Edit tour

Windows Analysis Report
https://s.ksrndkehqnwntyxlhgto.com

Overview

General Information

Sample URL:	https://s.ksrndkehqnwntyxlhgto.com
Analysis ID:	1562618
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6960 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6344 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2004,i,3590478224316058676,8418957698978979896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7192 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.ksrndkehqnwntyxlhgto.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://s.ksrndkehqnwntyxlhgto.com/

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49723 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 2.18.109.164
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: s.ksrndkehqnwntyxlhgto.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: s.ksrndkehqnwntyxlhgto.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://s.ksrndkehqnwntyxlhgto.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ORD4VPMwSeLzNz4&MD=5mnE84TT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2Fs.ksrndkehqnwntyxlhgto.com&oit=3&cp=7&pgcl=4&gs_rn=42&psi=mdgveijKENdVHWvQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: s.ksrndkehqnwntyxlhgto.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "dc5bcbf7f9372ccc9aedb581fe88edfe"If-Modified-Since: Wed, 13 Jun 2018 16:12:20 GMT
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: s.ksrndkehqnwntyxlhgto.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://s.ksrndkehqnwntyxlhgto.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ORD4VPMwSeLzNz4&MD=5mnE84TT HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=s.ksrndkehqnwntyxlhgto.com&oit=3&pgcl=15&gs_rn=42&psi=mdgveijKENdVHWvQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=519=tQK2GeGlScmUehHmPiT4TNBWga41o3i4CKDeNHh-rJjy5lFqKaqkc2t0l7e7v0s0njGTgaezQbkc6sTxfGbk7q7ExDY4gRPO0pJi57qKaez-ZNz6n5jQOlCxgRaMt3uYwTK64jeSlDts1MwcQQv0qZaYAM_djaDGBbQftj-1vhgfOID14pTRxeM
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: s.ksrndkehqnwntyxlhgto.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://s.ksrndkehqnwntyxlhgto.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: s.ksrndkehqnwntyxlhgto.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Mon, 25 Nov 2024 18:28:54 GMTX-Cache: Error from cloudfrontVia: 1.1 69a82a9746d3a7343dca651e0829f000.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA60-P5X-Amz-Cf-Id: 4q8GF3HFWzC90iz6UINYj26EaUhWMKfcYfC_bQ_cJk3Xe9Wx6QSDYQ==
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Mon, 25 Nov 2024 18:29:35 GMTX-Cache: Error from cloudfrontVia: 1.1 2b92d172bc628dd9c34a8c262218ac02.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA60-P5X-Amz-Cf-Id: _RaUHN_OTnCi6CGvjD9u1TP_t9YXWNy7jgwou6fE30dPWqZjTQR1Jw==
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Mon, 25 Nov 2024 18:29:58 GMTX-Cache: Error from cloudfrontVia: 1.1 671c13f54b1ad36c801a07e5c548b1c8.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA60-P5X-Amz-Cf-Id: Vm41U-EjmUUmGH2LAOQ0Bs2orYg6ab1Kk3EnytFJTzHezvqlRpCwzw==

Source: chromecache_63.1.dr	String found in binary or memory: http://www.broofa.com
Source: chromecache_71.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chromecache_71.1.dr	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chromecache_63.1.dr, chromecache_71.1.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_71.1.dr	String found in binary or memory: https://clients6.google.com
Source: chromecache_71.1.dr	String found in binary or memory: https://content.googleapis.com
Source: chromecache_71.1.dr	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chromecache_63.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chromecache_63.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chromecache_63.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chromecache_63.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chromecache_63.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_71.1.dr	String found in binary or memory: https://plus.google.com
Source: chromecache_71.1.dr	String found in binary or memory: https://plus.googleapis.com
Source: chromecache_71.1.dr	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chromecache_71.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chromecache_71.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chromecache_63.1.dr	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chromecache_63.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chromecache_63.1.dr	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.18.109.164:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49723 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@22/28@10/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2004,i,3590478224316058676,8418957698978979896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.ksrndkehqnwntyxlhgto.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2004,i,3590478224316058676,8418957698978979896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Registry Run Keys / Startup Folder	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Registry Run Keys / Startup Folder	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://s.ksrndkehqnwntyxlhgto.com	0%	Avira URL Cloud	safe

