20certified%20menopause%20practitioners%20from%20VHC%20Health%20and%20a%20renowned%20national%20expert%20discuss%20how%20today's%20culture%20is%20changing%20the%20conversation%20on%20hormone%20therapy%20and%20women s%20health.%20Don t%20miss%20out%20on%20this%20timely%20and%20informative%20conversation.%20Empower%20yourself%20with%20the%20knowledge%20to%20make%20informed%20decisions%20about%20your%20health.%20Listen%20anytime,%20anywhere,%20on%20your%20favorite%20podcast%20platform.%20Thank%20you%20again%20for%20being%20an%20integral%20part%20of%20VHC%20Health%20through%20your%20generosity.%20With%20gratitude," MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)

cleanup

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 913sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_45.2.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_48.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_48.2.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_48.2.dr, chromecache_45.2.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_48.2.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_48.2.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_48.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_48.2.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_45.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_45.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_45.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_45.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_45.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_48.2.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_48.2.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_48.2.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_48.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_48.2.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_45.2.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_45.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_45.2.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443

Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.115.3.253:443 -> 192.168.2.6:49742 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/16@8/6

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2016,i,9884357908905585262,13301633652303811183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://Dear%20Roxana,%20Because%20you%20are%20a%20dedicated%20supporter%20of%20VHC%20Health,%20I m%20excited%20to%20share%20with%20you before%20our%20official%20announcement our%20brand-new%20podcast,%20Living%20Well%20with%20Alison%20Starling,%20in%20partnership%20with%20the%20Washington%20Business%20Journal.%20Listen%20and%20Subscribe%20to%20Living%20Well%20Today%20 %20%20%20%20Hosted%20by%20former%20ABC%207News%20anchor%20and%20Emmy%20Award%20winner%20Alison%20Starling,%20this%20series%20brings%20you%20exclusive%20insights%20from%20leading%20health%20advocates%20on%20today s%20most%20important%20health%20issues.%20In%20the%20premiere%20episode,%20Living%20Well%20with%20Alison%20Starling%20dives%20into%20the%20topic%20of%20menopause,%20an%20issue%20that s%20shifting%20from%20whispers%20to%20open%20conversations.%20Listen%20in%20as%20two%20certified%20menopause%20practitioners%20from%20VHC%20Health%20and%20a%20renowned%20national%20expert%20discuss%20how%20today's%20culture%20is%20changing%20the%20conversation%20on%20hormone%20therapy%20and%20women s%20health.%20Don t%20miss%20out%20on%20this%20timely%20and%20informative%20conversation.%20Empower%20yourself%20with%20the%20knowledge%20to%20make%20informed%20decisions%20about%20your%20health.%20Listen%20anytime,%20anywhere,%20on%20your%20favorite%20podcast%20platform.%20Thank%20you%20again%20for%20being%20an%20integral%20part%20of%20VHC%20Health%20through%20your%20generosity.%20With%20gratitude,"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2016,i,9884357908905585262,13301633652303811183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
http://www.broofa.com	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/lcreport/	0%	URL Reputation	safe
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0	0%	URL Reputation	safe
https://apis.google.com	0%	URL Reputation	safe
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	0%	URL Reputation	safe
https://domains.google.com/suggest/flow	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	unknown
plus.l.google.com	142.250.185.206	true	false	unknown
play.google.com	216.58.206.78	true	false	unknown
www.google.com	142.250.74.196	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	unknown
windowsupdatebg.s.llnwi.net	87.248.204.0	true	false	unknown
apis.google.com	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false		unknown
https://play.google.com/log?format=json&hasfast=true	false		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		unknown
https://www.google.com/async/newtab_promos	false		unknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		unknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.broofa.com	chromecache_45.2.dr	false	URL Reputation: safe	unknown
https://csp.withgoogle.com/csp/lcreport/	chromecache_48.2.dr	false	URL Reputation: safe	unknown
https://apis.google.com	chromecache_48.2.dr, chromecache_45.2.dr	false	URL Reputation: safe	unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_48.2.dr	false	URL Reputation: safe	unknown
https://domains.google.com/suggest/flow	chromecache_48.2.dr	false	URL Reputation: safe	unknown
https://clients6.google.com	chromecache_48.2.dr	false		unknown
https://plus.google.com	chromecache_48.2.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.206	plus.l.google.com	United States	15169	GOOGLEUS	false
216.58.206.78	play.google.com	United States	15169	GOOGLEUS	false
142.250.185.132	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.74.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1522884
Start date and time:	2024-09-30 19:55:26 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 2m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://Dear%20Roxana,%20Because%20you%20are%20a%20dedicated%20supporter%20of%20VHC%20Health,%20I%E2%80%99m%20excited%20to%20share%20with%20you%E2%80%94before%20our%20official%20announcement%E2%80%94our%20brand-new%20podcast,%20Living%20Well%20with%20Alison%20Starling,%20in%20partnership%20with%20the%20Washington%20Business%20Journal.%20Listen%20and%20Subscribe%20to%20Living%20Well%20Today%20%C2%BB%20%20%20%20Hosted%20by%20former%20ABC%207News%20anchor%20and%20Emmy%20Award%20winner%20Alison%20Starling,%20this%20series%20brings%20you%20exclusive%20insights%20from%20leading%20health%20advocates%20on%20today%E2%80%99s%20most%20important%20health%20issues.%20In%20the%20premiere%20episode,%20Living%20Well%20with%20Alison%20Starling%20dives%20into%20the%20topic%20of%20menopause,%20an%20issue%20that%E2%80%99s%20shifting%20from%20whispers%20to%20open%20conversations.%20Listen%20in%20as%20two%20certified%20menopause%20practitioners%20from%20VHC%20Health%20and%20a%20renowned%20national%20expert%20discuss%20how%20today's%20culture%20is%20changing%20the%20conversation%20on%20hormone%20therapy%20and%20women%E2%80%99s%20health.%20Don%E2%80%99t%20miss%20out%20on%20this%20timely%20and%20informative%20conversation.%20Empower%20yourself%20with%20the%20knowledge%20to%20make%20informed%20decisions%20about%20your%20health.%20Listen%20anytime,%20anywhere,%20on%20your%20favorite%20podcast%20platform.%20Thank%20you%20again%20for%20being%20an%20integral%20part%20of%20VHC%20Health%20through%20your%20generosity.%20With%20gratitude,
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@19/16@8/6
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.16.195, 142.250.181.238, 74.125.133.84, 34.104.35.123, 216.58.206.35, 142.250.185.234, 142.250.185.170, 172.217.23.106, 142.250.184.202, 142.250.186.42, 142.250.186.170, 142.250.185.74, 142.250.185.202, 142.250.181.234, 172.217.18.10, 142.250.185.138, 216.58.206.42, 142.250.184.234, 216.58.212.138, 142.250.185.106, 172.217.16.138, 4.175.87.197, 192.229.221.95, 20.3.187.198, 87.248.204.0, 20.242.39.171, 93.184.221.240, 142.250.186.67
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, clientservices.googleapis.com, wu.azureedge.net, clients2.google.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, www.gstatic.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, accounts.google.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, ogads-pa.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, edgedl.me.gvt1.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://Dear%20Roxana,%20Because%20you%20are%20a%20dedicated%20supporter%20of%20VHC%20Health,%20Im%20excited%20to%20share%20with%20youbefore%20our%20official%20announcementour%20brand-new%20podcast,%20Living%20Well%20with%20Alison%20Starling,%20in%20partnership%20with%20the%20Washington%20Business%20Journal.%20Listen%20and%20Subscribe%20to%20Living%20Well%20Today%20%20%20%20%20Hosted%20by%20former%20ABC%207News%20anchor%20and%20Emmy%20Award%20winner%20Alison%20Starling,%20this%20series%20brings%20you%20exclusive%20insights%20from%20leading%20health%20advocates%20on%20todays%20most%20important%20health%20issues.%20In%20the%20premiere%20episode,%20Living%20Well%20with%20Alison%20Starling%20dives%20into%20the%20topic%20of%20menopause,%20an%20issue%20thats%20shifting%20from%20whispers%20to%20open%20conversations.%20Listen%20in%20as%20two%20certified%20menopause%20practitioners%20from%20VHC%20Health%20and%20a%20renowned%20national%20expert%20discuss%20how%20today's%20culture%20is%20changing%

