Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://www.dropbox.com%2Fl%2Fscl%2FAAAOnEp5m00KwtoojBmhj8fUchpsRJFe9CM&tid=402b15a5-7cb9-4d1b-85a3-49542f8bd230

Overview

General Information

Sample URL:https://www.dropbox.com%2Fl%2Fscl%2FAAAOnEp5m00KwtoojBmhj8fUchpsRJFe9CM&tid=402b15a5-7cb9-4d1b-85a3-49542f8bd230
Analysis ID:1523247
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 3884 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
    • chrome.exe (PID: 1036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2536,i,6631029011828879986,6212982866221514102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • chrome.exe (PID: 3412 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.dropbox.com%2Fl%2Fscl%2FAAAOnEp5m00KwtoojBmhj8fUchpsRJFe9CM&tid=402b15a5-7cb9-4d1b-85a3-49542f8bd230" MD5: 5BBFA6CBDF4C254EB368D534F9E23C92)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49736 version: TLS 1.0
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: unknownHTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49736 version: TLS 1.0
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknownTCP traffic detected without corresponding DNS query: 173.222.162.64
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vvy2LUWbdSoShkB&MD=54Pk3Lau HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vvy2LUWbdSoShkB&MD=54Pk3Lau HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: unknownHTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1Host: play.google.comConnection: keep-aliveContent-Length: 923sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/x-www-form-urlencoded;charset=UTF-8Accept: */*Origin: chrome-untrusted://new-tab-pageX-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_50.2.drString found in binary or memory: http://www.broofa.com
Source: chromecache_47.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_47.2.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_47.2.dr, chromecache_50.2.drString found in binary or memory: https://apis.google.com
Source: chromecache_47.2.drString found in binary or memory: https://clients6.google.com
Source: chromecache_47.2.drString found in binary or memory: https://content.googleapis.com
Source: chromecache_47.2.drString found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: chromecache_47.2.drString found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_50.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_50.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_50.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_50.2.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_50.2.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_47.2.drString found in binary or memory: https://plus.google.com
Source: chromecache_47.2.drString found in binary or memory: https://plus.googleapis.com
Source: chromecache_47.2.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_47.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_47.2.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_50.2.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_50.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_50.2.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49713 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.6:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49738 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknownHTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.113.110.67:443 -> 192.168.2.6:49743 version: TLS 1.2
Source: classification engineClassification label: clean0.win@19/16@6/5
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2536,i,6631029011828879986,6212982866221514102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.dropbox.com%2Fl%2Fscl%2FAAAOnEp5m00KwtoojBmhj8fUchpsRJFe9CM&tid=402b15a5-7cb9-4d1b-85a3-49542f8bd230"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2536,i,6631029011828879986,6212982866221514102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management InstrumentationPath Interception1
Process Injection		1
Process Injection		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsRootkitLSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
play.google.com0%VirustotalBrowse
www.google.com0%VirustotalBrowse
bg.microsoft.map.fastly.net0%VirustotalBrowse
plus.l.google.com0%VirustotalBrowse
fp2e7a.wpc.phicdn.net0%VirustotalBrowse
apis.google.com0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://www.broofa.com0%URL Reputationsafe
https://csp.withgoogle.com/csp/lcreport/0%URL Reputationsafe
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_00%URL Reputationsafe
https://apis.google.com0%URL Reputationsafe
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=10%URL Reputationsafe
https://domains.google.com/suggest/flow0%URL Reputationsafe
https://www.google.com/async/newtab_promos0%VirustotalBrowse
https://play.google.com/log?format=json&hasfast=true0%VirustotalBrowse
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:01%VirustotalBrowse
https://www.google.com/async/ddljson?async=ntp:20%VirustotalBrowse
https://clients6.google.com0%VirustotalBrowse
https://plus.google.com0%VirustotalBrowse
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw0%VirustotalBrowse

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
bg.microsoft.map.fastly.net
199.232.210.172
truefalseunknown
plus.l.google.com
142.250.186.174
truefalseunknown
play.google.com
216.58.206.78
truefalseunknown
www.google.com
142.250.185.132
truefalseunknown
fp2e7a.wpc.phicdn.net
192.229.221.95
truefalseunknown
apis.google.com
unknown
unknownfalseunknown

Contacted URLs

NameMaliciousAntivirus DetectionReputation
https://www.google.com/async/ddljson?async=ntp:2falseunknown
https://play.google.com/log?format=json&hasfast=truefalseunknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalseunknown
https://www.google.com/async/newtab_promosfalseunknown
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0falseunknown
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0false
  • URL Reputation: safe
unknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.broofa.comchromecache_50.2.drfalse
  • URL Reputation: safe
unknown
https://csp.withgoogle.com/csp/lcreport/chromecache_47.2.drfalse
  • URL Reputation: safe
unknown
https://apis.google.comchromecache_47.2.dr, chromecache_50.2.drfalse
  • URL Reputation: safe
unknown
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1chromecache_47.2.drfalse
  • URL Reputation: safe
unknown
https://domains.google.com/suggest/flowchromecache_47.2.drfalse
  • URL Reputation: safe
unknown
https://clients6.google.comchromecache_47.2.drfalseunknown
https://plus.google.comchromecache_47.2.drfalseunknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
239.255.255.250
unknownReserved
unknownunknownfalse
142.250.186.174
plus.l.google.comUnited States
15169GOOGLEUSfalse
216.58.206.78
play.google.comUnited States
15169GOOGLEUSfalse
142.250.185.132
www.google.comUnited States
15169GOOGLEUSfalse

Private

IP
192.168.2.6

General Information

Joe Sandbox version:41.0.0 Charoite
Analysis ID:1523247
Start date and time:2024-10-01 10:54:56 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 7s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:https://www.dropbox.com%2Fl%2Fscl%2FAAAOnEp5m00KwtoojBmhj8fUchpsRJFe9CM&tid=402b15a5-7cb9-4d1b-85a3-49542f8bd230
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:8
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean0.win@19/16@6/5
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0

Warnings

  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 142.250.184.227, 142.250.185.174, 173.194.76.84, 34.104.35.123, 142.250.185.227, 142.250.186.74, 142.250.74.202, 142.250.186.106, 142.250.186.42, 172.217.16.202, 142.250.185.202, 216.58.212.170, 216.58.206.74, 142.250.184.234, 142.250.185.170, 172.217.18.10, 142.250.185.234, 142.250.181.234, 216.58.206.42, 142.250.184.202, 142.250.186.170, 192.229.221.95, 20.242.39.171, 2.16.100.168, 88.221.110.91, 13.95.31.18, 142.250.186.67
  • Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, clientservices.googleapis.com, ogads-pa.googleapis.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, fe3.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, ocsp.digicert.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, wu-b-net.trafficmanager.net
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtSetInformationFile calls found.
  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

Chrome Cache Entry: 45

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text, with very long lines (3775)
Category:downloaded
Size (bytes):3780
Entropy (8bit):5.853908938105037
Encrypted:false
SSDEEP:96:0+lihH6666nVdr7bmHHgbwf/q61TyoWdNO57dsRBqfD22X94fffffo:0UqH6666nfr273q61WOrsmD2+9/
MD5:1303FD745F76D20FD9ABF0C5BDEEDABD
SHA1:36B66BA1B4A966A9345B7B0C20BA02DCD46998F4
SHA-256:D961B91A43C2183F64A2F8CB14FE4A91A0F67133EA4CC7F113100CA1D29A0986
SHA-512:17FB49DD5F6545BCEFAE74AF9BCB4C12EAF759F20007E66663649212CEE6772A86B27E9BA7A3BD09551ED60F5F382A4F0FCC01CE3472D900A440CE423C06B078
Malicious:false
Reputation:low
URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:)]}'.["",["megalopolis movie francis ford coppola","st louis cardinals press conference","social security cola increase 2025","earth mini moon asteroid","starfield dlc shattered space","erika diarte carr funeral","san jose state boise state volleyball","october ssi payment social security"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"google:entityinfo":"Cg0vZy8xMWZ3NTR2eTFmEhlNZWdhbG9wb2xpcyDigJQgMjAyNCBmaWxtMs8PZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQURBUUVCQVFFQUFBQUFBQUFBQUFBREJRWUhCQUlCQVAvRUFEZ1FBQUlCQWdRREJBY0ZDUUFBQUFBQUFBRUNBd1FSQUFVU0lRWXhRU0pSWVhFVFFvR1

Chrome Cache Entry: 46

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text
Category:downloaded
Size (bytes):29
Entropy (8bit):3.9353986674667634
Encrypted:false
SSDEEP:3:VQAOx/1n:VQAOd1n
MD5:6FED308183D5DFC421602548615204AF
SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:false
Reputation:low
URL:https://www.google.com/async/newtab_promos
Preview:)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 47

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text, with very long lines (1885)
Category:downloaded
Size (bytes):126135
Entropy (8bit):5.498654960721984
Encrypted:false
SSDEEP:3072:AkyvF6US20FCdrgVr3dfPeIofdhIUsTx0wVnX9Mb:AkygUS29rWPeIofdCVnX9Mb
MD5:C299A572DF117831926BC3A0A25BA255
SHA1:673F2AC4C7A41AB95FB14E2687666E81BC731E95
SHA-256:F847294692483E4B7666C0F98CBE2BD03B86AE27B721CAE332FEB26223DDE9FC
SHA-512:B418A87A350DBC0DEF9FAF3BE4B910CB21AE6FFFC6749EECEA486E3EB603F5AF92F70B936C3D440009482EDE572EE9736422CF89DCDD2B758DFA829216049179
Malicious:false
Reputation:low
URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0"
Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x800000, ]);.var ba,fa,ha,na,oa,sa,ua,wa;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};fa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=ha(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&fa(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r