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
plus.l.google.com	142.250.181.78	true	false	high
play.google.com	172.217.19.238	true	false	high
s.ksrndkehqnwntyxlhgto.com	18.245.60.90	true	false	high
www.google.com	142.250.181.68	true	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://s.ksrndkehqnwntyxlhgto.com/favicon.ico	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2Fs.ksrndkehqnwntyxlhgto.com&oit=3&cp=7&pgcl=4&gs_rn=42&psi=mdgveijKENdVHWvQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://s.ksrndkehqnwntyxlhgto.com/	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=s.ksrndkehqnwntyxlhgto.com&oit=3&pgcl=15&gs_rn=42&psi=mdgveijKENdVHWvQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://play.google.com/log?format=json&hasfast=true	chromecache_63.1.dr	false	high
http://www.broofa.com	chromecache_63.1.dr	false	high
https://apis.google.com	chromecache_63.1.dr, chromecache_71.1.dr	false	high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chromecache_71.1.dr	false	high
https://domains.google.com/suggest/flow	chromecache_71.1.dr	false	high
https://clients6.google.com	chromecache_71.1.dr	false	high
https://plus.google.com	chromecache_71.1.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.245.60.90	s.ksrndkehqnwntyxlhgto.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
142.250.181.78	plus.l.google.com	United States	15169	GOOGLEUS	false
18.245.60.77	unknown	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.8
192.168.2.16

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562618
Start date and time:	2024-11-25 19:28:16 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://s.ksrndkehqnwntyxlhgto.com
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	13
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@22/28@10/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.190.181.0, 20.190.181.3, 20.190.181.23, 20.231.128.66, 20.190.181.5, 40.126.53.15, 20.231.128.65, 20.190.181.4, 216.58.208.227, 64.233.165.84, 172.217.19.238, 34.104.35.123, 172.217.21.35, 172.217.17.74, 172.217.21.42, 172.217.19.170, 172.217.19.10, 142.250.181.42, 142.250.181.10, 142.250.181.74, 142.250.181.106, 172.217.17.42, 172.217.19.234, 172.217.19.202, 142.250.181.138, 172.217.17.35, 172.217.17.46
Excluded domains from analysis (whitelisted): clients1.google.com, prdv4a.aadg.msidentity.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.akadns.net, clientservices.googleapis.com, ogads-pa.googleapis.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, login.live.com, update.googleapis.com, clients.l.google.com, www.gstatic.com, www.tm.lg.prod.aadmsa.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://s.ksrndkehqnwntyxlhgto.com

Simulations

Behavior and APIs

⊘No simulations

Input	Output
URL: https://s.ksrndkehqnwntyxlhgto.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false, "random_domain": true }
URL: https://s.ksrndkehqnwntyxlhgto.com
URL: https://s.ksrndkehqnwntyxlhgto.com/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false }