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2287)
Category:	downloaded
Size (bytes):	173712
Entropy (8bit):	5.55565619706236
Encrypted:	false
SSDEEP:	3072://dcXloIqay3DxXEzmnBBBpELjm/N6pSkkn3KZ42cBk7SzCCdwDGslfjiCCctkDp://dcVoIqP3DxXEzmnBBBpELq/N6p/knh
MD5:	D0E0CBBDEA9D007C350823ECA43548B1
SHA1:	CF11E646D6EAA0DC1C83E99FB93F16647A2611A5
SHA-256:	8940C95C71EAFF7DCBB43BFAD06C66ADEA6D60D2D8F5C4CC879F931ED4FE5C0D
SHA-512:	29B886B57DEEC83AF96572254354C5FB5F5698118F1C97C1C6485EDDE9C6C0A3B51FF9F37BE1D90F6C9F7D9CF428C4AA1A637D2D12B2BCD419E11FFC31A61FEB
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.RRlsmNlDmQQ.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTv3Qzh6Ja6eSLzWU_FOQIMZM5uKUQ"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.oj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var pj,qj,sj,vj,yj,xj,rj,wj;pj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};qj=function(){_.Ka()};sj=function(){rj===void 0&&(rj=typeof WeakMap==="function"?pj(WeakMap):null);return rj};vj=function(a,b){(_.tj\|\|(_.tj=new rj)).set(a,b);(_.uj\|\|(_.uj=new rj)).set(b,a)};.yj=function(a){if(wj===void 0){const b=new xj([],{});wj=Array.prototype.concat.call([],b).length===1}wj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.zj=function(a,b,c,d){a=_.zb(a,b,c,d);return Array.isArray(a)?a:_.Rc};_.Aj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.Bj=function(a,b){a===0&&(a=_.Aj(a,b));return a\|1};_.Cj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.Dj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.Hj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3612)
Category:	downloaded
Size (bytes):	3617
Entropy (8bit):	5.840224572315371
Encrypted:	false
SSDEEP:	96:YNDhvli7Fd66666rGuZ67OZvq+U138zQffffo:SuFd66666rR67OZvPU138X
MD5:	529FB79FFFCCED0625BF26B7ED298B99
SHA1:	A7289F93A1FF8424E702C9609F073DA543EA6682
SHA-256:	21BC0918356262823F8AFB605F39563F7952E17854C745C6D97900EA45E12CBF
SHA-512:	07C3F7E8774150B18D94CC5BCF0EAF5C70D5403F0264E7AE5F8A4234C4743DE31A390D110829D037B59D4BFE6AFF4B06317C65F160DFFF5D46872A47454FBAF7
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["october ps plus games","kenley jansen","the simpsons series finale","toyota recalls","earth mini moon asteroid","schools closed for hurricane helene","nintendo switch successor","bo bassett whos number one"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CgovbS8wNXNfbm02EhtDdXJhw6dhb2FuIGJhc2ViYWxsIHBpdGNoZXIyuw9kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBQ0F3QURBQUFBQUFBQUFBQUFBQUFFQmdNRkJ3QUJBdi9FQURZUUFBSUJBZ1FEQkFnRUJ3QUFBQUFBQUFFQ0F3UVJBQVVTSVFZeFFSTlJZWEVVSWpKU2daR1NzUWNqTThFVlFsTnlvYkx4LzhRQUdBRUFBd0VCQUFBQUFBQUFBQUFBQU

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1885)
Category:	downloaded
Size (bytes):	126135
Entropy (8bit):	5.498654960721984
Encrypted:	false
SSDEEP:	3072:AkyvF6US20FCdrgVr3dfPeIofdhIUsTx0wVnX9Mb:AkygUS29rWPeIofdCVnX9Mb
MD5:	C299A572DF117831926BC3A0A25BA255
SHA1:	673F2AC4C7A41AB95FB14E2687666E81BC731E95
SHA-256:	F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
SHA-512:	B418A87A350DBC0DEF9FAF3BE4B910CB21AE6FFFC6749EECEA486E3EB603F5AF92F70B936C3D440009482EDE572EE9736422CF89DCDD2B758DFA829216049179
Malicious:	false
Reputation:	low
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);.var ba,fa,ha,na,oa,sa,ua,wa;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};fa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=ha(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&fa(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	133803
Entropy (8bit):	5.435842420130939
Encrypted:	false
SSDEEP:	1536:4ye3yNbcQePwnWklJTaOVcDALzUm8yDzeROGjHfudxY16NQn5oS8wmROLz6/n0kF:GjQVaOlLzwIzeROuHSY1QamwLz6P0kF
MD5:	61A691DB68B746A16973A5B2A002769F
SHA1:	2B9A0E688BFD14620F48F8EE6140FB23ABD14C75
SHA-256:	0CA4874CD95ACA8D9F7C4127353850C1787C26BDF6432B1E27E77FCC7FAA9538
SHA-512:	62E0BEF5F09EF2F903D9C9126DE947F03060B4B64B8A2F58E5306C1902881D831957DF2A5F481FEDDB8B3829C30E49CA5422700D546BF5E6551A1BF19C10794D
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Re gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3533581296433415
Encrypted:	false
SSDEEP:	96:mtOTKb1db1ZlNY5co7sRxiU0rqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT6TUvBrqig7mIg8IB8u88DA
MD5:	6776548F23C2A44FBD3C7343F0CB43E1
SHA1:	1E6871D4196BB00F0D161D5DC8872A8D940CEC30
SHA-256:	DDFC74A717ADCA6E6DB1BCF58D64FF7205F52BA4B61617A0137045088622C86E
SHA-512:	947B3AC76BC7B6DF6FD1C4AEA94E79D1E168E3B15BB4DC2A497E3DAFF60DAA58A490C89BA11A10910BB4B21C79A56CEAEDFFAE32A77D39E245422BE874BF7CF1
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.4FdvxZCaxZc.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTtcPh2nad5bIFFLwCKDWaAzlQEIJA"
Preview:	.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_F .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_F .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_F .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	19
Entropy (8bit):	3.6818808028034042
Encrypted:	false
SSDEEP:	3:VQRWN:VQRWN
MD5:	9FAE2B6737B98261777262B14B586F28
SHA1:	79C894898B2CED39335EB0003C18B27AA8C6DDCD
SHA-256:	F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
SHA-512:	29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/ddljson?async=ntp:2
Preview:	)]}'.{"ddljson":{}}