Chrome Cache Entry: 48

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text, with very long lines (65531)
Category:downloaded
Size (bytes):134072
Entropy (8bit):5.434952686831769
Encrypted:false
SSDEEP:1536:4yeWyNb6WVPonW05leK51Md+Y6UikWZIPczWW8aZgc1O0xY16NQY5ox+4+QLz6/v:btWYeQMdjhgzWW8ai4PY1QF4bLz6P0k9
MD5:3F735119708EBC675D6B09B7B6A67CBD
SHA1:C6EC683BE26A0C74E92F5B8853AF574F5C40910C
SHA-256:80FA17E7F74B69D42EA9A23CF45E69AA2C2A4C9FE211EFBE8D3BAC7CF099DB01
SHA-512:569EC3B9EE87CF31F5ED60BBF6A05FD8C566B14920169A960D4148005BDF22B6962D618E2F6B43680296617208F24ABD9004FF55587DAAD704B14A05309B9CCB
Malicious:false
Reputation:low
URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Re gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 49

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:SVG Scalable Vector Graphics image
Category:downloaded
Size (bytes):1660
Entropy (8bit):4.301517070642596
Encrypted:false
SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:554640F465EB3ED903B543DAE0A1BCAC
SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:false
Reputation:low
URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 50

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text, with very long lines (2287)
Category:downloaded
Size (bytes):173897
Entropy (8bit):5.55533403400538
Encrypted:false
SSDEEP:3072:J7KUBoDyPG7KugZayjBB19HDw2Y5BndTr5WnVrdTSB55pHzAIJr8P6Lqg6psFzPf:J7KvDmG+ugZayjBB19HDZY5BnBr5WnV2
MD5:7E72E82308A3FBA94B275631316B47EC
SHA1:30C09510C11E807FA7D9D14246CD24574BC373A4
SHA-256:EA3EC3E26DDD02EA022418261A6CFC6DBFB5B994DC064BAA8D14C448ED96649C
SHA-512:7B74D1EF30E8B9D55D52DF82BBE1E9EF88EBF33B1464DF45139FB53E3D205963A82331D508494CCB2B2AF4B82F647FB134F2FD8FD97C35CEE035B3AA0765BD0B
Malicious:false
Reputation:low
URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.cUpXqrd4NA0.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTsLF9xo3cxDRYfLOKQnh9oZJqzzrA"
Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.kj=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var lj,mj,oj,rj,uj,tj,nj,sj;lj=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};mj=function(){_.Ka()};oj=function(){nj===void 0&&(nj=typeof WeakMap==="function"?lj(WeakMap):null);return nj};rj=function(a,b){(_.pj||(_.pj=new nj)).set(a,b);(_.qj||(_.qj=new nj)).set(b,a)};.uj=function(a){if(sj===void 0){const b=new tj([],{});sj=Array.prototype.concat.call([],b).length===1}sj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.vj=function(a,b,c,d){a=_.zb(a,b,c,d);return Array.isArray(a)?a:_.Nc};_.wj=function(a,b){a=(2&b?a|2:a&-3)|32;return a&=-2049};_.xj=function(a,b){a===0&&(a=_.wj(a,b));return a|1};_.yj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.zj=function(a,b,c){32&b&&c||(a&=-33);return a};._.Dj=function(a,b,c,d,e,f,g){const h=a.ha;var k=!!(2&b);e=k?

Chrome Cache Entry: 51

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text, with very long lines (5162), with no line terminators
Category:downloaded
Size (bytes):5162
Entropy (8bit):5.3533581296433415
Encrypted:false
SSDEEP:96:mtOTKb1db1ZlNY5co7sRxiU0rqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT6TUvBrqig7mIg8IB8u88DA
MD5:6776548F23C2A44FBD3C7343F0CB43E1
SHA1:1E6871D4196BB00F0D161D5DC8872A8D940CEC30
SHA-256:DDFC74A717ADCA6E6DB1BCF58D64FF7205F52BA4B61617A0137045088622C86E
SHA-512:947B3AC76BC7B6DF6FD1C4AEA94E79D1E168E3B15BB4DC2A497E3DAFF60DAA58A490C89BA11A10910BB4B21C79A56CEAEDFFAE32A77D39E245422BE874BF7CF1
Malicious:false
Reputation:low
URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.QEmFiQX-ROw.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuqAa7PW703tsRdQnFgFKMOuHOagg"
Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_F .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_F .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_F .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 52

Download File
Process:C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:ASCII text
Category:downloaded
Size (bytes):19
Entropy (8bit):3.6818808028034042
Encrypted:false
SSDEEP:3:VQRWN:VQRWN
MD5:9FAE2B6737B98261777262B14B586F28
SHA1:79C894898B2CED39335EB0003C18B27AA8C6DDCD
SHA-256:F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
SHA-512:29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
Malicious:false
Reputation:low
URL:https://www.google.com/async/ddljson?async=ntp:2
Preview:)]}'.{"ddljson":{}}