URL: https://s.ksrndkehqnwntyxlhgto.com/ Model: Joe Sandbox AI	{ "brands": [] }

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 17:28:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9860082030580286
Encrypted:	false
SSDEEP:	48:80dqcTKApWH7idAKZdA1FehwiZUklqehny+3:86LmUy
MD5:	7A76B9A46A195C24C0730E9D1B6405F9
SHA1:	FBDAC66E09DB9C8D73AA9C2B47C42AD4C884FF6D
SHA-256:	DAE9AAA6F27D8FCDC5D9B2C7E4D8124184C8EA3B02D80131A64A74EC9F546E8B
SHA-512:	259C045BE3E81339708E3401795286662B4A3204CE14816E1F205C2D9CE7C7B2F1BCD69829CC2A72BDF963BE561AB3D756ABE64B6A025C5097B7613EBA9EB0FC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,......o.g?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............PH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 17:28:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.002805578638615
Encrypted:	false
SSDEEP:	48:87dqcTKApWH7idAKZdA1seh/iZUkAQkqehEy+2:8PLg9QVy
MD5:	3CA254C7165D20D536160CBBD674E579
SHA1:	4AF6C18160E514AC9AC47249C1FC7BF9EF3B8235
SHA-256:	1AF319553F4376BFCFD9F646D586C107F5074B129C458EBB00B9E92D6ADF5E22
SHA-512:	1CA9D3E216E8548389EE490C90C6E4617AF18CD9D33AD125F7160CEA5A23AAD1557C002A2FEB5D4442433474C4FB1D2F19D852A95FE83EE20D0496FF9D2FE4D2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....3c.g?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............PH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.012714122510863
Encrypted:	false
SSDEEP:	48:8ZdqcTKApAH7idAKZdA14meh7sFiZUkmgqeh7sqy+BX:8JLKnwy
MD5:	13F1BCD22818D701E47E9D68E8F8EE51
SHA1:	D18C0F4068452C0D6DE298E17204B6BD03195A0E
SHA-256:	BD3A7905E8F90F106750BA71B22F7A9DE72CED2FBFCBBD15B36C74B2B65E8F17
SHA-512:	819A74443346448398E7776F3D1EC30D85D23AACC95BE08459E6FA0B116A0E709AA345361D41444FAEA04E4625DD9A4F354B8F0BE094440E8EA31E2BEF02A19E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............PH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 17:28:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.001789949582649
Encrypted:	false
SSDEEP:	48:87dqcTKApWH7idAKZdA1TehDiZUkwqehIy+R:8PL7iy
MD5:	E29DAB68533BD54A0F45922096197247
SHA1:	F49E2540A24005F616AF68D622BAFC9CF2B7882F
SHA-256:	C0C7FFD57FD610E027245DB504C9D067E5D7A421832B5CD99BA0032EC09BAB85
SHA-512:	725588DEA9FCEAE5A30E630142F642C1E209B4BD490BE0B418AF43EC635585BBEA46DC679D2517A3F332E17FB237BB447BD9C52859A8784AE7A8B04A1AF25879
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....qg].g?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............PH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 17:28:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.985300723247555
Encrypted:	false
SSDEEP:	48:81dqcTKApWH7idAKZdA1dehBiZUk1W1qehGy+C:81L79my
MD5:	7FA7AFFBC6AF3B07A35D3D0B14FBD556
SHA1:	598E9082388C4F2A7A523C4CCD49FAC236D07D78
SHA-256:	9B6A2A2F24122EE7C3186B9CE377769C38D7FDF4451FDDD1AF5308D1A0741EBB
SHA-512:	9391A5D52B0CA43C21D55776D6F753DBAEBA4E71C44D9F5381A3DE0913242B701445DA8AEE6D4EEF057C1858CB8C6C8C20FC52F492F48F541727E017B80A0389
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....>.i.g?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............PH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Mon Nov 25 17:28:51 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	3.9964797253621955
Encrypted:	false
SSDEEP:	48:8sdqcTKApWH7idAKZdA1duTeehOuTbbiZUk5OjqehOuTbwy+yT+:8SLfTfTbxWOvTbwy7T
MD5:	DB7B55E03EA782D611E8C578248F1DCA
SHA1:	216297204ACF79F36A991E82190249ED76D55DD7
SHA-256:	7098792E8C27E9FD19F1B70AB7FAB06D673FD3FE634D4CFB28D5EF982AF55D02
SHA-512:	EFEADD37039575F217E3A03B8F9FC0C9CE1470F814C6CCFA41D83C8FD3A3153AF476641007678D2BD5E561B845EE2FD52F90EC311715148C207CF7272AAA16AC
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....=.S.g?..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.IyY......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VyY......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.VyY......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.VyY............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VyY.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i.............PH.....C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Chrome Cache Entry: 62

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3491)
Category:	downloaded
Size (bytes):	3496
Entropy (8bit):	5.832060512810835
Encrypted:	false
SSDEEP:	96:JAffliiH6666kriIjMvgo41PEk8USUF96dYfPK9z0qfffffX:6VhH6666ciI91NEkzJ96YHK9A0
MD5:	05CD1630DC13D6642B9DB7916DEA4399
SHA1:	216A829EB59518B694151F6575A4165EE2C1B199
SHA-256:	FC5EF48C449948C437D3C20B5DC9A1F99C159061C36E6DB3B3E940722BFBAC3A
SHA-512:	94D517D078B5AC3D4AF62460F7E43450999F410C80F91D81E7F94811C84EEA79C91749914FDD7F970344C6396B000DCA3D820BCBC4A5C5F74C18EF6B9D82B705
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["box office wicked movie","microsoft outlook outages","the earth tilted 31.5 inches","seattle seahawks cardinals","nyt crossword clues","green bay packers 49ers game","disney dreamlight valley","winter weather warnings"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMXE5dGQ3NXY2EgpWaWRlbyBnYW1lMssOZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBY0FBQUJCQU1CQUFBQUFBQUFBQUFBQUFBRUF3VUdCd0FCQWdqL3hBQTFFQUFDQVFJRUJBTUdCQWNCQUFBQUFBQUJBZ01FRVFBRkVpRUdFekZCTWxGeEJ5SmhZb

Chrome Cache Entry: 63

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	175021
Entropy (8bit):	5.5519862292821776
Encrypted:	false
SSDEEP:	3072:kEBR0Kx4gWiUIzT2Zu2AuhZNsWGUHUylZBTftnn2N2DIWHUm1CBT46mG3bXnejYR:kKR0oWiUIzy42AuXNsWGUHLlZBTftn2b
MD5:	6ECBEC06F6245882E6D9659E66022263
SHA1:	F86FC301A3851511557DF798AD2BAD2AA4659946
SHA-256:	F7885470D82B8357E5AD03205AC0885DD9FD6F965E550D746627E5E35D4CF66B
SHA-512:	F2EDD978C9DC289B82DC0956503659B92C3B621DD1001DB2C5C34ACA01FFCDE7F84A6B24ED0B30A1EA6B15D937B6DD93FAE1DB97DCE26E9F9FCE1A3F5C43A8DD
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTus2ZfPv70D5bJuGT4XDgi-VtNqjg"
Preview:	this.gbar_=this.gbar_\|\|{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj\|\|(_.bj=new cj)).set(a,b);(_.dj\|\|(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a\|2:a&-3)\|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a\|1};_.lj=function(a){return!!(2&a)&&!!(4&a)\|\|!!(2048&a)};_.mj=function(a,b,c){32&b&&c\|\|(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_