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2024 19:56:14.501821995 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 30, 2024 19:56:14.548717022 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 30, 2024 19:56:14.783112049 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 30, 2024 19:56:21.326440096 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:21.326482058 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:21.326546907 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:21.327219009 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:21.327231884 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.121104002 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.121175051 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:22.126864910 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:22.126876116 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.127186060 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.129085064 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:22.129142046 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:22.129147053 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.129276991 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:22.171406984 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.524743080 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.524907112 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.524959087 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:22.525129080 CEST	49713	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:22.525147915 CEST	443	49713	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:22.580033064 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:22.580080986 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:22.580144882 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:22.580487013 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:22.580501080 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.034837008 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.034893036 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.035003901 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.035273075 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.035283089 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.143796921 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.143846035 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.143907070 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.144306898 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.144352913 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.144565105 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.144576073 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.144598961 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.144768000 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.144777060 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.225378036 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.225657940 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.225677967 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.227101088 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.227158070 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.238516092 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.238704920 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.238810062 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.238823891 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.377083063 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.689512014 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.689696074 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.689774990 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.689817905 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.689836025 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.690104008 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.690160990 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.691207886 CEST	49716	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.691225052 CEST	443	49716	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.693535089 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.693816900 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.693881035 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.694940090 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.695033073 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.695358992 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.695435047 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.695540905 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.739411116 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.783010960 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.783389091 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.783407927 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.784466982 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.784542084 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.784893036 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.784954071 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.785141945 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.785149097 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.787990093 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.788175106 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.788187027 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.789238930 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.789304972 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.789608955 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.789673090 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.789690971 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.835397005 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.859980106 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.859998941 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.860028982 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.875591993 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.875603914 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.969353914 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:23.993510962 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.993678093 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:23.993743896 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.017829895 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.022336006 CEST	49717	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.022367954 CEST	443	49717	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.087932110 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.088058949 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.088162899 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.089220047 CEST	49718	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.089248896 CEST	443	49718	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.098676920 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.098725080 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.098754883 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.098788977 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.098812103 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.098829031 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.098848104 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.104844093 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.104882002 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.104935884 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.104940891 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.104985952 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.109987020 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.113224030 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.113257885 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.113301992 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.113307953 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.113352060 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.149744987 CEST	49673	443	192.168.2.6	173.222.162.64
Sep 30, 2024 19:56:24.165747881 CEST	49674	443	192.168.2.6	173.222.162.64
Sep 30, 2024 19:56:24.184910059 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.187252998 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.187330008 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.187341928 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.187864065 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.187920094 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.187928915 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.194544077 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.194627047 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.194633961 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.200612068 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.200704098 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.200716019 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.206814051 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.206917048 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.206923962 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.213325977 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.213427067 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.213433981 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.219213009 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.219314098 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.219322920 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.225424051 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.225524902 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.225531101 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.231611013 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.231694937 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.231700897 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.237751961 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.237863064 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.237869024 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.243889093 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.243978024 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.243983984 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.273570061 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.273613930 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.273647070 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.273678064 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.273701906 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.273710012 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.273763895 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.278301954 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.278367043 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.278419971 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.278424978 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.280826092 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.280884981 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.280889988 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.286479950 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.286557913 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.286565065 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.292614937 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.292696953 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.292701960 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.298769951 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.298860073 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.298865080 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.304302931 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.304378986 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.304383993 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.309516907 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.309587002 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.309592009 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.314448118 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.314517975 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.314522982 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.321099043 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.321172953 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.321182966 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.324482918 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.324544907 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.324549913 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.330275059 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.330359936 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.330364943 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.334630966 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.334727049 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.334732056 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.338064909 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.338129044 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.338133097 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.342709064 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.342772007 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.342777014 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.348207951 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.348278046 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.348282099 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.350518942 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.350578070 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.350581884 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.354705095 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.354772091 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.354775906 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.359910965 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.359966993 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.359971046 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.362302065 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.362334013 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.362370968 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.362375021 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.362422943 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.366290092 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.368443966 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.368526936 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.368531942 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.373601913 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.373635054 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.373668909 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.373675108 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.373735905 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.375514030 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.376254082 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.376295090 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.376302958 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.376307964 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.376348972 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.378134012 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.381807089 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.381870031 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.381875992 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.382790089 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.382829905 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.382834911 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.382843971 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.382886887 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.385996103 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.387444019 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.387499094 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.387502909 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.387713909 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.387758970 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.390783072 CEST	49672	443	192.168.2.6	173.222.162.64
Sep 30, 2024 19:56:24.446743965 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.482289076 CEST	49719	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.482311010 CEST	443	49719	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.705157042 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.705214024 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:24.705404043 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.705701113 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:24.705714941 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:25.484482050 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:25.485125065 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:25.485141993 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:25.485522032 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:25.486623049 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:25.486704111 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:25.531635046 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:25.932641029 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:25.932668924 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:25.932806015 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:25.935599089 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:25.935610056 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:26.125757933 CEST	443	49705	173.222.162.64	192.168.2.6
Sep 30, 2024 19:56:26.125855923 CEST	49705	443	192.168.2.6	173.222.162.64
Sep 30, 2024 19:56:26.316291094 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:26.316333055 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:26.316476107 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:26.317076921 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:26.317086935 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:26.581621885 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:26.581691027 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:26.585351944 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:26.585362911 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:26.585606098 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:26.625668049 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:26.972832918 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.016814947 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.087471962 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.087490082 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.088655949 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.088721991 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.116069078 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:27.120839119 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.120939016 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.121258974 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.121292114 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.163398027 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:27.167161942 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.278856993 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:27.278893948 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:27.278964996 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:27.279577971 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:27.279589891 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:27.302638054 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:27.303098917 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:27.303281069 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:27.308810949 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.308866024 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.308908939 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.308967113 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.308986902 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.309026957 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.309032917 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.328294992 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:27.328327894 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:27.328341961 CEST	49726	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:27.328349113 CEST	443	49726	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:27.359349012 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.359371901 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.386945963 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:27.386991978 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:27.387120008 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:27.387639999 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:27.387656927 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:27.406215906 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.524411917 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.524476051 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.524507999 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.524539948 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.524569988 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.524641037 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.524693012 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.525923014 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.525958061 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.525979996 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.525988102 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.526000977 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.526038885 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.526052952 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.526108027 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.526124001 