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

TimestampSource PortDest PortSource IPDest IP
Oct 1, 2024 10:55:42.965091944 CEST49674443192.168.2.6173.222.162.64
Oct 1, 2024 10:55:42.965235949 CEST49673443192.168.2.6173.222.162.64
Oct 1, 2024 10:55:43.199525118 CEST49672443192.168.2.6173.222.162.64
Oct 1, 2024 10:55:51.391047955 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:51.391073942 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:51.391124010 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:51.391768932 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:51.391781092 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.177567005 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.177635908 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:52.183614016 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:52.183633089 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.183868885 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.185780048 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:52.185892105 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:52.185899973 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.186044931 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:52.231411934 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.362837076 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.363002062 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.363058090 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:52.363181114 CEST49713443192.168.2.640.113.110.67
Oct 1, 2024 10:55:52.363198042 CEST4434971340.113.110.67192.168.2.6
Oct 1, 2024 10:55:52.635102034 CEST49673443192.168.2.6173.222.162.64
Oct 1, 2024 10:55:52.666356087 CEST49674443192.168.2.6173.222.162.64
Oct 1, 2024 10:55:52.863734007 CEST49672443192.168.2.6173.222.162.64
Oct 1, 2024 10:55:53.120069027 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.120089054 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.120237112 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.120470047 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.120481014 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.451806068 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.451864004 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.451952934 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.452209949 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.452227116 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.548410892 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.548461914 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.548527002 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.548825979 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.548842907 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.593426943 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.593466997 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.593585014 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.593803883 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.593817949 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.755727053 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.756020069 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.756028891 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.757009029 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.757075071 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.761349916 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.761411905 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.761535883 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:53.761543989 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:53.869826078 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.055680037 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.055731058 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.055763960 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.055835962 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.055846930 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.055918932 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.057224035 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.057312012 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.057398081 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.057996988 CEST49716443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.058005095 CEST44349716142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.109426975 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.109792948 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.109819889 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.111257076 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.111321926 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.112680912 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.112765074 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.112855911 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.112868071 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.166564941 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.186636925 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.187402964 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.187432051 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.188508987 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.188564062 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.190574884 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.190649986 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.193239927 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.193258047 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.228008032 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.228621960 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.228641033 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.229657888 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.229716063 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.231584072 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.231654882 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.232492924 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.232500076 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.244682074 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.281471968 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.406416893 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.406697989 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.406748056 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.415241957 CEST49717443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.415266037 CEST44349717142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.451141119 CEST44349705173.222.162.64192.168.2.6
Oct 1, 2024 10:55:54.451237917 CEST49705443192.168.2.6173.222.162.64
Oct 1, 2024 10:55:54.502991915 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.503045082 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.503077984 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.503107071 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.503106117 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.503142118 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.503165007 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.510333061 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.510375023 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.510385990 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.510396957 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.510432005 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.510440111 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.514441967 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.514475107 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.514492989 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.514501095 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.514544964 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.560539007 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.572664022 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.572721004 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.575875998 CEST49720443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.575891972 CEST44349720142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.588671923 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.588777065 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.588830948 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.588851929 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.591723919 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.591767073 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.591774940 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.597956896 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.598040104 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.598047972 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.604326010 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.604393959 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.604403019 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.610450029 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.610507011 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.610516071 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.616625071 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.616681099 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.616689920 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.622629881 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.622682095 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.622689009 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.628576040 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.628626108 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.628633022 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.634427071 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.634476900 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.634486914 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.640486956 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.640532970 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.640542030 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.646255970 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.646307945 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.646315098 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.677150965 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.677190065 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.677218914 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.677220106 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.677234888 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.677274942 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.680246115 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.680310965 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.680320024 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.680397987 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.680474997 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.680485010 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.683329105 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.683381081 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.683393955 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.689208984 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.689270020 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.689277887 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.695072889 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.695125103 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.695132017 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.700851917 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.700936079 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.700942993 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.706722021 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.706887960 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.706896067 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.711922884 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.711981058 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.711987972 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.717128038 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.717160940 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.717173100 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.717185020 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.717231989 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.722309113 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.727808952 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.727844954 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.727890968 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.727910995 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.727956057 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.732580900 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.737212896 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.737258911 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.737396002 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.737406969 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.737445116 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.741555929 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.745729923 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.745770931 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.745799065 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.745821953 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.745912075 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.749953985 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.753915071 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.753947973 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.754017115 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.754026890 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.754096985 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.757956028 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.761651039 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.761707067 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.761754036 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.761764050 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.761826992 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.765424967 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.769375086 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.769413948 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.769419909 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.769428968 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.769468069 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.769474030 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.771703959 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.771748066 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.771754980 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.774056911 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.774096012 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.774102926 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.776472092 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.776556015 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.776566029 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.778808117 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.778873920 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.778882027 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.780950069 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.781001091 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.781008959 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.783294916 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.783387899 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.783395052 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.785681963 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.785753012 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.785761118 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.787872076 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.787926912 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.787935019 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.790366888 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.790421009 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.790426970 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.792709112 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:54.792769909 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.793071032 CEST49718443192.168.2.6142.250.185.132
Oct 1, 2024 10:55:54.793087006 CEST44349718142.250.185.132192.168.2.6
Oct 1, 2024 10:55:56.564636946 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:56.564687967 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:56.564752102 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:56.565710068 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:56.565728903 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:56.683619976 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:56.683660984 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:56.683733940 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:56.685626984 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:56.685642004 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.217010021 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.217298985 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.217324018 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.218389988 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.218451023 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.343457937 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.343540907 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.346076012 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.346088886 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.346323013 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.363218069 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.363310099 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.363375902 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.400870085 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.407397985 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.416731119 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.417289019 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.417304993 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.463398933 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.464169979 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.484340906 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:57.484374046 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:57.484570026 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:57.484999895 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:57.485009909 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:57.547467947 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.547513962 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.547544003 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.547575951 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.547595024 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.547622919 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.547636986 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.553587914 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.553642035 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.553649902 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.553682089 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.553730965 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.553738117 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.559858084 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.559904099 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.559912920 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.566149950 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.566230059 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.566239119 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.619517088 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.619599104 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.619668961 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.620421886 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.637917042 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.638034105 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.638058901 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.638094902 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.638123035 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.638164043 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.643323898 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.649475098 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.649503946 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.649529934 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.649540901 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.649585009 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.655791044 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.662127018 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.662153006 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.662168980 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.662179947 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.662220955 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.668364048 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.674280882 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.674313068 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.674334049 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.674344063 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.674562931 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.680125952 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.686049938 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.686080933 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.686172009 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.686187983 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.686227083 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.691934109 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.697851896 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.697890043 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.698060036 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.698069096 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.698178053 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.703803062 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.728550911 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.728580952 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.728605986 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.728610992 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.728621960 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.728658915 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.728667974 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.728707075 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.729295015 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.734914064 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.734950066 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.734955072 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.734966993 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.735006094 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.740881920 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.740921021 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.740972042 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.740983963 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.746639013 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.746686935 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.746696949 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.752557993 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.752661943 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.752670050 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.757841110 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.757899046 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.757906914 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.763082981 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.763380051 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.763411045 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.768495083 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.768565893 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.768590927 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.773765087 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.773819923 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.773843050 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.778392076 CEST49727443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.778419018 CEST44349727184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.778734922 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.778778076 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.778786898 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.783339024 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.783405066 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.783415079 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.787678003 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.787779093 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.787787914 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.792062044 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.792102098 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.792110920 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.795973063 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.796050072 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.796058893 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.800152063 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.800231934 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.800240040 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.804035902 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.804302931 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.804311037 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.807883978 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.807995081 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.808001041 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.811641932 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.811866045 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.811876059 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.815584898 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.815640926 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.815650940 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.818715096 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.818782091 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.818789959 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.820230961 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.820292950 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.820300102 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.822957039 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.822999001 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.823007107 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.824913025 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.824973106 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.824980021 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.827334881 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.827393055 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.827399015 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.829679012 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.829812050 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.829828978 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.829854965 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.832607985 CEST49726443192.168.2.6142.250.186.174
Oct 1, 2024 10:55:57.832623005 CEST44349726142.250.186.174192.168.2.6
Oct 1, 2024 10:55:57.868130922 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.868168116 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:57.868316889 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.869090080 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:57.869102955 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.132778883 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.133027077 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.133035898 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.133387089 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.133452892 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.134115934 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.134171009 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.136071920 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.136123896 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.136750937 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.136754990 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.137094021 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.183408022 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.329911947 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.330050945 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.330121994 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.333334923 CEST49728443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:58.333353996 CEST44349728216.58.206.78192.168.2.6
Oct 1, 2024 10:55:58.504530907 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.504637957 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:58.505884886 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:58.505892992 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.506125927 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.507282019 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:58.551398039 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.781505108 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.781575918 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.782059908 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:58.782507896 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:58.782507896 CEST49730443192.168.2.6184.28.90.27
Oct 1, 2024 10:55:58.782525063 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:58.782535076 CEST44349730184.28.90.27192.168.2.6
Oct 1, 2024 10:55:59.722331047 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:55:59.722383976 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:55:59.722441912 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:55:59.723038912 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:55:59.723056078 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:55:59.888222933 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:59.888266087 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:55:59.888365984 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:59.889022112 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:55:59.889039993 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.510972023 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.511048079 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.513293982 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.513307095 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.513596058 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.515569925 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.515635967 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.515641928 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.515785933 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.559408903 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.610039949 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.610476017 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:56:00.610487938 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.611737013 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.612138987 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:56:00.612318039 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.612349033 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:56:00.612386942 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:56:00.612431049 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.691874981 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.692008018 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.692442894 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.693034887 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.693034887 CEST49731443192.168.2.640.113.110.67
Oct 1, 2024 10:56:00.693056107 CEST4434973140.113.110.67192.168.2.6
Oct 1, 2024 10:56:00.868525982 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.868837118 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:00.868901968 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:56:00.871323109 CEST49732443192.168.2.6216.58.206.78
Oct 1, 2024 10:56:00.871341944 CEST44349732216.58.206.78192.168.2.6
Oct 1, 2024 10:56:03.321322918 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:03.321343899 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:03.322536945 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:03.325433969 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:03.325453043 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.089118958 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.089205980 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.325207949 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.325223923 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.325550079 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.369530916 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.558259964 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.599411964 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.812397957 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.812421083 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.812429905 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.812477112 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.812517881 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.812521935 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.812540054 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.812572002 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.812593937 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.813108921 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.813170910 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.813178062 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.813208103 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.815069914 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.827317953 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.827352047 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:04.827382088 CEST49733443192.168.2.64.245.163.56
Oct 1, 2024 10:56:04.827411890 CEST443497334.245.163.56192.168.2.6
Oct 1, 2024 10:56:05.572561026 CEST49705443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:05.572904110 CEST49705443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:05.573522091 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:05.573542118 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:05.573625088 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:05.574490070 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:05.574501038 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:05.577363014 CEST44349705173.222.162.64192.168.2.6
Oct 1, 2024 10:56:05.577714920 CEST44349705173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.187897921 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.188002110 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:06.213332891 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:06.213345051 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.213850021 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.213903904 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:06.214863062 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:06.214890957 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.215074062 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:06.255407095 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.486633062 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.486718893 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:06.487245083 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.487306118 CEST44349736173.222.162.64192.168.2.6
Oct 1, 2024 10:56:06.487376928 CEST49736443192.168.2.6173.222.162.64
Oct 1, 2024 10:56:13.299686909 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:13.299732924 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:13.300050974 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:13.302916050 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:13.302937984 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.080677032 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.080748081 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:14.086461067 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:14.086477041 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.086824894 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.091007948 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:14.091156960 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:14.091166973 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.091517925 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:14.139410973 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.272741079 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.272911072 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:14.272965908 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:14.273089886 CEST49738443192.168.2.640.113.110.67
Oct 1, 2024 10:56:14.273109913 CEST4434973840.113.110.67192.168.2.6
Oct 1, 2024 10:56:35.685694933 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:35.685741901 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:35.691679955 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:35.693181992 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:35.693197012 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:36.668572903 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:36.668634892 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:36.670764923 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:36.670774937 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:36.671015024 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:36.672838926 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:36.672904968 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:36.672909021 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:36.673075914 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:36.719396114 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:37.064555883 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:37.064630985 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:37.065082073 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:37.065082073 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:37.065095901 CEST4434973940.113.110.67192.168.2.6
Oct 1, 2024 10:56:37.065156937 CEST49739443192.168.2.640.113.110.67
Oct 1, 2024 10:56:41.363349915 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:41.363393068 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:41.363509893 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:41.363982916 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:41.363996029 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.146990061 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.147087097 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.148941040 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.148952961 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.149202108 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.159936905 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.207405090 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.621011019 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.621032000 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.621047020 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.621115923 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.621133089 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.621201992 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.626669884 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.626708031 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.626740932 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.626755953 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.626766920 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.626801014 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.626847982 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.626972914 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.626977921 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:42.627015114 CEST49740443192.168.2.64.245.163.56
Oct 1, 2024 10:56:42.627019882 CEST443497404.245.163.56192.168.2.6
Oct 1, 2024 10:56:54.610713959 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:56:54.610761881 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:56:54.610851049 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:56:54.611079931 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:56:54.611094952 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:56:55.347095013 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:56:55.347465038 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:56:55.347489119 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:56:55.347815990 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:56:55.348212004 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:56:55.348279953 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:56:55.401133060 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:56:59.944873095 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:56:59.944940090 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:56:59.945004940 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:56:59.945643902 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:56:59.945666075 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.749897003 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.749985933 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:00.752394915 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:00.752412081 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.753304958 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.755266905 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:00.755573034 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:00.755578995 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.755696058 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:00.803391933 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.931552887 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.931916952 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.932013988 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:00.932143927 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:00.932157993 CEST4434974340.113.110.67192.168.2.6
Oct 1, 2024 10:57:00.932173014 CEST49743443192.168.2.640.113.110.67
Oct 1, 2024 10:57:05.153958082 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:57:05.154026985 CEST44349742142.250.185.132192.168.2.6
Oct 1, 2024 10:57:05.154081106 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:57:05.573951006 CEST49742443192.168.2.6142.250.185.132
Oct 1, 2024 10:57:05.573978901 CEST44349742142.250.185.132192.168.2.6

UDP Packets

TimestampSource PortDest PortSource IPDest IP
Oct 1, 2024 10:55:51.326349974 CEST53559841.1.1.1192.168.2.6
Oct 1, 2024 10:55:51.338464022 CEST53573011.1.1.1192.168.2.6
Oct 1, 2024 10:55:52.319781065 CEST53580431.1.1.1192.168.2.6
Oct 1, 2024 10:55:53.110383987 CEST5966453192.168.2.61.1.1.1
Oct 1, 2024 10:55:53.110632896 CEST5491653192.168.2.61.1.1.1
Oct 1, 2024 10:55:53.119366884 CEST53596641.1.1.1192.168.2.6
Oct 1, 2024 10:55:53.119503975 CEST53549161.1.1.1192.168.2.6
Oct 1, 2024 10:55:56.512166023 CEST53535881.1.1.1192.168.2.6
Oct 1, 2024 10:55:56.548158884 CEST6393053192.168.2.61.1.1.1
Oct 1, 2024 10:55:56.548811913 CEST6266553192.168.2.61.1.1.1
Oct 1, 2024 10:55:56.554600000 CEST53639301.1.1.1192.168.2.6
Oct 1, 2024 10:55:56.555694103 CEST53626651.1.1.1192.168.2.6
Oct 1, 2024 10:55:57.474152088 CEST5863353192.168.2.61.1.1.1
Oct 1, 2024 10:55:57.474544048 CEST5043953192.168.2.61.1.1.1
Oct 1, 2024 10:55:57.481076002 CEST53586331.1.1.1192.168.2.6
Oct 1, 2024 10:55:57.481239080 CEST53504391.1.1.1192.168.2.6
Oct 1, 2024 10:56:09.393670082 CEST53593691.1.1.1192.168.2.6
Oct 1, 2024 10:56:28.170583963 CEST53584481.1.1.1192.168.2.6
Oct 1, 2024 10:56:50.659318924 CEST53506071.1.1.1192.168.2.6
Oct 1, 2024 10:56:50.851414919 CEST53638971.1.1.1192.168.2.6