Chrome Cache Entry: 64

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	29
Entropy (8bit):	3.9353986674667634
Encrypted:	false
SSDEEP:	3:VQAOx/1n:VQAOd1n
MD5:	6FED308183D5DFC421602548615204AF
SHA1:	0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
SHA-256:	4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
SHA-512:	A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/newtab_promos
Preview:	)]}'.{"update":{"promos":{}}}

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65531)
Category:	downloaded
Size (bytes):	132981
Entropy (8bit):	5.43544242469698
Encrypted:	false
SSDEEP:	3072:fVkXyPqO7UX1Hme9kZbs4Voc5DSnXqwQ2i6o:f+yWFHrp4Voc5DSnawQ8o
MD5:	3C893D8CC0E93466B63E789F9B632930
SHA1:	16E3B683B7D33AEFB93725CEAE8891C1EAA8A856
SHA-256:	22C938DDCD6F8A162E6058E80EB298596C589641D90CAB5A5600EC3007518584
SHA-512:	C9CEFE331357A6A43AACDBF2AE6956EF54B64307F82954934DFF2A158DA81030D29675376F015BAA98426F0D1F205FAC058C058AB4A803C06C9D7A623A58C43D
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
Preview:	)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5162), with no line terminators
Category:	downloaded
Size (bytes):	5162
Entropy (8bit):	5.3503139230837595
Encrypted:	false
SSDEEP:	96:lXTMb1db1hNY/cobkcsidqg3gcIOnAg8IF8uM8DvY:lXT0TGKiqggdaAg8IF8uM8DA
MD5:	7977D5A9F0D7D67DE08DECF635B4B519
SHA1:	4A66E5FC1143241897F407CEB5C08C36767726C1
SHA-256:	FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
SHA-512:	8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
Malicious:	false
Reputation:	low
URL:	"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
Preview:	.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	243
Entropy (8bit):	5.568704685437561
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZjZvKtWRVzj6mAVfP9bJiY8T8San:TMHd9BZKtWRkgY8T8Sa
MD5:	C0E5214C5A14E118923F66692E17A142
SHA1:	47472934902B037AE22A43C536272B85A620E358
SHA-256:	31CAFFA995B8323D1E1A9EAFCF8A7EE8AA355E93984CD8BEA413DCD64A07B5EF
SHA-512:	2957C986A25A8E1FFDD831C541159CA2721D0DD0A3BF273FBA0FE3EAB348CE582CA7C9909E50945401039F302B59AC2E06DD5AA0E71A374479E791284C1E2B6F
Malicious:	false
Reputation:	low
URL:	https://s.ksrndkehqnwntyxlhgto.com/favicon.ico
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>TY1Q14N5THKW665N</RequestId><HostId>o0mN1TgZeLzfGqfnTB0qku9fvx5vQbsI/hLBob8BQS7wdgIf4653Qmlaal3aJ8ebsLrRuA7cP24=</HostId></Error>

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SVG Scalable Vector Graphics image
Category:	downloaded
Size (bytes):	1660
Entropy (8bit):	4.301517070642596
Encrypted:	false
SSDEEP:	48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
MD5:	554640F465EB3ED903B543DAE0A1BCAC
SHA1:	E0E6E2C8939008217EB76A3B3282CA75F3DC401A
SHA-256:	99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
SHA-512:	462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
Malicious:	false
Reputation:	low
URL:	https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Preview:	<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	20
Entropy (8bit):	3.3841837197791884
Encrypted:	false
SSDEEP:	3:OHKW3Ae:OqOAe
MD5:	DC5BCBF7F9372CCC9AEDB581FE88EDFE
SHA1:	79097FE77C29B4CA590114BDD0331431A1EFC470
SHA-256:	D872E8E4176213EA84EBC76D8FB621C31B4CA116FD0A51258813E804FE110CA4
SHA-512:	1EA2F632E9647FBDE1DA45DB3F295620E3B8228E48C237134DE7ADCE74121F9F12B0A647D27A574B4172A93A4E86B9C1B5868C24ABA5F48253E6283EAB35F6F0
Malicious:	false
Reputation:	low
URL:	https://s.ksrndkehqnwntyxlhgto.com/
Preview:	Nothing to see here.