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.527254105 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.527291059 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.527323008 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.527327061 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.527342081 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.527432919 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.529146910 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529200077 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529215097 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.529227018 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529247046 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529273033 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.529630899 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529660940 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529681921 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.529697895 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529742956 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529803038 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.529819012 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.529870033 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.530498028 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.530555010 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.530582905 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.530602932 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.530635118 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.530656099 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.530680895 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.531642914 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.531699896 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.531713963 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.532026052 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.532075882 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.532089949 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.532402992 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.532424927 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.532463074 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.532479048 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.532532930 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.532810926 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.533216953 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.533301115 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.533314943 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.533957958 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.534046888 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.534060955 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.534183979 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.534234047 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.534249067 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.534490108 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.534535885 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.534543991 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.535140038 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.535162926 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.535217047 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.535232067 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.535296917 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.535490990 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.535856962 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.535929918 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.535944939 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.536892891 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.536952019 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.536964893 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.542335987 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.542375088 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.542402029 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.542418003 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.542493105 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.547332048 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.552222013 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.552237988 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.552294970 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.552313089 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.552364111 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.556982994 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.561283112 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.561314106 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.561345100 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.561362982 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.561439037 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.565583944 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.569617987 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.569684982 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.569736004 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.569751978 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.570122957 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.573638916 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.577625990 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.577697992 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.577713966 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.581588030 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.581638098 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.581650972 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.585567951 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.585587025 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.585618973 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.585628033 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.585720062 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.588181019 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.590493917 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.590524912 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.590576887 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.590584993 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.590665102 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.592829943 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.595252037 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.595320940 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.595328093 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.595336914 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.595377922 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.597717047 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.600122929 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.600169897 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.600178003 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.600379944 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.600462914 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:27.600477934 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.600508928 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.600764990 CEST	49728	443	192.168.2.6	142.250.185.206
Sep 30, 2024 19:56:27.600780964 CEST	443	49728	142.250.185.206	192.168.2.6
Sep 30, 2024 19:56:28.000401974 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.020531893 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.020561934 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.021053076 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.021121025 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.021756887 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.021927118 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.032526016 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.032675028 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.042387962 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.042399883 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.042484999 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.087413073 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.173069000 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:28.173177004 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:28.176090956 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:28.176100016 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:28.176455021 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:28.179678917 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:28.223407030 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:28.264087915 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.264363050 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.264528990 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.265970945 CEST	49730	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:28.265993118 CEST	443	49730	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:28.452105999 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:28.452205896 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:28.452310085 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:28.456691027 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:28.456727982 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:28.456749916 CEST	49731	443	192.168.2.6	184.28.90.27
Sep 30, 2024 19:56:28.456758976 CEST	443	49731	184.28.90.27	192.168.2.6
Sep 30, 2024 19:56:29.282078981 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:29.282129049 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:29.282205105 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:29.283220053 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:29.283238888 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.098992109 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.099487066 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:30.099503040 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.099911928 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.100581884 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:30.100656033 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.100892067 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:30.100908041 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:30.100924015 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.120098114 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.120131016 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:30.120284081 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.121171951 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.121185064 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:30.347565889 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.348381996 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.348444939 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:30.349877119 CEST	49732	443	192.168.2.6	216.58.206.78
Sep 30, 2024 19:56:30.349898100 CEST	443	49732	216.58.206.78	192.168.2.6
Sep 30, 2024 19:56:30.910391092 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:30.910480976 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.912889957 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.912897110 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:30.913136005 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:30.915148020 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.915224075 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.915229082 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:30.915349960 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:30.959403038 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:31.096977949 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:31.097109079 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:31.097177982 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:31.097425938 CEST	49733	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:31.097445011 CEST	443	49733	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:35.398794889 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:35.398875952 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:35.398963928 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:35.829607964 CEST	49722	443	192.168.2.6	142.250.74.196
Sep 30, 2024 19:56:35.829634905 CEST	443	49722	142.250.74.196	192.168.2.6
Sep 30, 2024 19:56:44.196319103 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:44.196377993 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:44.196722031 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:44.197097063 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:44.197113037 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:44.984379053 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:44.984476089 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:44.990628958 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:44.990641117 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:44.991436958 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:44.993408918 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:44.993474960 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:44.993485928 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:44.993594885 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:45.035406113 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:45.163537025 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:45.163647890 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:56:45.163710117 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:45.163880110 CEST	49737	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:56:45.163896084 CEST	443	49737	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:07.899619102 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:07.899673939 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:07.899748087 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:07.901166916 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:07.901184082 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.731148005 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.731228113 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:08.733381033 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:08.733387947 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.733617067 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.735452890 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:08.735513926 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:08.735518932 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.735647917 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:08.783409119 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.909274101 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.909346104 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:08.909421921 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:08.909660101 CEST	49738	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:08.909681082 CEST	443	49738	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:24.776609898 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:24.776653051 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:24.776787043 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:24.777005911 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:24.777021885 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:25.409451008 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:25.409702063 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:25.409718037 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:25.410031080 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:25.410418034 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:25.410476923 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:25.453670979 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:35.025789022 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.025830030 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:35.029932022 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.030595064 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.030632973 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:35.314932108 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:35.314994097 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:35.315104008 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:35.460339069 CEST	49741	443	192.168.2.6	142.250.185.132
Sep 30, 2024 19:57:35.460370064 CEST	443	49741	142.250.185.132	192.168.2.6
Sep 30, 2024 19:57:35.937592030 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:35.937680006 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.939838886 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.939872980 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:35.940248013 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:35.942210913 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.942301989 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.942315102 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:35.942461014 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:35.983411074 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:36.116425037 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:36.116547108 CEST	443	49742	40.115.3.253	192.168.2.6
Sep 30, 2024 19:57:36.116609097 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:36.116801977 CEST	49742	443	192.168.2.6	40.115.3.253
Sep 30, 2024 19:57:36.116820097 CEST	443	49742	40.115.3.253	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 30, 2024 19:56:21.192745924 CEST	53	63084	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:21.206988096 CEST	53	62139	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:22.433897972 CEST	53	63120	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:22.565314054 CEST	61180	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:56:22.565361023 CEST	56886	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:56:22.575522900 CEST	53	56886	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:22.576080084 CEST	53	61180	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:26.276624918 CEST	64708	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:56:26.276949883 CEST	53	57937	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:26.277229071 CEST	61633	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:56:26.285573959 CEST	53	61633	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:26.286847115 CEST	53	64708	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:27.270967007 CEST	54665	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:56:27.271389961 CEST	64768	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:56:27.278213024 CEST	53	54665	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:27.278347969 CEST	53	64768	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:39.395488024 CEST	53	61701	1.1.1.1	192.168.2.6
Sep 30, 2024 19:56:58.586975098 CEST	53	50715	1.1.1.1	192.168.2.6
Sep 30, 2024 19:57:20.422976971 CEST	53	62326	1.1.1.1	192.168.2.6
Sep 30, 2024 19:57:21.466540098 CEST	53	62335	1.1.1.1	192.168.2.6
Sep 30, 2024 19:57:24.766932964 CEST	51967	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:57:24.767108917 CEST	64910	53	192.168.2.6	1.1.1.1
Sep 30, 2024 19:57:24.775017977 CEST	53	51967	1.1.1.1	192.168.2.6
Sep 30, 2024 19:57:24.775804996 CEST	53	64910	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 30, 2024 19:56:22.565314054 CEST	192.168.2.6	1.1.1.1	0x93d7	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:22.565361023 CEST	192.168.2.6	1.1.1.1	0x1665	Standard query (0)	www.google.com	65	IN (0x0001)	false
Sep 30, 2024 19:56:26.276624918 CEST	192.168.2.6	1.1.1.1	0xced0	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:26.277229071 CEST	192.168.2.6	1.1.1.1	0x7258	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Sep 30, 2024 19:56:27.270967007 CEST	192.168.2.6	1.1.1.1	0x2b61	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:27.271389961 CEST	192.168.2.6	1.1.1.1	0xdf92	Standard query (0)	play.google.com	65	IN (0x0001)	false
Sep 30, 2024 19:57:24.766932964 CEST	192.168.2.6	1.1.1.1	0x786a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:57:24.767108917 CEST	192.168.2.6	1.1.1.1	0xe079	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 30, 2024 19:56:22.575522900 CEST	1.1.1.1	192.168.2.6	0x1665	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 30, 2024 19:56:22.576080084 CEST	1.1.1.1	192.168.2.6	0x93d7	No error (0)	www.google.com		142.250.74.196	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:26.285573959 CEST	1.1.1.1	192.168.2.6	0x7258	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 30, 2024 19:56:26.286847115 CEST	1.1.1.1	192.168.2.6	0xced0	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Sep 30, 2024 19:56:26.286847115 CEST	1.1.1.1	192.168.2.6	0xced0	No error (0)	plus.l.google.com		142.250.185.206	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:27.278213024 CEST	1.1.1.1	192.168.2.6	0x2b61	No error (0)	play.google.com		216.58.206.78	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:35.836245060 CEST	1.1.1.1	192.168.2.6	0x3ec4	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 30, 2024 19:56:35.836245060 CEST	1.1.1.1	192.168.2.6	0x3ec4	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:36.844329119 CEST	1.1.1.1	192.168.2.6	0x26c8	No error (0)	windowsupdatebg.s.llnwi.net		87.248.204.0	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:54.606197119 CEST	1.1.1.1	192.168.2.6	0x74aa	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:56:54.606197119 CEST	1.1.1.1	192.168.2.6	0x74aa	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:57:24.775017977 CEST	1.1.1.1	192.168.2.6	0x786a	No error (0)	www.google.com		142.250.185.132	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:57:24.775804996 CEST	1.1.1.1	192.168.2.6	0xe079	No error (0)	www.google.com			65	IN (0x0001)	false
Sep 30, 2024 19:57:33.805738926 CEST	1.1.1.1	192.168.2.6	0x90a3	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Sep 30, 2024 19:57:33.805738926 CEST	1.1.1.1	192.168.2.6	0x90a3	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.google.com