DNS Queries

TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
Oct 1, 2024 10:55:53.110383987 CEST192.168.2.61.1.1.10xa590Standard query (0)www.google.comA (IP address)IN (0x0001)false
Oct 1, 2024 10:55:53.110632896 CEST192.168.2.61.1.1.10xc4ccStandard query (0)www.google.com65IN (0x0001)false
Oct 1, 2024 10:55:56.548158884 CEST192.168.2.61.1.1.10xb3f3Standard query (0)apis.google.comA (IP address)IN (0x0001)false
Oct 1, 2024 10:55:56.548811913 CEST192.168.2.61.1.1.10xe6efStandard query (0)apis.google.com65IN (0x0001)false
Oct 1, 2024 10:55:57.474152088 CEST192.168.2.61.1.1.10xa513Standard query (0)play.google.comA (IP address)IN (0x0001)false
Oct 1, 2024 10:55:57.474544048 CEST192.168.2.61.1.1.10x4c8Standard query (0)play.google.com65IN (0x0001)false

DNS Answers

TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
Oct 1, 2024 10:55:53.119366884 CEST1.1.1.1192.168.2.60xa590No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
Oct 1, 2024 10:55:53.119503975 CEST1.1.1.1192.168.2.60xc4ccNo error (0)www.google.com65IN (0x0001)false
Oct 1, 2024 10:55:56.554600000 CEST1.1.1.1192.168.2.60xb3f3No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
Oct 1, 2024 10:55:56.554600000 CEST1.1.1.1192.168.2.60xb3f3No error (0)plus.l.google.com142.250.186.174A (IP address)IN (0x0001)false
Oct 1, 2024 10:55:56.555694103 CEST1.1.1.1192.168.2.60xe6efNo error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
Oct 1, 2024 10:55:57.481076002 CEST1.1.1.1192.168.2.60xa513No error (0)play.google.com216.58.206.78A (IP address)IN (0x0001)false
Oct 1, 2024 10:56:03.706442118 CEST1.1.1.1192.168.2.60xdbdfNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
Oct 1, 2024 10:56:03.706442118 CEST1.1.1.1192.168.2.60xdbdfNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
Oct 1, 2024 10:56:24.487095118 CEST1.1.1.1192.168.2.60x8e73No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
Oct 1, 2024 10:56:24.487095118 CEST1.1.1.1192.168.2.60x8e73No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
Oct 1, 2024 10:57:03.862863064 CEST1.1.1.1192.168.2.60xba67No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
Oct 1, 2024 10:57:03.862863064 CEST1.1.1.1192.168.2.60xba67No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false

HTTP Request Dependency Graph

  • www.google.com
  • apis.google.com
  • play.google.com
  • fs.microsoft.com
  • slscr.update.microsoft.com
  • https:
    • www.bing.com

HTTPS Proxied Packets

Session IDSource IPSource PortDestination IPDestination Port
0192.168.2.64971340.113.110.67443
TimestampBytes transferredDirectionData
2024-10-01 08:55:52 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 65 37 5a 5a 7a 41 39 6a 6b 6b 69 51 6f 30 70 65 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 34 32 63 64 62 64 35 36 37 34 30 32 66 37 33 0d 0a 0d 0a
Data Ascii: CNT 1 CON 305MS-CV: e7ZZzA9jkkiQo0pe.1Context: 242cdbd567402f73
2024-10-01 08:55:52 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 08:55:52 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 65 37 5a 5a 7a 41 39 6a 6b 6b 69 51 6f 30 70 65 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 34 32 63 64 62 64 35 36 37 34 30 32 66 37 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 5a 72 4b 68 57 70 72 57 78 35 73 73 68 53 4a 38 4b 76 42 68 36 4e 52 4a 42 46 4b 49 6b 75 65 76 59 72 46 4c 62 44 79 6d 73 71 58 75 6d 6f 46 6d 79 38 44 38 42 56 35 34 42 44 6a 46 69 79 55 35 50 47 4f 50 78 61 4e 2f 35 72 59 34 35 6b 4a 4b 76 72 43 76 61 43 44 6f 6e 2b 42 4e 43 66 54 79 31 63 4c 63 75 49 71 31 38 70 6e 39
Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: e7ZZzA9jkkiQo0pe.2Context: 242cdbd567402f73<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATZrKhWprWx5sshSJ8KvBh6NRJBFKIkuevYrFLbDymsqXumoFmy8D8BV54BDjFiyU5PGOPxaN/5rY45kJKvrCvaCDon+BNCfTy1cLcuIq18pn9
2024-10-01 08:55:52 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 65 37 5a 5a 7a 41 39 6a 6b 6b 69 51 6f 30 70 65 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 34 32 63 64 62 64 35 36 37 34 30 32 66 37 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
Data Ascii: BND 3 CON\WNS 0 197MS-CV: e7ZZzA9jkkiQo0pe.3Context: 242cdbd567402f73<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 08:55:52 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
Data Ascii: 202 1 CON 58
2024-10-01 08:55:52 UTC58INData Raw: 4d 53 2d 43 56 3a 20 61 69 78 75 48 4e 6c 2b 4b 45 4b 37 31 47 56 38 34 30 7a 70 62 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
Data Ascii: MS-CV: aixuHNl+KEK71GV840zpbw.0Payload parsing failed.


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
1192.168.2.649716142.250.185.1324431036C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampBytes transferredDirectionData
2024-10-01 08:55:53 UTC595OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
Host: www.google.com
Connection: keep-alive
X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
Sec-Fetch-Site: none
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
2024-10-01 08:55:54 UTC1266INHTTP/1.1 200 OK
Date: Tue, 01 Oct 2024 08:55:53 GMT
Pragma: no-cache
Expires: -1
Cache-Control: no-cache, must-revalidate
Content-Type: text/javascript; charset=UTF-8
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-qSvBS-prPAzVaiRdv5aCxw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
Accept-CH: Sec-CH-Prefers-Color-Scheme
Accept-CH: Sec-CH-UA-Form-Factors
Accept-CH: Sec-CH-UA-Platform
Accept-CH: Sec-CH-UA-Platform-Version
Accept-CH: Sec-CH-UA-Full-Version
Accept-CH: Sec-CH-UA-Arch
Accept-CH: Sec-CH-UA-Model
Accept-CH: Sec-CH-UA-Bitness
Accept-CH: Sec-CH-UA-Full-Version-List
Accept-CH: Sec-CH-UA-WoW64
Permissions-Policy: unload=()
Content-Disposition: attachment; filename="f.txt"
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
2024-10-01 08:55:54 UTC124INData Raw: 64 64 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 6d 65 67 61 6c 6f 70 6f 6c 69 73 20 6d 6f 76 69 65 20 66 72 61 6e 63 69 73 20 66 6f 72 64 20 63 6f 70 70 6f 6c 61 22 2c 22 73 74 20 6c 6f 75 69 73 20 63 61 72 64 69 6e 61 6c 73 20 70 72 65 73 73 20 63 6f 6e 66 65 72 65 6e 63 65 22 2c 22 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 20 63 6f 6c 61 20 69 6e 63 72 65 61 73 65
Data Ascii: ddf)]}'["",["megalopolis movie francis ford coppola","st louis cardinals press conference","social security cola increase
2024-10-01 08:55:54 UTC1390INData Raw: 20 32 30 32 35 22 2c 22 65 61 72 74 68 20 6d 69 6e 69 20 6d 6f 6f 6e 20 61 73 74 65 72 6f 69 64 22 2c 22 73 74 61 72 66 69 65 6c 64 20 64 6c 63 20 73 68 61 74 74 65 72 65 64 20 73 70 61 63 65 22 2c 22 65 72 69 6b 61 20 64 69 61 72 74 65 20 63 61 72 72 20 66 75 6e 65 72 61 6c 22 2c 22 73 61 6e 20 6a 6f 73 65 20 73 74 61 74 65 20 62 6f 69 73 65 20 73 74 61 74 65 20 76 6f 6c 6c 65 79 62 61 6c 6c 22 2c 22 6f 63 74 6f 62 65 72 20 73 73 69 20 70 61 79 6d 65 6e 74 20 73 6f 63 69 61 6c 20 73 65 63 75 72 69 74 79 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c
Data Ascii: 2025","earth mini moon asteroid","starfield dlc shattered space","erika diarte carr funeral","san jose state boise state volleyball","october ssi payment social security"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"googl
2024-10-01 08:55:54 UTC1390INData Raw: 31 59 6c 52 44 63 33 70 50 62 6e 41 79 54 6d 64 36 4d 31 42 72 54 6e 6f 34 54 55 64 36 51 30 56 52 4d 56 64 6b 65 48 46 53 63 44 46 47 61 46 6b 34 63 6e 42 4c 5a 6d 35 71 51 56 42 46 54 58 63 32 62 30 70 48 53 48 41 79 4f 47 67 34 54 56 41 72 53 47 6c 48 63 6b 4e 45 4d 57 70 4a 65 45 39 4a 63 6d 52 78 59 6d 4a 54 52 31 5a 51 52 7a 56 58 4c 33 6c 33 4f 44 52 6a 59 6c 5a 59 4d 69 39 42 59 30 78 71 4f 47 6c 4e 55 48 6c 77 61 31 5a 57 59 31 41 78 64 6a 64 53 56 7a 46 6a 63 32 74 4f 54 45 4e 72 63 6d 46 4b 57 6e 42 4d 51 69 73 77 5a 47 67 78 4e 57 56 48 52 57 73 34 56 46 55 34 62 57 70 59 53 45 6b 78 64 44 4a 70 61 30 52 6e 61 6e 70 48 54 6b 4d 30 65 58 41 32 5a 58 55 30 61 58 6c 6c 61 47 73 79 56 6e 42 73 52 58 4a 4c 4f 58 6c 52 4d 58 56 35 55 6a 41 31 52 47
Data Ascii: 1YlRDc3pPbnAyTmd6M1BrTno4TUd6Q0VRMVdkeHFScDFGaFk4cnBLZm5qQVBFTXc2b0pHSHAyOGg4TVArSGlHckNEMWpJeE9JcmRxYmJTR1ZQRzVXL3l3ODRjYlZYMi9BY0xqOGlNUHlwa1ZWY1AxdjdSVzFjc2tOTENrcmFKWnBMQiswZGgxNWVHRWs4VFU4bWpYSEkxdDJpa0RnanpHTkM0eXA2ZXU0aXllaGsyVnBsRXJLOXlRMXV5UjA1RG
2024-10-01 08:55:54 UTC654INData Raw: 33 63 77 64 46 52 55 63 6b 70 56 51 53 74 72 61 30 78 6b 53 45 6c 30 59 6a 4a 44 4d 33 68 34 4d 56 4e 36 4d 47 56 55 64 6b 68 43 52 6b 46 4b 59 58 4e 71 4e 30 74 73 61 6b 6c 59 56 55 49 78 57 53 74 76 5a 7a 5a 7a 5a 6c 6c 44 59 30 49 30 64 6a 52 74 52 31 51 77 52 57 52 51 55 6d 46 45 62 55 56 79 52 54 5a 70 54 47 68 57 4e 33 6f 35 5a 46 4a 71 54 6d 4e 33 65 6b 74 78 65 6b 64 6b 4e 54 5a 31 56 58 6c 54 54 57 39 53 61 55 46 47 51 6c 56 48 4e 45 5a 6f 65 6a 4e 33 4c 31 4e 57 61 54 49 72 57 6b 70 79 54 32 39 59 4d 48 6c 4b 57 54 56 30 62 6a 4a 57 55 79 74 72 57 45 30 32 62 57 4a 4e 53 6c 42 57 5a 33 6c 33 61 55 64 75 55 54 49 32 65 55 68 30 64 57 5a 48 4e 54 59 30 61 31 52 74 63 32 4e 46 65 45 35 4b 55 33 70 56 4d 46 52 31 63 47 78 70 54 6c 55 77 5a 32 4e 42
Data Ascii: 3cwdFRUckpVQStra0xkSEl0YjJDM3h4MVN6MGVUdkhCRkFKYXNqN0tsaklYVUIxWStvZzZzZllDY0I0djRtR1QwRWRQUmFEbUVyRTZpTGhWN3o5ZFJqTmN3ektxekdkNTZ1VXlTTW9SaUFGQlVHNEZoejN3L1NWaTIrWkpyT29YMHlKWTV0bjJWUytrWE02bWJNSlBWZ3l3aUduUTI2eUh0dWZHNTY0a1Rtc2NFeE5KU3pVMFR1cGxpTlUwZ2NB
2024-10-01 08:55:54 UTC235INData Raw: 65 35 0d 0a 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a
Data Ascii: e5,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
2024-10-01 08:55:54 UTC5INData Raw: 30 0d 0a 0d 0a
Data Ascii: 0