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	146
Entropy (8bit):	4.802573701146521
Encrypted:	false
SSDEEP:	3:VwPWlOoh3wwBHsLpHbGWjLwWkzXFETH1u4:VwPeVV5BHsLRGAwWeXFEL13
MD5:	DC8485D7E83C75D73B807A8FDB2891FA
SHA1:	1B3A64493F14C64D682B68ACF5DFA187B59520EE
SHA-256:	212EF7F91FDB0F9D179089EC036AC3E4BD575E615785C27280B6115DF47D06DD
SHA-512:	24B76DF4FD57716C826B0FBCCA46E4A7D9DA4EB7409056B7201E456ED34E139E07B4F64AE6B0503F022D2E4B797491E8F0F691034BEDEF40F5AE82A82269C0A9
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=s.ksrndkehqnwntyxlhgto.com&oit=3&pgcl=15&gs_rn=42&psi=mdgveijKENdVHWvQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["s.ksrndkehqnwntyxlhgto.com",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"google:verbatimrelevance":851}]

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1302)
Category:	downloaded
Size (bytes):	116987
Entropy (8bit):	5.487092744347448
Encrypted:	false
SSDEEP:	3072:8gyvyaJrCo6iq9OWVpM3s8KjALDu/ASq0fIrs+a:8gy6o6iqrmKsd0fIrs7
MD5:	DF907C9E6BC048EA1505930FAB9010A9
SHA1:	51FF7084F44C713E30335C5D30CFC1AAC8F34774
SHA-256:	B3B7340EE6C9240EE8FCFEDA03C6EF4CE7DB0DD0DC213B19C8D4C87ADDC15105
SHA-512:	27D9A9B0372D97847418488D9F1DF50C0CA475156EF78E0103D45084580806232C0EBD3087729A9860E059B0DC620D367E0617B8BDE43FFBC8B42253C528B58B
Malicious:	false
Reputation:	low
URL:	"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0"
Preview:	gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x200000, ]);.var aa,ba,fa,ma,na,ra,sa,ua;aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.fa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ka=fa(this);ma=function(a,b){if(b)a:{var c=_.ka;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.ma("Symbol",function(a){if(a)r

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	downloaded
Size (bytes):	19
Entropy (8bit):	3.6818808028034042
Encrypted:	false
SSDEEP:	3:VQRWN:VQRWN
MD5:	9FAE2B6737B98261777262B14B586F28
SHA1:	79C894898B2CED39335EB0003C18B27AA8C6DDCD
SHA-256:	F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
SHA-512:	29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
Malicious:	false
Reputation:	low
URL:	https://www.google.com/async/ddljson?async=ntp:2
Preview:	)]}'.{"ddljson":{}}