apis.google.com

play.google.com

fs.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49713	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:22 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 57 41 43 39 4d 45 38 41 4d 30 43 6d 36 7a 42 68 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 35 63 30 36 65 32 31 35 39 35 31 33 66 32 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: WAC9ME8AM0Cm6zBh.1Context: d65c06e2159513f2
2024-09-30 17:56:22 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 17:56:22 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 57 41 43 39 4d 45 38 41 4d 30 43 6d 36 7a 42 68 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 35 63 30 36 65 32 31 35 39 35 31 33 66 32 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: WAC9ME8AM0Cm6zBh.2Context: d65c06e2159513f2<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-30 17:56:22 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 57 41 43 39 4d 45 38 41 4d 30 43 6d 36 7a 42 68 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 36 35 63 30 36 65 32 31 35 39 35 31 33 66 32 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: WAC9ME8AM0Cm6zBh.3Context: d65c06e2159513f2<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 17:56:22 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 17:56:22 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 62 62 37 47 43 52 35 58 59 55 61 72 6f 35 71 66 59 79 49 42 59 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: bb7GCR5XYUaro5qfYyIBYw.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49716	142.250.74.196	443	5208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:23 UTC	595	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 17:56:23 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 30 Sep 2024 17:56:23 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-EqE5_XD7B4ZQK4E0ht0E4w' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-30 17:56:23 UTC	124	IN	Data Raw: 65 32 31 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6f 63 74 6f 62 65 72 20 70 73 20 70 6c 75 73 20 67 61 6d 65 73 22 2c 22 6b 65 6e 6c 65 79 20 6a 61 6e 73 65 6e 22 2c 22 74 68 65 20 73 69 6d 70 73 6f 6e 73 20 73 65 72 69 65 73 20 66 69 6e 61 6c 65 22 2c 22 74 6f 79 6f 74 61 20 72 65 63 61 6c 6c 73 22 2c 22 65 61 72 74 68 20 6d 69 6e 69 20 6d 6f 6f 6e 20 61 73 74 65 72 6f Data Ascii: e21)]}'["",["october ps plus games","kenley jansen","the simpsons series finale","toyota recalls","earth mini moon astero
2024-09-30 17:56:23 UTC	1390	IN	Data Raw: 69 64 22 2c 22 73 63 68 6f 6f 6c 73 20 63 6c 6f 73 65 64 20 66 6f 72 20 68 75 72 72 69 63 61 6e 65 20 68 65 6c 65 6e 65 22 2c 22 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 20 73 75 63 63 65 73 73 6f 72 22 2c 22 62 6f 20 62 61 73 73 65 74 74 20 77 68 6f 73 20 6e 75 6d 62 65 72 20 6f 6e 65 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 Data Ascii: id","schools closed for hurricane helene","nintendo switch successor","bo bassett whos number one"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggest
2024-09-30 17:56:23 UTC	1390	IN	Data Raw: 72 62 6b 59 35 54 30 70 4c 59 33 6f 78 62 46 52 45 55 7a 41 77 56 57 4a 55 56 45 39 7a 59 31 6b 77 4f 44 4a 4b 63 30 31 49 56 58 63 76 53 30 6c 59 61 30 68 44 52 6c 70 75 61 6d 67 32 54 32 31 57 53 32 52 59 4d 48 52 56 55 30 35 77 56 55 68 33 4e 6d 73 72 57 48 68 30 5a 7a 4e 51 54 30 5a 68 64 6d 67 35 51 6b 4a 53 4d 57 4d 30 63 55 70 34 57 6d 68 47 52 56 68 58 5a 54 56 4b 53 56 5a 52 54 44 4e 47 64 54 64 69 52 33 46 61 56 57 78 47 55 56 46 48 61 48 41 79 56 6b 6b 32 55 6b 78 43 59 6c 63 78 51 55 46 46 64 44 51 7a 54 6e 6f 31 4d 33 68 45 54 47 35 6b 53 54 5a 78 65 6d 52 78 64 48 64 54 52 6a 42 48 4e 30 4d 76 55 44 68 42 5a 6b 4a 47 55 6d 49 32 62 48 63 79 63 33 70 49 53 32 5a 33 4e 33 4a 4c 62 55 52 30 53 79 74 56 55 54 46 6a 64 44 49 77 55 46 6c 6f 5a 6a Data Ascii: rbkY5T0pLY3oxbFREUzAwVWJUVE9zY1kwODJKc01IVXcvS0lYa0hDRlpuamg2T21WS2RYMHRVU05wVUh3NmsrWHh0ZzNQT0Zhdmg5QkJSMWM0cUp4WmhGRVhXZTVKSVZRTDNGdTdiR3FaVWxGUVFHaHAyVkk2UkxCYlcxQUFFdDQzTno1M3hETG5kSTZxemRxdHdTRjBHN0MvUDhBZkJGUmI2bHcyc3pIS2Z3N3JLbUR0SytVUTFjdDIwUFloZj
2024-09-30 17:56:23 UTC	720	IN	Data Raw: 47 31 69 55 6d 39 51 64 6d 5a 45 55 6c 45 78 65 6c 5a 6a 53 47 46 33 64 33 52 47 52 6e 6c 56 54 57 70 4e 65 6b 68 31 4e 6b 46 6d 55 48 70 30 61 54 42 73 52 6e 41 32 5a 6b 31 76 62 7a 4e 68 64 47 70 35 62 31 4e 6a 61 7a 42 4d 53 7a 6c 6f 4e 58 59 72 4d 6b 30 72 4e 47 78 68 55 6d 4d 7a 5a 48 42 4f 51 6b 78 76 63 6d 56 76 59 6e 46 6c 62 54 4e 35 65 48 45 79 59 33 52 4e 55 6d 39 69 56 48 41 31 62 46 56 31 62 30 68 74 65 44 49 72 4d 6b 31 71 4e 47 70 75 52 53 74 69 65 57 78 59 4d 58 46 6e 51 30 73 78 4e 7a 4e 42 4c 7a 64 71 61 44 56 70 64 55 38 79 51 54 6c 78 65 46 42 55 53 47 39 73 61 55 39 74 53 55 31 6a 51 6b 6b 32 4e 47 46 52 65 46 41 76 57 6a 6f 4e 53 32 56 75 62 47 56 35 49 45 70 68 62 6e 4e 6c 62 6b 6f 48 49 7a 4a 6d 4e 7a 55 33 4d 31 49 35 5a 33 4e 66 Data Ascii: G1iUm9QdmZEUlExelZjSGF3d3RGRnlVTWpNekh1NkFmUHp0aTBsRnA2Zk1vbzNhdGp5b1NjazBMSzloNXYrMk0rNGxhUmMzZHBOQkxvcmVvYnFlbTN5eHEyY3RNUm9iVHA1bFV1b0hteDIrMk1qNGpuRStieWxYMXFnQ0sxNzNBLzdqaDVpdU8yQTlxeFBUSG9saU9tSU1jQkk2NGFReFAvWjoNS2VubGV5IEphbnNlbkoHIzJmNzU3M1I5Z3Nf