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
2192.168.2.649717142.250.185.1324431036C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampBytes transferredDirectionData
2024-10-01 08:55:54 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
Host: www.google.com
Connection: keep-alive
Sec-Fetch-Site: none
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
2024-10-01 08:55:54 UTC1042INHTTP/1.1 200 OK
Version: 679175731
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
Accept-CH: Sec-CH-Prefers-Color-Scheme
Accept-CH: Sec-CH-UA-Form-Factors
Accept-CH: Sec-CH-UA-Platform
Accept-CH: Sec-CH-UA-Platform-Version
Accept-CH: Sec-CH-UA-Full-Version
Accept-CH: Sec-CH-UA-Arch
Accept-CH: Sec-CH-UA-Model
Accept-CH: Sec-CH-UA-Bitness
Accept-CH: Sec-CH-UA-Full-Version-List
Accept-CH: Sec-CH-UA-WoW64
Permissions-Policy: unload=()
Content-Disposition: attachment; filename="f.txt"
Date: Tue, 01 Oct 2024 08:55:54 GMT
Server: gws
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
2024-10-01 08:55:54 UTC25INData Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a
Data Ascii: 13)]}'{"ddljson":{}}
2024-10-01 08:55:54 UTC5INData Raw: 30 0d 0a 0d 0a
Data Ascii: 0


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
3192.168.2.649718142.250.185.1324431036C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampBytes transferredDirectionData
2024-10-01 08:55:54 UTC498OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
Host: www.google.com
Connection: keep-alive
X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEI3L3NAQi5ys0BCOnSzQEI6NXNAQjL1s0BCKjYzQEI+cDUFRi60s0BGOuNpRc=
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
2024-10-01 08:55:54 UTC1042INHTTP/1.1 200 OK
Version: 679175731
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
Accept-CH: Sec-CH-Prefers-Color-Scheme
Accept-CH: Sec-CH-UA-Form-Factors
Accept-CH: Sec-CH-UA-Platform
Accept-CH: Sec-CH-UA-Platform-Version
Accept-CH: Sec-CH-UA-Full-Version
Accept-CH: Sec-CH-UA-Arch
Accept-CH: Sec-CH-UA-Model
Accept-CH: Sec-CH-UA-Bitness
Accept-CH: Sec-CH-UA-Full-Version-List
Accept-CH: Sec-CH-UA-WoW64
Permissions-Policy: unload=()
Content-Disposition: attachment; filename="f.txt"
Date: Tue, 01 Oct 2024 08:55:54 GMT
Server: gws
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
2024-10-01 08:55:54 UTC348INData Raw: 31 65 61 63 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 33 64 20 67 62 5f 52 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
Data Ascii: 1eac)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Re gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-10-01 08:55:54 UTC1390INData Raw: 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32
Data Ascii: gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 2
2024-10-01 08:55:54 UTC1390INData Raw: 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30
Data Ascii: u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u0
2024-10-01 08:55:54 UTC1390INData Raw: 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20
Data Ascii: "0\"\u003e \u003csvg class\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13
2024-10-01 08:55:54 UTC1390INData Raw: 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32
Data Ascii: -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2
2024-10-01 08:55:54 UTC1390INData Raw: 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 33 31 36 2c 33 37 30 31 33 38 31 2c 33 37 30 31 33 38 34 2c 31 30 31 35 37 31 32 36 36 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e
Data Ascii: enu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700316,3701381,3701384,101571266],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.
2024-10-01 08:55:54 UTC562INData Raw: 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 56 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 69 7d 7d 3b 5f 2e 57 64 5c 75 30 30 33 64 6e 65 77 20 5f 2e 56 64 28 5c 22 61 62 6f 75 74 3a 69 6e 76 61 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 53 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 59 67 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 58 64 5c 75 30 30 33 64 5b 54 64 28 5c 22 64 61 74 61 5c 22 29 2c 54 64 28 5c 22 68 74 74 70 5c 22 29 2c 54 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 54 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 54 64 28 5c 22
Data Ascii: is.trustedTypes;_.Vd\u003dclass{constructor(a){this.i\u003da}toString(){return this.i}};_.Wd\u003dnew _.Vd(\"about:invalid#zClosurez\");_.Sd\u003dclass{constructor(a){this.Yg\u003da}};_.Xd\u003d[Td(\"data\"),Td(\"http\"),Td(\"https\"),Td(\"mailto\"),Td(\"
2024-10-01 08:55:54 UTC392INData Raw: 31 38 31 0d 0a 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 61 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 63 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 62 65 29 72
Data Ascii: 181?a|0:void 0};_.ae\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.isFinite(a)?a|0:void 0};ce\u003dfunction(){let a\u003dnull;if(!be)r
2024-10-01 08:55:54 UTC1390INData Raw: 38 30 30 30 0d 0a 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 76 6f 69 64 20 30 5c 75 30 30 32 36 5c 75 30 30 32 36 28 64 65 5c 75 30 30 33 64 63 65 28 29 29 3b 72 65 74 75 72 6e 20 64 65 7d 3b 5c 6e 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 65 65 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 66 65 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 68 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 66 65 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72
Data Ascii: 8000b){}return a};_.ee\u003dfunction(){de\u003d\u003d\u003dvoid 0\u0026\u0026(de\u003dce());return de};\n_.ge\u003dfunction(a){const b\u003d_.ee();return new _.fe(b?b.createScriptURL(a):a)};_.he\u003dfunction(a){if(a instanceof _.fe)return a.i;throw Err
2024-10-01 08:55:54 UTC1390INData Raw: 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 69 66 28 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3b 65 6c 73 65 7b 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 3b 76 61 72 20 64 5c 75 30 30 33 64 62 7c 7c 63 3b 61 5c 75 30 30 33 64 64 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 5c 75 30 30 32 36 5c 75 30 30 32 36 64 2e 71 75 65 72 79 53 65 6c 65 63 74
Data Ascii: of b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u003db||document;if(c.getElementsByClassName)a\u003dc.getElementsByClassName(a)[0];else{c\u003ddocument;var d\u003db||c;a\u003dd.querySelectorAll\u0026\u0026d.querySelect


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
4192.168.2.649720142.250.185.1324431036C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampBytes transferredDirectionData
2024-10-01 08:55:54 UTC353OUTGET /async/newtab_promos HTTP/1.1
Host: www.google.com
Connection: keep-alive
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
2024-10-01 08:55:54 UTC957INHTTP/1.1 200 OK
Version: 679175731
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
Accept-CH: Sec-CH-UA-Form-Factors
Accept-CH: Sec-CH-UA-Platform
Accept-CH: Sec-CH-UA-Platform-Version
Accept-CH: Sec-CH-UA-Full-Version
Accept-CH: Sec-CH-UA-Arch
Accept-CH: Sec-CH-UA-Model
Accept-CH: Sec-CH-UA-Bitness
Accept-CH: Sec-CH-UA-Full-Version-List
Accept-CH: Sec-CH-UA-WoW64
Permissions-Policy: unload=()
Content-Disposition: attachment; filename="f.txt"
Date: Tue, 01 Oct 2024 08:55:54 GMT
Server: gws
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Connection: close
Transfer-Encoding: chunked
2024-10-01 08:55:54 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-10-01 08:55:54 UTC5INData Raw: 30 0d 0a 0d 0a
Data Ascii: 0