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 19:28:44.020926952 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:28:44.020946026 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:28:44.020960093 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:28:44.021044970 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:28:44.021056890 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:28:44.021066904 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:28:44.021080971 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:28:44.021090031 CET	49702	80	192.168.2.16	93.184.221.240
Nov 25, 2024 19:28:44.021120071 CET	49702	80	192.168.2.16	93.184.221.240
Nov 25, 2024 19:28:44.066528082 CET	49702	80	192.168.2.16	93.184.221.240
Nov 25, 2024 19:28:44.644529104 CET	49673	443	192.168.2.16	204.79.197.203
Nov 25, 2024 19:28:47.045034885 CET	49673	443	192.168.2.16	204.79.197.203
Nov 25, 2024 19:28:48.934442043 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:48.934489012 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:48.934617996 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:48.935719013 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:48.935736895 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:48.952172995 CET	49690	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:28:50.387010098 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:50.387155056 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:50.391824007 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:50.391848087 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:50.392133951 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:50.438033104 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:50.452662945 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:50.499330997 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:50.698518991 CET	49678	443	192.168.2.16	20.189.173.10
Nov 25, 2024 19:28:50.940637112 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:50.940697908 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:50.940862894 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:50.940895081 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:50.940907955 CET	49707	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:50.940913916 CET	443	49707	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:51.008960009 CET	49678	443	192.168.2.16	20.189.173.10
Nov 25, 2024 19:28:51.140321970 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:51.140361071 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:51.140522003 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:51.140748024 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:51.140764952 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:51.610999107 CET	49678	443	192.168.2.16	20.189.173.10
Nov 25, 2024 19:28:51.850208998 CET	49673	443	192.168.2.16	204.79.197.203
Nov 25, 2024 19:28:52.220062017 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:52.220096111 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:52.220200062 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:52.220521927 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:52.220535994 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:52.221065044 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:52.221102953 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:52.221618891 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:52.221883059 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:52.221904039 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:52.551127911 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:52.551235914 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:52.552778959 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:52.552798986 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:52.553164959 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:52.555440903 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:52.599348068 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:52.824007034 CET	49678	443	192.168.2.16	20.189.173.10
Nov 25, 2024 19:28:53.068650007 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:53.068757057 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:53.068819046 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:53.069293976 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:53.069315910 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:53.069325924 CET	49711	443	192.168.2.16	2.18.109.164
Nov 25, 2024 19:28:53.069331884 CET	443	49711	2.18.109.164	192.168.2.16
Nov 25, 2024 19:28:53.875368118 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.875636101 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.875655890 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.876876116 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.876960039 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.877938032 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.878017902 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.878115892 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.878124952 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.881604910 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.881841898 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.881855965 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.883327961 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.883438110 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.883688927 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.883774042 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.923012018 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.939024925 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:53.939043045 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:53.987010956 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:54.408786058 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:54.408879042 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:54.408931971 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:54.409820080 CET	49712	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:54.409837008 CET	443	49712	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:54.461389065 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:54.507349968 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:55.165679932 CET	49680	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:28:55.230029106 CET	49678	443	192.168.2.16	20.189.173.10
Nov 25, 2024 19:28:55.274519920 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:55.274646044 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:55.275060892 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:55.277424097 CET	49713	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:28:55.277446985 CET	443	49713	18.245.60.90	192.168.2.16
Nov 25, 2024 19:28:55.466051102 CET	49680	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:28:55.614340067 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:55.614396095 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:28:55.614492893 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:55.614955902 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:55.614980936 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:28:56.072449923 CET	49680	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:28:56.831084967 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:56.831118107 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:56.831259966 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:56.833415031 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:56.833426952 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:57.283041954 CET	49680	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:28:57.369143009 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:28:57.369530916 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:57.369549990 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:28:57.370584011 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:28:57.370677948 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:57.372114897 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:57.372180939 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:28:57.427038908 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:57.427077055 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:28:57.475147009 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:28:58.832204103 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:58.832349062 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:58.834362984 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:58.834377050 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:58.834758043 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:58.878098965 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:58.891334057 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:58.935334921 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.565004110 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.565025091 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.565035105 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.565045118 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.565079927 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.565121889 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:59.565143108 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.565184116 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:59.565201998 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:59.585978985 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.586064100 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.586100101 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:59.586139917 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:59.586236000 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:59.586236000 CET	49716	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:28:59.586256027 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.586265087 CET	443	49716	172.202.163.200	192.168.2.16
Nov 25, 2024 19:28:59.691195011 CET	49680	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:29:00.042001009 CET	49678	443	192.168.2.16	20.189.173.10
Nov 25, 2024 19:29:01.465024948 CET	49673	443	192.168.2.16	204.79.197.203
Nov 25, 2024 19:29:04.500077009 CET	49680	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:29:07.050662994 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:07.050745010 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:07.050820112 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:08.908900976 CET	49715	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:08.908926964 CET	443	49715	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:09.657010078 CET	49678	443	192.168.2.16	20.189.173.10
Nov 25, 2024 19:29:14.111033916 CET	49680	80	192.168.2.16	192.229.211.108
Nov 25, 2024 19:29:26.775597095 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:26.775646925 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:26.775743961 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:26.776150942 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:26.776180983 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:28.722574949 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:28.724522114 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:28.724538088 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:28.724865913 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:28.725523949 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:28.725588083 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:28.768107891 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:31.974220037 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.015330076 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:32.441953897 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.442043066 CET	443	49717	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:32.442106009 CET	49717	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.442969084 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.443005085 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:32.443094969 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.443346977 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.443360090 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:32.544194937 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.544255972 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:32.544361115 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.544590950 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.544611931 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:32.649493933 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.649538994 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:32.649625063 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.649913073 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:32.649921894 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:33.695282936 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:33.695344925 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:33.695442915 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:33.695722103 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:33.695739985 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:33.696168900 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:33.696230888 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:33.696302891 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:33.696497917 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:33.696513891 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:34.194142103 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.194456100 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.194473982 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.195627928 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.195725918 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.196010113 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.196099997 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.241065979 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.241075993 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.289144993 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.334671974 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.334991932 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.335009098 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.335329056 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.335633993 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.335685968 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.348594904 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.348778009 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.348795891 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.349807978 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.349877119 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.350126982 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.350193977 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.385070086 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.401092052 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:34.401104927 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:34.449078083 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:35.329212904 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.329466105 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.329550028 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.329569101 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.329765081 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.329793930 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.329905033 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.330188036 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.330307961 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.330526114 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.330526114 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.330606937 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.330760956 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.375329971 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.377110958 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.911879063 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.911955118 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.912045956 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.912391901 CET	49721	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.912410021 CET	443	49721	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:35.931593895 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:35.979332924 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:36.038250923 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:36.038289070 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:36.038415909 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:36.038785934 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:36.038798094 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:36.782890081 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:36.783498049 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:36.783559084 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:36.783766031 CET	49722	443	192.168.2.16	18.245.60.90