2024-09-30 17:56:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49717	142.250.74.196	443	5208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:23 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 17:56:23 UTC	1042	IN	HTTP/1.1 200 OK Version: 679175731 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 30 Sep 2024 17:56:23 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-30 17:56:23 UTC	25	IN	Data Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a Data Ascii: 13)]}'{"ddljson":{}}
2024-09-30 17:56:23 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49719	142.250.74.196	443	5208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:23 UTC	498	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc= Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 17:56:24 UTC	1042	IN	HTTP/1.1 200 OK Version: 679175731 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 30 Sep 2024 17:56:24 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-30 17:56:24 UTC	348	IN	Data Raw: 32 30 31 61 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 33 64 20 67 62 5f 52 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 201a)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Re gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 Data Ascii: gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 2
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 Data Ascii: u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u0
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 Data Ascii: "0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 Data Ascii: -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 37 37 2c 33 37 30 31 33 38 31 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b Data Ascii: enu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700277,3701381,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};
2024-09-30 17:56:24 UTC	928	IN	Data Raw: 54 79 70 65 73 3b 5f 2e 5a 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 24 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 5a 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 57 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 59 67 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 5b 58 64 28 5c 22 64 61 74 61 5c 22 29 2c 58 64 28 5c 22 68 74 74 70 5c 22 29 2c 58 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 58 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 58 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 Data Ascii: Types;_.Zd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.$d\u003dnew _.Zd(\"about:invalid#zClosurez\");_.Wd\u003dclass{constructor(a){this.Yg\u003da}};_.ae\u003d[Xd(\"data\"),Xd(\"http\"),Xd(\"https\"),Xd(\"mailto\"),Xd(\"ftp\"),new
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 69 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 68 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 68 65 5c 75 30 30 33 64 67 65 28 29 29 3b 72 65 74 75 72 6e 20 68 65 7d 3b 5c 6e 5f 2e 6b 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 69 65 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 6a 65 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 6c 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 6a 65 29 72 65 74 75 72 6e 20 61 2e 69 3b Data Ascii: 8000})}catch(b){}return a};_.ie\u003dfunction(){he\u003d\u003d\u003dvoid 0\u0026\u0026(he\u003dge());return he};\n_.ke\u003dfunction(a){const b\u003d_.ie();return new _.je(b?b.createScriptURL(a):a)};_.le\u003dfunction(a){if(a instanceof _.je)return a.i;
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 69 66 28 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3b 65 6c 73 65 7b 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 3b 76 61 72 20 64 5c 75 30 30 33 64 62 7c 7c 63 3b 61 5c 75 30 30 33 64 64 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 5c 75 30 30 32 36 5c 75 30 30 32 36 64 2e 71 75 Data Ascii: turn typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db\|\|document;if(c.getElementsByClassName)a\u003dc.getElementsByClassName(a)[0];else{c\u003ddocument;var d\u003db\|\|c;a\u003dd.querySelectorAll\u0026\u0026d.qu
2024-09-30 17:56:24 UTC	1390	IN	Data Raw: 74 68 3a 5c 22 77 69 64 74 68 5c 22 7d 3b 5c 6e 5f 2e 44 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 2e 64 65 66 61 75 6c 74 56 69 65 77 3a 77 69 6e 64 6f 77 7d 3b 5f 2e 47 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 5b 31 5d 2c 64 5c 75 30 30 33 64 5f 2e 45 65 28 61 2c 53 74 72 69 6e 67 28 62 5b 30 5d 29 29 3b 63 5c 75 30 30 32 36 5c 75 30 30 32 36 28 74 79 70 65 6f 66 20 63 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 3a 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 63 29 3f 64 2e 63 6c 61 73 73 4e 61 6d 65 5c 75 30 30 33 64 63 2e 6a 6f 69 6e 28 5c 22 20 5c 22 29 3a Data Ascii: th:\"width\"};\n_.De\u003dfunction(a){return a?a.defaultView:window};_.Ge\u003dfunction(a,b){var c\u003db[1],d\u003d_.Ee(a,String(b[0]));c\u0026\u0026(typeof c\u003d\u003d\u003d\"string\"?d.className\u003dc:Array.isArray(c)?d.className\u003dc.join(\" \"):