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
5192.168.2.649726142.250.186.1744431036C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampBytes transferredDirectionData
2024-10-01 08:55:57 UTC721OUTGET /_/scs/abc-static/_/js/k=gapi.gapi.en.SpvAvsXfWWo.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-MoqWi0fF1M09Ccs-6QfulXvxfdg/cb=gapi.loaded_0 HTTP/1.1
Host: apis.google.com
Connection: keep-alive
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
sec-ch-ua-platform: "Windows"
Accept: */*
X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUX
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: no-cors
Sec-Fetch-Dest: script
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
2024-10-01 08:55:57 UTC914INHTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access"
Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
Content-Length: 126135
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
Date: Tue, 01 Oct 2024 08:06:24 GMT
Expires: Wed, 01 Oct 2025 08:06:24 GMT
Cache-Control: public, max-age=31536000
Last-Modified: Fri, 06 Sep 2024 22:07:50 GMT
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Encoding
Age: 2973
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Connection: close
2024-10-01 08:55:57 UTC476INData Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 38 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 62 61 2c 66 61 2c 68 61 2c 6e 61 2c 6f 61 2c 73 61 2c 75 61 2c 77 61 3b 62 61 3d 66 75 6e
Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x800000, ]);var ba,fa,ha,na,oa,sa,ua,wa;ba=fun
2024-10-01 08:55:57 UTC1390INData Raw: 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 68 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 45 72
Data Ascii: a;a[b]=c.value;return a};ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Er
2024-10-01 08:55:57 UTC1390INData Raw: 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 62 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 73 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 75 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 61
Data Ascii: fined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:ba(a)};throw Error("b`"+String(a));};sa=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};ua=typeof Object.assign=="function"?Object.a
2024-10-01 08:55:57 UTC1390INData Raw: 74 68 69 73 2e 51 72 3d 5b 5d 3b 74 68 69 73 2e 6a 56 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 58 64 61 29 2c 72 65 6a 65 63 74 3a 68 28 74 68 69 73 2e 56 4a 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 58 64 61 3d 66 75 6e 63 74 69 6f
Data Ascii: this.Qr=[];this.jV=!1;var k=this.jF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.jF=function(){function h(m){return function(n){l||(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Xda),reject:h(this.VJ)}};e.prototype.Xda=functio
2024-10-01 08:55:57 UTC1390INData Raw: 6f 74 79 70 65 2e 47 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 51 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 51 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 5a 4f 28 74 68 69 73 2e 51 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 51 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 44 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 6a 46 28 29 3b 68 2e 6c 79 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 45 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 76 61 72 20 6c 3d 74 68 69 73 2e 6a 46 28 29 3b 74 72 79 7b 68 2e 63 61 6c 6c 28 6b 2c 6c 2e 72 65 73 6f 6c 76 65 2c
Data Ascii: otype.G7=function(){if(this.Qr!=null){for(var h=0;h<this.Qr.length;++h)f.ZO(this.Qr[h]);this.Qr=null}};var f=new b;e.prototype.Dfa=function(h){var k=this.jF();h.ly(k.resolve,k.reject)};e.prototype.Efa=function(h,k){var l=this.jF();try{h.call(k,l.resolve,
2024-10-01 08:55:57 UTC1390INData Raw: 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6e 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 45 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 66 26 26 63 3c 65 3b 29 69 66 28 64 5b 63 2b 2b 5d 21 3d 62 5b 68 2b 2b 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 68 3e 3d 66 7d 7d 29
Data Ascii: gular expression");return a+""};na("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ea(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c|0,d.length));for(var h=0;h<f&&c<e;)if(d[c++]!=b[h++])return!1;return h>=f}})
2024-10-01 08:55:57 UTC1390INData Raw: 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 73 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 73 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3a 76 6f 69 64 20 30 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 73
Data Ascii: is.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!sa(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return this};k.prototype.get=function(l){return c(l)&&sa(l,f)?l[f][this.Ga]:void 0};k.prototype.has=function(l){return c(l)&&s
2024-10-01 08:55:57 UTC1390INData Raw: 2c 6b 2e 65 66 2e 6e 65 78 74 2e 55 6b 3d 0a 6b 2e 65 66 2e 55 6b 2c 6b 2e 65 66 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 55 6b 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 65 66 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 28 6b 3d 64 28 74 68 69 73 2c 6b 29 2e 65 66 29 26 26 6b 2e 76 61 6c 75 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 70
Data Ascii: ,k.ef.next.Uk=k.ef.Uk,k.ef.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Uk=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).ef};c.prototype.get=function(k){return(k=d(this,k).ef)&&k.value};c.prototyp
2024-10-01 08:55:57 UTC1390INData Raw: 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 21 3d 34 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62
Data Ascii: ze!=1||d.add({x:4})!=d||d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done||f.value[0]!=c||f.value[1]!=c)return!1;f=e.next();return f.done||f.value[0]==c||f.value[0].x!=4||f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b
2024-10-01 08:55:57 UTC1390INData Raw: 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 29 3a 28 65 2d 3d 36 35 35 33 36 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 26 31 30 32 33 7c 35 36 33 32 30 29 29 7d 72 65 74 75 72 6e 20 63 7d 7d 29 3b 6e 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61
Data Ascii: 111||e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(e):(e-=65536,c+=String.fromCharCode(e>>>10&1023|55296),c+=String.fromCharCode(e&1023|56320))}return c}});na("Array.prototype.entries",function(a){return a


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
6192.168.2.649727184.28.90.27443
TimestampBytes transferredDirectionData
2024-10-01 08:55:57 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
User-Agent: Microsoft BITS/7.8
Host: fs.microsoft.com
2024-10-01 08:55:57 UTC467INHTTP/1.1 200 OK
Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
Content-Type: application/octet-stream
ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
Last-Modified: Tue, 16 May 2017 22:58:00 GMT
Server: ECAcc (lpl/EF06)
X-CID: 11
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-neu-z1
Cache-Control: public, max-age=200993
Date: Tue, 01 Oct 2024 08:55:57 GMT
Connection: close
X-CID: 2


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
7192.168.2.649728216.58.206.784431036C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampBytes transferredDirectionData
2024-10-01 08:55:58 UTC706OUTPOST /log?format=json&hasfast=true HTTP/1.1
Host: play.google.com
Connection: keep-alive
Content-Length: 923
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Accept: */*
Origin: chrome-untrusted://new-tab-page
X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUX
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
2024-10-01 08:55:58 UTC923OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 32 37 37 37 32 39 35 35 34 38 37 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],373,[["1727772955487",null,null,null,
2024-10-01 08:55:58 UTC936INHTTP/1.1 200 OK
Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Playlog-Web
Set-Cookie: NID=517=XhhE4b33PexPJcOrRWyHPno470RI7tUTqQ6Ttmioy0_TiTh40CcvaT1iVn4mXuR4-wBKCGLr4Mqo30kY8FvRp9Gqku2vZh7Q-EzBH6N9Eg2pfU798av__KaDLsbI1AnXfcssvi23JFx3hva0sXRG0zZlfiy3BOXSlgs7RPf6FPG-9B5DlQ; expires=Wed, 02-Apr-2025 08:55:58 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Type: text/plain; charset=UTF-8
Date: Tue, 01 Oct 2024 08:55:58 GMT
Server: Playlog
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Expires: Tue, 01 Oct 2024 08:55:58 GMT
Connection: close
Transfer-Encoding: chunked
2024-10-01 08:55:58 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-01 08:55:58 UTC5INData Raw: 30 0d 0a 0d 0a
Data Ascii: 0


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
8192.168.2.649730184.28.90.27443
TimestampBytes transferredDirectionData
2024-10-01 08:55:58 UTC239OUTGET /fs/windows/config.json HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: identity
If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
Range: bytes=0-2147483646
User-Agent: Microsoft BITS/7.8
Host: fs.microsoft.com
2024-10-01 08:55:58 UTC515INHTTP/1.1 200 OK
ApiVersion: Distribute 1.1
Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
Content-Type: application/octet-stream
ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
Last-Modified: Tue, 16 May 2017 22:58:00 GMT
Server: ECAcc (lpl/EF06)
X-CID: 11
X-Ms-ApiVersion: Distribute 1.2
X-Ms-Region: prod-weu-z1
Cache-Control: public, max-age=200936
Date: Tue, 01 Oct 2024 08:55:58 GMT
Content-Length: 55
Connection: close
X-CID: 2
2024-10-01 08:55:58 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


Session IDSource IPSource PortDestination IPDestination Port
9192.168.2.64973140.113.110.67443
TimestampBytes transferredDirectionData
2024-10-01 08:56:00 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 67 55 6e 38 63 6f 4f 32 54 55 57 4b 2b 48 2f 4f 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 30 37 37 38 36 36 32 64 39 64 33 34 32 38 0d 0a 0d 0a
Data Ascii: CNT 1 CON 305MS-CV: gUn8coO2TUWK+H/O.1Context: 230778662d9d3428
2024-10-01 08:56:00 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 08:56:00 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 67 55 6e 38 63 6f 4f 32 54 55 57 4b 2b 48 2f 4f 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 30 37 37 38 36 36 32 64 39 64 33 34 32 38 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 5a 72 4b 68 57 70 72 57 78 35 73 73 68 53 4a 38 4b 76 42 68 36 4e 52 4a 42 46 4b 49 6b 75 65 76 59 72 46 4c 62 44 79 6d 73 71 58 75 6d 6f 46 6d 79 38 44 38 42 56 35 34 42 44 6a 46 69 79 55 35 50 47 4f 50 78 61 4e 2f 35 72 59 34 35 6b 4a 4b 76 72 43 76 61 43 44 6f 6e 2b 42 4e 43 66 54 79 31 63 4c 63 75 49 71 31 38 70 6e 39
Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: gUn8coO2TUWK+H/O.2Context: 230778662d9d3428<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATZrKhWprWx5sshSJ8KvBh6NRJBFKIkuevYrFLbDymsqXumoFmy8D8BV54BDjFiyU5PGOPxaN/5rY45kJKvrCvaCDon+BNCfTy1cLcuIq18pn9
2024-10-01 08:56:00 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 67 55 6e 38 63 6f 4f 32 54 55 57 4b 2b 48 2f 4f 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 33 30 37 37 38 36 36 32 64 39 64 33 34 32 38 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
Data Ascii: BND 3 CON\WNS 0 197MS-CV: gUn8coO2TUWK+H/O.3Context: 230778662d9d3428<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 08:56:00 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
Data Ascii: 202 1 CON 58
2024-10-01 08:56:00 UTC58INData Raw: 4d 53 2d 43 56 3a 20 47 62 65 46 69 55 75 73 48 55 57 39 49 32 47 62 6b 78 4b 76 6f 51 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
Data Ascii: MS-CV: GbeFiUusHUW9I2GbkxKvoQ.0Payload parsing failed.