Nov 25, 2024 19:29:36.783782959 CET	443	49722	18.245.60.90	192.168.2.16
Nov 25, 2024 19:29:37.966027975 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:37.966161013 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:37.968056917 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:37.968066931 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:37.968291998 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:37.972687006 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.015328884 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.695606947 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.695631981 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.695664883 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.695766926 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.695796967 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.695815086 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.695833921 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.746042967 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.746141911 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.746181011 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.746205091 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.746228933 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.746231079 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.746274948 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.746372938 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.746386051 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:38.746400118 CET	49723	443	192.168.2.16	172.202.163.200
Nov 25, 2024 19:29:38.746406078 CET	443	49723	172.202.163.200	192.168.2.16
Nov 25, 2024 19:29:42.625981092 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:42.671331882 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:42.738796949 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:42.783327103 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:42.815778017 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:42.828514099 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:42.828553915 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:42.828648090 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:42.828893900 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:42.828903913 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:42.859333992 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.315817118 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.315859079 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.315881014 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.315908909 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.315924883 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.315969944 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.315974951 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.316087008 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.316129923 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.317161083 CET	49718	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.317174911 CET	443	49718	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.481093884 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.484157085 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.484253883 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.485119104 CET	49719	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.485142946 CET	443	49719	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.492708921 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.492758989 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.492786884 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.492815971 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.492837906 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.492914915 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.492964983 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.501734972 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.501802921 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.501813889 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.512717962 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.512801886 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.512825012 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.527961969 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.528031111 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.528062105 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.528146982 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.528218985 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.679094076 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.685802937 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.685889959 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.685925007 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.699527979 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.699603081 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.699615955 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.713013887 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.713102102 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.713129044 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.726619005 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.726697922 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.726727962 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.740220070 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.740300894 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.740319014 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.752643108 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.752695084 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.752703905 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.764801979 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.764862061 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.764869928 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.776732922 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.776793957 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.776802063 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.803594112 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.803625107 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.803633928 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.803678036 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.803706884 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.803726912 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.814786911 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.814856052 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.814866066 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.869160891 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.869199038 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.873397112 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.873487949 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.873507977 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.877547026 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.877616882 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.877631903 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.885966063 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.886034012 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.886044025 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.895709038 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.895807028 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.895822048 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.907402039 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.907488108 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.907502890 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.918880939 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.918936014 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.918943882 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.930526018 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.930610895 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.930624962 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.942120075 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.942244053 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.942253113 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.953738928 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.953897953 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.953923941 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.965085030 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.965146065 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.965163946 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.976629972 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.976703882 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.976712942 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.987469912 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:43.987526894 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:43.987536907 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.001050949 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.001110077 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.001120090 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.007343054 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.007396936 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.007405043 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.016745090 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.016802073 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.016813993 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.026127100 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.026185036 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.026195049 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.029257059 CET	49700	80	192.168.2.16	93.184.221.240
Nov 25, 2024 19:29:44.029320002 CET	49702	80	192.168.2.16	93.184.221.240
Nov 25, 2024 19:29:44.034545898 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.034606934 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.034614086 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.052619934 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.052676916 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.052684069 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.054198027 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.054250956 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.054259062 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.061284065 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.061337948 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.061346054 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.066561937 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.066621065 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.066627979 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.073868036 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.073925018 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.073930979 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.077666998 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.077718019 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.077724934 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.083003998 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.083075047 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.083081961 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.088507891 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.088565111 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.088576078 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.094391108 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.094439030 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.094444990 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.100523949 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.100577116 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.100581884 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.107322931 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.107373953 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.107381105 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.114635944 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.114690065 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.114696980 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.120465040 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.120523930 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.120532036 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.130389929 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.130443096 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.130450010 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.131486893 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.131540060 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.131546021 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.131747007 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.131798029 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.131851912 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.131853104 CET	443	49720	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.131897926 CET	49720	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.168899059 CET	80	49700	93.184.221.240	192.168.2.16