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49718	142.250.74.196	443	5208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:23 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 17:56:24 UTC	957	IN	HTTP/1.1 200 OK Version: 679175731 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 30 Sep 2024 17:56:23 GMT Server: gws Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-09-30 17:56:24 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-09-30 17:56:24 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49726	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:27 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-30 17:56:27 UTC	467	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-neu-z1 Cache-Control: public, max-age=254963 Date: Mon, 30 Sep 2024 17:56:27 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49728	142.250.185.206	443	5208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:27 UTC	721	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEIucrNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 17:56:27 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 126135 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 26 Sep 2024 00:21:53 GMT Expires: Fri, 26 Sep 2025 00:21:53 GMT Cache-Control: public, max-age=31536000 Last-Modified: Fri, 06 Sep 2024 22:07:50 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 408874 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-09-30 17:56:27 UTC	474	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 66 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 75 61 2c 77 61 3b 62 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x800000, ]);var ba,fa,ha,na,oa,sa,ua,wa;ba=fun
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 Data Ascii: rn a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 62 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 75 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 Data Ascii: defined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:ba(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ua=typeof Object.assign=="function"?Object
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 30 3b 74 68 69 73 2e 51 72 3d 5b 5d 3b 74 68 69 73 2e 6a 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 58 64 61 29 2c 72 65 6a 65 63 74 3a 68 28 74 68 69 73 2e 56 4a 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 58 64 61 3d 66 75 6e 63 74 Data Ascii: 0;this.Qr=[];this.jV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Xda),reject:h(this.VJ)}};e.prototype.Xda=funct
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 6f 74 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 51 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 51 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 5a 4f 28 74 68 69 73 2e 51 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 51 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 44 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 6c 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 45 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 76 61 72 20 6c 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 2e 63 61 6c 6c 28 6b 2c 6c 2e 72 65 73 6f 6c 76 Data Ascii: ototype.G7=function(){if(this.Qr!=null){for(var h=0;h<this.Qr.length;++h)f.ZO(this.Qr[h]);this.Qr=null}};var f=new b;e.prototype.Dfa=function(h){var k=this.jF();h.ly(k.resolve,k.reject)};e.prototype.Efa=function(h,k){var l=this.jF();try{h.call(k,l.resolv
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 66 26 26 63 3c 65 3b 29 69 66 28 64 5b 63 2b 2b 5d 21 3d 62 5b 68 2b 2b 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 68 3e 3d 66 7d Data Ascii: regular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));for(var h=0;h<f&&c<e;)if(d[c++]!=b[h++])return!1;return h>=f}
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 73 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3a 76 6f 69 64 20 30 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 Data Ascii: this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return this};k.prototype.get=function(l){return c(l)&&sa(l,f)?l[f][this.Ga]:void 0};k.prototype.has=function(l){return c(l)&
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 78 74 2c 6b 2e 65 66 2e 6e 65 78 74 2e 55 6b 3d 0a 6b 2e 65 66 2e 55 6b 2c 6b 2e 65 66 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 55 6b 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 65 66 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 28 6b 3d 64 28 74 68 69 73 2c 6b 29 2e 65 66 29 26 26 6b 2e 76 61 6c 75 65 7d 3b 63 2e 70 72 6f 74 6f 74 Data Ascii: xt,k.ef.next.Uk=k.ef.Uk,k.ef.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Uk=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).ef};c.prototype.get=function(k){return(k=d(this,k).ef)&&k.value};c.protot
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 21 3d 34 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 Data Ascii: size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)return!1;f=e.next();return f.done\|\|f.value[0]==c\|\|f.value[0].x!=4\|\|f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var
2024-09-30 17:56:27 UTC	1390	IN	Data Raw: 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 29 3a 28 65 2d 3d 36 35 35 33 36 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 26 31 30 32 33 7c 35 36 33 32 30 29 29 7d 72 65 74 75 72 6e 20 63 7d 7d 29 3b 6e 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e Data Ascii: 14111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(e):(e-=65536,c+=String.fromCharCode(e>>>10&1023\|55296),c+=String.fromCharCode(e&1023\|56320))}return c}});na("Array.prototype.entries",function(a){return

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49730	216.58.206.78	443	5208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:28 UTC	706	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 913 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEIucrNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-09-30 17:56:28 UTC	913	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 32 37 37 31 38 39 38 34 39 35 33 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],373,[["1727718984953",null,null,null,
2024-09-30 17:56:28 UTC	937	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=JhqBsIlCAh3c1d2vx5F2_W4FMLZ6k-QqoqKAOvawNXw70XFFeUFAxbjz6fE2kGucZoHQyc1OSO6W9DGJDfb-AIGnm_D5njD5iPveNJMCVttE3Hgfo9H3lLR9xKY8vXqUZvO3gjVCtCk6EvsMVdp33eXekL5OWWfcHZizMMDeg93eIIGv9mk; expires=Tue, 01-Apr-2025 17:56:28 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 30 Sep 2024 17:56:28 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 30 Sep 2024 17:56:28 GMT Connection: close Transfer-Encoding: chunked
2024-09-30 17:56:28 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-09-30 17:56:28 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49731	184.28.90.27	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:28 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-09-30 17:56:28 UTC	515	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (lpl/EF06) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-weu-z1 Cache-Control: public, max-age=254906 Date: Mon, 30 Sep 2024 17:56:28 GMT Content-Length: 55 Connection: close X-CID: 2
2024-09-30 17:56:28 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.6	49732	216.58.206.78	443	5208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:30 UTC	903	OUT	POST /log?format=json&hasfast=true HTTP/1.1 Host: play.google.com Connection: keep-alive Content-Length: 918 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: application/x-www-form-urlencoded;charset=UTF-8 Accept: / Origin: chrome-untrusted://new-tab-page X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEIucrNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=518=JhqBsIlCAh3c1d2vx5F2_W4FMLZ6k-QqoqKAOvawNXw70XFFeUFAxbjz6fE2kGucZoHQyc1OSO6W9DGJDfb-AIGnm_D5njD5iPveNJMCVttE3Hgfo9H3lLR9xKY8vXqUZvO3gjVCtCk6EvsMVdp33eXekL5OWWfcHZizMMDeg93eIIGv9mk
2024-09-30 17:56:30 UTC	918	OUT	Data Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 32 37 37 31 38 39 38 36 38 37 32 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],373,[["1727718986872",null,null,null,
2024-09-30 17:56:30 UTC	945	IN	HTTP/1.1 200 OK Access-Control-Allow-Origin: chrome-untrusted://new-tab-page Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: X-Playlog-Web Set-Cookie: NID=518=Sme_NWYwh56_txbVh8DBeWaq8fGcIBjjBS5KEuj0JyJo6JOhAXNOSsj5PNB65UkQOTzrqnyaEDE7dOXf5qPadajKtjacIOaTcVJUzOs9U-tZ9zDDAj7cOyqU3kVvAwh_O65g7J57xcIVZR1WaLJPPcTArfTYj-fiGFJXb8bKivENYPW1r4cZvUFtetE; expires=Tue, 01-Apr-2025 17:56:30 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Content-Type: text/plain; charset=UTF-8 Date: Mon, 30 Sep 2024 17:56:30 GMT Server: Playlog Cache-Control: private X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Expires: Mon, 30 Sep 2024 17:56:30 GMT Connection: close Transfer-Encoding: chunked
2024-09-30 17:56:30 UTC	137	IN	Data Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-09-30 17:56:30 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port
10	192.168.2.6	49733	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:30 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 34 6d 64 79 51 4c 35 67 45 6b 61 4e 53 58 79 54 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 39 35 66 35 33 31 38 63 37 34 36 33 61 65 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 4mdyQL5gEkaNSXyT.1Context: d295f5318c7463ae
2024-09-30 17:56:30 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 17:56:30 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 34 6d 64 79 51 4c 35 67 45 6b 61 4e 53 58 79 54 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 39 35 66 35 33 31 38 63 37 34 36 33 61 65 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 4mdyQL5gEkaNSXyT.2Context: d295f5318c7463ae<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-30 17:56:30 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 34 6d 64 79 51 4c 35 67 45 6b 61 4e 53 58 79 54 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 64 32 39 35 66 35 33 31 38 63 37 34 36 33 61 65 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 4mdyQL5gEkaNSXyT.3Context: d295f5318c7463ae<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 17:56:31 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 17:56:31 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 30 7a 52 65 6d 50 36 77 79 55 4b 69 6c 58 32 67 68 4f 30 31 43 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 0zRemP6wyUKilX2ghO01Cg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
11	192.168.2.6	49737	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:56:44 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 31 4c 4e 46 41 72 4b 39 6c 30 75 70 32 59 45 33 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 64 35 65 65 66 37 63 62 65 61 61 39 30 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 1LNFArK9l0up2YE3.1Context: 1ad5eef7cbeaa90f
2024-09-30 17:56:44 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 17:56:44 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 31 4c 4e 46 41 72 4b 39 6c 30 75 70 32 59 45 33 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 64 35 65 65 66 37 63 62 65 61 61 39 30 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 1LNFArK9l0up2YE3.2Context: 1ad5eef7cbeaa90f<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-30 17:56:44 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 31 4c 4e 46 41 72 4b 39 6c 30 75 70 32 59 45 33 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 31 61 64 35 65 65 66 37 63 62 65 61 61 39 30 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 1LNFArK9l0up2YE3.3Context: 1ad5eef7cbeaa90f<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 17:56:45 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 17:56:45 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 36 54 6b 37 6a 72 50 75 48 55 4f 72 4c 56 51 5a 33 69 39 4a 74 67 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 6Tk7jrPuHUOrLVQZ3i9Jtg.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
12	192.168.2.6	49738	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:57:08 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 38 38 52 31 36 55 50 67 30 4f 78 56 4f 4f 76 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 34 37 37 33 61 32 65 30 39 31 61 64 63 66 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: I88R16UPg0OxVOOv.1Context: bd4773a2e091adcf
2024-09-30 17:57:08 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 17:57:08 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 38 38 52 31 36 55 50 67 30 4f 78 56 4f 4f 76 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 34 37 37 33 61 32 65 30 39 31 61 64 63 66 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: I88R16UPg0OxVOOv.2Context: bd4773a2e091adcf<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-30 17:57:08 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 38 38 52 31 36 55 50 67 30 4f 78 56 4f 4f 76 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 62 64 34 37 37 33 61 32 65 30 39 31 61 64 63 66 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: I88R16UPg0OxVOOv.3Context: bd4773a2e091adcf<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 17:57:08 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 17:57:08 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 34 6f 69 76 4c 57 62 74 79 55 71 71 63 58 54 77 64 36 78 67 58 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 4oivLWbtyUqqcXTwd6xgXQ.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port
13	192.168.2.6	49742	40.115.3.253	443