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
10192.168.2.649732216.58.206.784431036C:\Program Files\Google\Chrome\Application\chrome.exe
TimestampBytes transferredDirectionData
2024-10-01 08:56:00 UTC902OUTPOST /log?format=json&hasfast=true HTTP/1.1
Host: play.google.com
Connection: keep-alive
Content-Length: 928
sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
sec-ch-ua-platform: "Windows"
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Accept: */*
Origin: chrome-untrusted://new-tab-page
X-Client-Data: CJa2yQEIprbJAQipncoBCO6MywEIlqHLAQj6mM0BCIWgzQEIucrNARjrjaUX
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: NID=517=XhhE4b33PexPJcOrRWyHPno470RI7tUTqQ6Ttmioy0_TiTh40CcvaT1iVn4mXuR4-wBKCGLr4Mqo30kY8FvRp9Gqku2vZh7Q-EzBH6N9Eg2pfU798av__KaDLsbI1AnXfcssvi23JFx3hva0sXRG0zZlfiy3BOXSlgs7RPf6FPG-9B5DlQ
2024-10-01 08:56:00 UTC928OUTData Raw: 5b 5b 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 5b 22 47 6f 6f 67 6c 65 20 43 68 72 6f 6d 65 22 2c 22 31 31 37 22 5d 2c 5b 22 4e 6f 74 3b 41 3d 42 72 61 6e 64 22 2c 22 38 22 5d 2c 5b 22 43 68 72 6f 6d 69 75 6d 22 2c 22 31 31 37 22 5d 5d 2c 30 2c 22 57 69 6e 64 6f 77 73 22 2c 22 31 30 2e 30 2e 30 22 2c 22 78 38 36 22 2c 22 22 2c 22 31 31 37 2e 30 2e 35 39 33 38 2e 31 33 34 22 5d 2c 5b 31 2c 30 2c 30 2c 30 2c 30 5d 5d 5d 2c 33 37 33 2c 5b 5b 22 31 37 32 37 37 37 32 39 35 37 39 30 35 22 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c
Data Ascii: [[1,null,null,null,null,null,null,null,null,null,[null,null,null,null,null,null,null,null,[[["Google Chrome","117"],["Not;A=Brand","8"],["Chromium","117"]],0,"Windows","10.0.0","x86","","117.0.5938.134"],[1,0,0,0,0]]],373,[["1727772957905",null,null,null,
2024-10-01 08:56:00 UTC944INHTTP/1.1 200 OK
Access-Control-Allow-Origin: chrome-untrusted://new-tab-page
Cross-Origin-Resource-Policy: cross-origin
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Playlog-Web
Set-Cookie: NID=517=I37YzPgNdxv8F1YkROZWOlZ8gqjYmYt2FSr31hw7GLGKsjNO0p9HEHd_Cl64vPy9h0ljscpSty8dQdf2e0FrlC5zMlNX1FKrKd1O3a_IIOJU9W_V7zooR9gj2-rcUTA9eYktVoJ7SjsHZ-wr8SfQpvAVOBbr1ZxpiM090AJQWs2ZNukNv6KiFMJ0qw; expires=Wed, 02-Apr-2025 08:56:00 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Content-Type: text/plain; charset=UTF-8
Date: Tue, 01 Oct 2024 08:56:00 GMT
Server: Playlog
Cache-Control: private
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Accept-Ranges: none
Vary: Accept-Encoding
Expires: Tue, 01 Oct 2024 08:56:00 GMT
Connection: close
Transfer-Encoding: chunked
2024-10-01 08:56:00 UTC137INData Raw: 38 33 0d 0a 5b 22 2d 31 22 2c 6e 75 6c 6c 2c 5b 5b 5b 22 41 4e 44 52 4f 49 44 5f 42 41 43 4b 55 50 22 2c 30 5d 2c 5b 22 42 41 54 54 45 52 59 5f 53 54 41 54 53 22 2c 30 5d 2c 5b 22 53 4d 41 52 54 5f 53 45 54 55 50 22 2c 30 5d 2c 5b 22 54 52 4f 4e 22 2c 30 5d 5d 2c 2d 33 33 33 34 37 33 37 35 39 34 30 32 34 39 37 31 32 32 35 5d 2c 5b 5d 2c 7b 22 31 37 35 32 33 37 33 37 35 22 3a 5b 31 30 30 30 30 5d 7d 5d 0d 0a
Data Ascii: 83["-1",null,[[["ANDROID_BACKUP",0],["BATTERY_STATS",0],["SMART_SETUP",0],["TRON",0]],-3334737594024971225],[],{"175237375":[10000]}]
2024-10-01 08:56:00 UTC5INData Raw: 30 0d 0a 0d 0a
Data Ascii: 0


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
11192.168.2.6497334.245.163.56443
TimestampBytes transferredDirectionData
2024-10-01 08:56:04 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vvy2LUWbdSoShkB&MD=54Pk3Lau HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Host: slscr.update.microsoft.com
2024-10-01 08:56:04 UTC560INHTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/octet-stream
Expires: -1
Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
MS-CorrelationId: 3bec9877-68f2-4139-886b-53c1e4c0b4dc
MS-RequestId: 82620cb5-96b6-408f-bcc1-6490e956f8fa
MS-CV: 2B3LwatI2U62N/hG.0
X-Microsoft-SLSClientCache: 2880
Content-Disposition: attachment; filename=environment.cab
X-Content-Type-Options: nosniff
Date: Tue, 01 Oct 2024 08:56:04 GMT
Connection: close
Content-Length: 24490
2024-10-01 08:56:04 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-10-01 08:56:04 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


Session IDSource IPSource PortDestination IPDestination Port
12192.168.2.649736173.222.162.64443
TimestampBytes transferredDirectionData
2024-10-01 08:56:06 UTC2256OUTPOST /threshold/xls.aspx HTTP/1.1
Origin: https://www.bing.com
Referer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init
Accept: */*
Accept-Language: en-CH
Content-type: text/xml
X-Agent-DeviceId: 01000A410900C4F3
X-BM-CBT: 1696488253
X-BM-DateFormat: dd/MM/yyyy
X-BM-DeviceDimensions: 784x984
X-BM-DeviceDimensionsLogical: 784x984
X-BM-DeviceScale: 100
X-BM-DTZ: 120
X-BM-Market: CH
X-BM-Theme: 000000;0078d7
X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66E
X-Device-ClientSession: 1D6F504B5A5A465DBDB84F31C63A581D
X-Device-isOptin: false
X-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}
X-Device-OSSKU: 48
X-Device-Touch: false
X-DeviceID: 01000A410900C4F3
X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshldspcl40,msbdsborgv2co,msbwdsbi920cf,optfsth3,premsbdsbchtupcf,wsbfixcachec,wsbqfasmsall_c,wsbqfminiserp_c,wsbref-c
X-MSEdge-ExternalExpType: JointCoord
X-PositionerType: Desktop
X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
X-Search-CortanaAvailableCapabilities: None
X-Search-SafeSearch: Moderate
X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time
X-UserAgeClass: Unknown
Accept-Encoding: gzip, deflate, br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045
Host: www.bing.com
Content-Length: 516
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: SRCHUID=V=2&GUID=CE2BE0509FF742BD822F50D98AD10391&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231005; SRCHHPGUSR=SRCHLANG=en&HV=1696488191&IPMH=5767d621&IPMID=1696488252989&LUT=1696487541024; CortanaAppUID=2020E25DAB158E420BA06F1C8DEF7959; MUID=81C61E09498D41CC97CDBBA354824ED1; _SS=SID=1D9FAF807E686D422B86BC217FC66C71&CPID=1696488253968&AC=1&CPH=071f2185; _EDGE_S=SID=1D9FAF807E686D422B86BC217FC66C71; MUIDB=81C61E09498D41CC97CDBBA354824ED1
2024-10-01 08:56:06 UTC1OUTData Raw: 3c
Data Ascii: <
2024-10-01 08:56:06 UTC515OUTData Raw: 43 6c 69 65 6e 74 49 6e 73 74 52 65 71 75 65 73 74 3e 3c 43 49 44 3e 38 31 43 36 31 45 30 39 34 39 38 44 34 31 43 43 39 37 43 44 42 42 41 33 35 34 38 32 34 45 44 31 3c 2f 43 49 44 3e 3c 45 76 65 6e 74 73 3e 3c 45 3e 3c 54 3e 45 76 65 6e 74 2e 43 6c 69 65 6e 74 49 6e 73 74 3c 2f 54 3e 3c 49 47 3e 33 35 31 41 41 38 32 41 45 39 30 43 34 36 36 39 39 46 35 42 31 46 45 33 34 32 42 45 37 45 31 30 3c 2f 49 47 3e 3c 44 3e 3c 21 5b 43 44 41 54 41 5b 7b 22 43 75 72 55 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 69 6e 67 2e 63 6f 6d 2f 41 53 2f 41 50 49 2f 57 69 6e 64 6f 77 73 43 6f 72 74 61 6e 61 50 61 6e 65 2f 56 32 2f 49 6e 69 74 22 2c 22 50 69 76 6f 74 22 3a 22 51 46 22 2c 22 54 22 3a 22 43 49 2e 42 6f 78 4d 6f 64 65 6c 22 2c 22 46 49 44 22 3a 22 43 49
Data Ascii: ClientInstRequest><CID>81C61E09498D41CC97CDBBA354824ED1</CID><Events><E><T>Event.ClientInst</T><IG>351AA82AE90C46699F5B1FE342BE7E10</IG><D><![CDATA[{"CurUrl":"https://www.bing.com/AS/API/WindowsCortanaPane/V2/Init","Pivot":"QF","T":"CI.BoxModel","FID":"CI
2024-10-01 08:56:06 UTC480INHTTP/1.1 204 No Content
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
X-MSEdge-Ref: Ref A: CCAC6B2F519A4CE486ACC4F71D08E8EC Ref B: LAX311000108045 Ref C: 2024-10-01T08:56:06Z
Date: Tue, 01 Oct 2024 08:56:06 GMT
Connection: close
Alt-Svc: h3=":443"; ma=93600
X-CDN-TraceID: 0.3ca6dc17.1727772966.21220863


Session IDSource IPSource PortDestination IPDestination Port
13192.168.2.64973840.113.110.67443
TimestampBytes transferredDirectionData
2024-10-01 08:56:14 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 49 6e 65 72 33 57 78 6b 4e 55 69 62 4a 54 2f 2b 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 32 34 31 38 66 33 35 32 36 61 62 32 66 35 36 0d 0a 0d 0a
Data Ascii: CNT 1 CON 305MS-CV: Iner3WxkNUibJT/+.1Context: 82418f3526ab2f56
2024-10-01 08:56:14 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 08:56:14 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 49 6e 65 72 33 57 78 6b 4e 55 69 62 4a 54 2f 2b 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 32 34 31 38 66 33 35 32 36 61 62 32 66 35 36 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 5a 72 4b 68 57 70 72 57 78 35 73 73 68 53 4a 38 4b 76 42 68 36 4e 52 4a 42 46 4b 49 6b 75 65 76 59 72 46 4c 62 44 79 6d 73 71 58 75 6d 6f 46 6d 79 38 44 38 42 56 35 34 42 44 6a 46 69 79 55 35 50 47 4f 50 78 61 4e 2f 35 72 59 34 35 6b 4a 4b 76 72 43 76 61 43 44 6f 6e 2b 42 4e 43 66 54 79 31 63 4c 63 75 49 71 31 38 70 6e 39
Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: Iner3WxkNUibJT/+.2Context: 82418f3526ab2f56<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATZrKhWprWx5sshSJ8KvBh6NRJBFKIkuevYrFLbDymsqXumoFmy8D8BV54BDjFiyU5PGOPxaN/5rY45kJKvrCvaCDon+BNCfTy1cLcuIq18pn9
2024-10-01 08:56:14 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 49 6e 65 72 33 57 78 6b 4e 55 69 62 4a 54 2f 2b 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 38 32 34 31 38 66 33 35 32 36 61 62 32 66 35 36 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
Data Ascii: BND 3 CON\WNS 0 197MS-CV: Iner3WxkNUibJT/+.3Context: 82418f3526ab2f56<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 08:56:14 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
Data Ascii: 202 1 CON 58
2024-10-01 08:56:14 UTC58INData Raw: 4d 53 2d 43 56 3a 20 63 66 4a 39 2f 66 6d 7a 7a 6b 4f 46 46 72 52 48 73 4c 68 42 62 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
Data Ascii: MS-CV: cfJ9/fmzzkOFFrRHsLhBbA.0Payload parsing failed.


Session IDSource IPSource PortDestination IPDestination Port
14192.168.2.64973940.113.110.67443
TimestampBytes transferredDirectionData
2024-10-01 08:56:36 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 4b 4b 4f 36 43 71 52 64 4d 6b 65 69 62 46 38 58 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 35 31 62 33 63 62 66 37 37 32 31 64 34 61 0d 0a 0d 0a
Data Ascii: CNT 1 CON 305MS-CV: KKO6CqRdMkeibF8X.1Context: c951b3cbf7721d4a
2024-10-01 08:56:36 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 08:56:36 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 4b 4b 4f 36 43 71 52 64 4d 6b 65 69 62 46 38 58 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 35 31 62 33 63 62 66 37 37 32 31 64 34 61 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 5a 72 4b 68 57 70 72 57 78 35 73 73 68 53 4a 38 4b 76 42 68 36 4e 52 4a 42 46 4b 49 6b 75 65 76 59 72 46 4c 62 44 79 6d 73 71 58 75 6d 6f 46 6d 79 38 44 38 42 56 35 34 42 44 6a 46 69 79 55 35 50 47 4f 50 78 61 4e 2f 35 72 59 34 35 6b 4a 4b 76 72 43 76 61 43 44 6f 6e 2b 42 4e 43 66 54 79 31 63 4c 63 75 49 71 31 38 70 6e 39
Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: KKO6CqRdMkeibF8X.2Context: c951b3cbf7721d4a<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATZrKhWprWx5sshSJ8KvBh6NRJBFKIkuevYrFLbDymsqXumoFmy8D8BV54BDjFiyU5PGOPxaN/5rY45kJKvrCvaCDon+BNCfTy1cLcuIq18pn9
2024-10-01 08:56:36 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4b 4b 4f 36 43 71 52 64 4d 6b 65 69 62 46 38 58 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 63 39 35 31 62 33 63 62 66 37 37 32 31 64 34 61 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
Data Ascii: BND 3 CON\WNS 0 197MS-CV: KKO6CqRdMkeibF8X.3Context: c951b3cbf7721d4a<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 08:56:37 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
Data Ascii: 202 1 CON 58
2024-10-01 08:56:37 UTC58INData Raw: 4d 53 2d 43 56 3a 20 69 4e 42 61 52 77 49 75 71 6b 69 68 55 37 7a 44 48 66 39 6f 52 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
Data Ascii: MS-CV: iNBaRwIuqkihU7zDHf9oRA.0Payload parsing failed.


Session IDSource IPSource PortDestination IPDestination PortPIDProcess
15192.168.2.6497404.245.163.56443
TimestampBytes transferredDirectionData
2024-10-01 08:56:42 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=vvy2LUWbdSoShkB&MD=54Pk3Lau HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
Host: slscr.update.microsoft.com
2024-10-01 08:56:42 UTC560INHTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/octet-stream
Expires: -1
Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
MS-CorrelationId: 6edf3943-48e7-4611-8c31-5e1b6536aa83
MS-RequestId: c0bfe02b-db74-4e33-8783-40b838aa166c
MS-CV: 0Qb2OjxN1k2U0Gf6.0
X-Microsoft-SLSClientCache: 1440
Content-Disposition: attachment; filename=environment.cab
X-Content-Type-Options: nosniff
Date: Tue, 01 Oct 2024 08:56:41 GMT
Connection: close
Content-Length: 30005
2024-10-01 08:56:42 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-10-01 08:56:42 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


Session IDSource IPSource PortDestination IPDestination Port
16192.168.2.64974340.113.110.67443
TimestampBytes transferredDirectionData
2024-10-01 08:57:00 UTC71OUTData Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 35 0d 0a 4d 53 2d 43 56 3a 20 2f 4d 54 68 65 4b 63 76 4b 55 57 41 4e 35 78 70 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 65 36 61 62 63 36 62 36 31 30 35 61 32 31 0d 0a 0d 0a
Data Ascii: CNT 1 CON 305MS-CV: /MTheKcvKUWAN5xp.1Context: 22e6abc6b6105a21
2024-10-01 08:57:00 UTC249OUTData Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 32 30 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e
Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware20,1</deviceName><followRetry>true</followRetry></agent></connect>
2024-10-01 08:57:00 UTC1084OUTData Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 36 31 0d 0a 4d 53 2d 43 56 3a 20 2f 4d 54 68 65 4b 63 76 4b 55 57 41 4e 35 78 70 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 65 36 61 62 63 36 62 36 31 30 35 61 32 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 34 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 54 5a 72 4b 68 57 70 72 57 78 35 73 73 68 53 4a 38 4b 76 42 68 36 4e 52 4a 42 46 4b 49 6b 75 65 76 59 72 46 4c 62 44 79 6d 73 71 58 75 6d 6f 46 6d 79 38 44 38 42 56 35 34 42 44 6a 46 69 79 55 35 50 47 4f 50 78 61 4e 2f 35 72 59 34 35 6b 4a 4b 76 72 43 76 61 43 44 6f 6e 2b 42 4e 43 66 54 79 31 63 4c 63 75 49 71 31 38 70 6e 39
Data Ascii: ATH 2 CON\DEVICE 1061MS-CV: /MTheKcvKUWAN5xp.2Context: 22e6abc6b6105a21<device><compact-ticket>t=EwC4AupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAATZrKhWprWx5sshSJ8KvBh6NRJBFKIkuevYrFLbDymsqXumoFmy8D8BV54BDjFiyU5PGOPxaN/5rY45kJKvrCvaCDon+BNCfTy1cLcuIq18pn9
2024-10-01 08:57:00 UTC218OUTData Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 2f 4d 54 68 65 4b 63 76 4b 55 57 41 4e 35 78 70 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 32 32 65 36 61 62 63 36 62 36 31 30 35 61 32 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e
Data Ascii: BND 3 CON\WNS 0 197MS-CV: /MTheKcvKUWAN5xp.3Context: 22e6abc6b6105a21<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2024-10-01 08:57:00 UTC14INData Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a
Data Ascii: 202 1 CON 58
2024-10-01 08:57:00 UTC58INData Raw: 4d 53 2d 43 56 3a 20 32 38 63 6c 4d 69 76 4e 39 6b 65 5a 46 4c 38 6b 2b 2f 4b 44 4f 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e
Data Ascii: MS-CV: 28clMivN9keZFL8k+/KDOw.0Payload parsing failed.


Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

General

Target ID:0
Start time:04:55:43
Start date:01/10/2024
Path:C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:0x7ff684c40000
File size:3'242'272 bytes
MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

General

Target ID:2
Start time:04:55:48
Start date:01/10/2024
Path:C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2576 --field-trial-handle=2536,i,6631029011828879986,6212982866221514102,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:0x7ff684c40000
File size:3'242'272 bytes
MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:false

General

Target ID:3
Start time:04:55:51
Start date:01/10/2024
Path:C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):false
Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.dropbox.com%2Fl%2Fscl%2FAAAOnEp5m00KwtoojBmhj8fUchpsRJFe9CM&tid=402b15a5-7cb9-4d1b-85a3-49542f8bd230"
Imagebase:0x7ff684c40000
File size:3'242'272 bytes
MD5 hash:5BBFA6CBDF4C254EB368D534F9E23C92
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

Disassembly

No disassembly