Timestamp	Bytes transferred	Direction	Data
2024-09-30 17:57:35 UTC	71	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 39 63 74 58 6d 41 63 44 34 30 2b 7a 34 2f 46 69 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 64 63 35 65 66 64 39 37 65 30 39 30 38 65 36 0d 0a 0d 0a Data Ascii: CNT 1 CON 305MS-CV: 9ctXmAcD40+z4/Fi.1Context: edc5efd97e0908e6
2024-09-30 17:57:35 UTC	249	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-09-30 17:57:35 UTC	1084	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 39 63 74 58 6d 41 63 44 34 30 2b 7a 34 2f 46 69 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 64 63 35 65 66 64 39 37 65 30 39 30 38 65 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 54 6e 52 55 58 43 64 33 71 65 79 52 46 31 6e 45 33 76 2b 6b 4c 56 59 46 55 53 62 48 68 69 74 69 50 63 45 2f 78 65 79 37 32 68 58 4b 2f 38 38 61 70 4b 56 56 64 70 57 73 41 6f 69 6f 36 63 4e 76 54 33 37 7a 47 35 53 5a 41 52 44 6c 37 37 71 2b 43 57 79 6c 32 50 4d 31 4e 50 6c 30 72 67 78 6a 5a 75 66 39 4c 64 43 66 59 64 6e 38 Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: 9ctXmAcD40+z4/Fi.2Context: edc5efd97e0908e6<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATTnRUXCd3qeyRF1nE3v+kLVYFUSbHhitiPcE/xey72hXK/88apKVVdpWsAoio6cNvT37zG5SZARDl77q+CWyl2PM1NPl0rgxjZuf9LdCfYdn8
2024-09-30 17:57:35 UTC	218	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 39 63 74 58 6d 41 63 44 34 30 2b 7a 34 2f 46 69 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 65 64 63 35 65 66 64 39 37 65 30 39 30 38 65 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: 9ctXmAcD40+z4/Fi.3Context: edc5efd97e0908e6<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-09-30 17:57:36 UTC	14	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2024-09-30 17:57:36 UTC	58	IN	Data Raw: 4d 53 2d 43 56 3a 20 35 34 78 6b 79 75 76 76 37 6b 4f 55 50 79 49 4a 4f 30 37 38 39 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: 54xkyuvv7kOUPyIJO0789Q.0Payload parsing failed.

Target ID:	0
Start time:	13:56:15
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	13:56:18
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 --field-trial-handle=2016,i,9884357908905585262,13301633652303811183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	13:56:21
Start date:	30/09/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "http://Dear%20Roxana,%20Because%20you%20are%20a%20dedicated%20supporter%20of%20VHC%20Health,%20I m%20excited%20to%20share%20with%20you before%20our%20official%20announcement our%20brand-new%20podcast,%20Living%20Well%20with%20Alison%20Starling,%20in%20partnership%20with%20the%20Washington%20Business%20Journal.%20Listen%20and%20Subscribe%20to%20Living%20Well%20Today%20 %20%20%20%20Hosted%20by%20former%20ABC%207News%20anchor%20and%20Emmy%20Award%20winner%20Alison%20Starling,%20this%20series%20brings%20you%20exclusive%20insights%20from%20leading%20health%20advocates%20on%20today s%20most%20important%20health%20issues.%20In%20the%20premiere%20episode,%20Living%20Well%20with%20Alison%20Starling%20dives%20into%20the%20topic%20of%20menopause,%20an%20issue%20that s%20shifting%20from%20whispers%20to%20open%20conversations.%20Listen%20in%20as%20two%20certified%20menopause%20practitioners%20from%20VHC%20Health%20and%20a%20renowned%20national%20expert%20discuss%20how%20today's%20culture%20is%20changing%20the%20conversation%20on%20hormone%20therapy%20and%20women s%20health.%20Don t%20miss%20out%20on%20this%20timely%20and%20informative%20conversation.%20Empower%20yourself%20with%20the%20knowledge%20to%20make%20informed%20decisions%20about%20your%20health.%20Listen%20anytime,%20anywhere,%20on%20your%20favorite%20podcast%20platform.%20Thank%20you%20again%20for%20being%20an%20integral%20part%20of%20VHC%20Health%20through%20your%20generosity.%20With%20gratitude,"
Imagebase:	0x7ff684c40000
File size:	3'242'272 bytes
MD5 hash:	5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIkqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253
Source: unknown	TCP traffic detected without corresponding DNS query: 40.115.3.253

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5332, Parent PID: 6072

General

Chronological Activities

Analysis Process: chrome.exePID: 5208, Parent PID: 5332

General

Chronological Activities

Analysis Process: chrome.exePID: 6928, Parent PID: 6072

General

Chronological Activities