Nov 25, 2024 19:29:44.168967009 CET	49700	80	192.168.2.16	93.184.221.240
Nov 25, 2024 19:29:44.169653893 CET	80	49702	93.184.221.240	192.168.2.16
Nov 25, 2024 19:29:44.169701099 CET	49702	80	192.168.2.16	93.184.221.240
Nov 25, 2024 19:29:44.625438929 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.625742912 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.625767946 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.626169920 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.626471043 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.626542091 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:44.626590014 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.666115999 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:44.666130066 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:45.000727892 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.000771999 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:45.000883102 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.001143932 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.001154900 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:45.304765940 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.304816008 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:45.304891109 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.305214882 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.305222988 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:45.483751059 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:45.483884096 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:45.483941078 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.484673023 CET	49724	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:45.484680891 CET	443	49724	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:46.700589895 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:46.700947046 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:46.700963020 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:46.701280117 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:46.701585054 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:46.701637030 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:46.741199017 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:47.101259947 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:47.101591110 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:47.101603985 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:47.101905107 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:47.102210045 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:47.102257967 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:47.153135061 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:47.898976088 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:47.899003983 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:47.899081945 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:47.899224043 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:47.899238110 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:49.734543085 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:49.734810114 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:49.734822989 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:49.735816002 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:49.735893011 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:49.736793995 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:49.736891031 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:49.736941099 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:49.779345989 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:49.792104006 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:49.792114019 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:49.840101004 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.464827061 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.464879036 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.464904070 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.464927912 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.464941978 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.464983940 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.464991093 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.482332945 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.482404947 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.482414961 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.493165016 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.493242979 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.493251085 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.543132067 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.543143988 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.591188908 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.605875969 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.610449076 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.610507965 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.610527992 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.655306101 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.675146103 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.679846048 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.679920912 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.679941893 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.689577103 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.689675093 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.689697981 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.703383923 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.703511000 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.703526974 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.712862015 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.712934971 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.712951899 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.766942978 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.767043114 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.767074108 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.771286011 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.771383047 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.771389008 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.771403074 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.771591902 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.780885935 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.790421963 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.790501118 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.790517092 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.797460079 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.797575951 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.797591925 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.804677010 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.804742098 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.804754019 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.818564892 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.818634033 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.818650007 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.825690985 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.825754881 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.825768948 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.879134893 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.885435104 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.890131950 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.890208006 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.890227079 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.890244007 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.890289068 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.897233963 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.904469967 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.904522896 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.904558897 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.904581070 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.904623032 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.911319017 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.918497086 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.918598890 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.918622017 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.925532103 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.925690889 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.925704956 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.932651997 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.932760000 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.932773113 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.939574003 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.939671993 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.939682007 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.953668118 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.953696966 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.953769922 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.953789949 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.953861952 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.959084034 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.965965986 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.966087103 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.966104031 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.976038933 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.976124048 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.976145029 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.983767986 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.983838081 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.983844995 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.987453938 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.987607956 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.987615108 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.993222952 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:50.993310928 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:50.993355989 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.002166033 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.002243042 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.002253056 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.010757923 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.010801077 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.010832071 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.010843039 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.010915995 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.019017935 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.027278900 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.027347088 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.027359009 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.035672903 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.035753012 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.035758018 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.035770893 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.035852909 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.052812099 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.054733992 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.054833889 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.054881096 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.054891109 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.054955959 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.062973022 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.096699953 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.096754074 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.096839905 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:51.096893072 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.096893072 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.097172022 CET	49731	443	192.168.2.16	142.250.181.78
Nov 25, 2024 19:29:51.097187042 CET	443	49731	142.250.181.78	192.168.2.16
Nov 25, 2024 19:29:55.561604023 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:55.603339911 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:56.209294081 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:56.209947109 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:56.210053921 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:56.213753939 CET	49728	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:56.213767052 CET	443	49728	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:56.807781935 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:56.807838917 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:56.807918072 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:56.912461996 CET	49729	443	192.168.2.16	142.250.181.68
Nov 25, 2024 19:29:56.912494898 CET	443	49729	142.250.181.68	192.168.2.16
Nov 25, 2024 19:29:57.292052031 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:57.292087078 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:57.292164087 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:57.292401075 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:57.292412996 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.031395912 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.031742096 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:59.031766891 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.032131910 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.032697916 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:59.032780886 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.032938004 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:59.079333067 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.977140903 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.977267981 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:29:59.977329016 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:59.978296995 CET	49736	443	192.168.2.16	18.245.60.77
Nov 25, 2024 19:29:59.978317022 CET	443	49736	18.245.60.77	192.168.2.16
Nov 25, 2024 19:30:25.491410971 CET	49699	80	192.168.2.16	192.229.221.95
Nov 25, 2024 19:30:25.491585970 CET	49698	80	192.168.2.16	2.20.68.201
Nov 25, 2024 19:30:25.618859053 CET	80	49699	192.229.221.95	192.168.2.16
Nov 25, 2024 19:30:25.618869066 CET	80	49698	2.20.68.201	192.168.2.16
Nov 25, 2024 19:30:25.618957043 CET	49699	80	192.168.2.16	192.229.221.95
Nov 25, 2024 19:30:25.619004011 CET	49698	80	192.168.2.16	2.20.68.201

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 19:28:50.806022882 CET	53	52493	1.1.1.1	192.168.2.16
Nov 25, 2024 19:28:50.827147961 CET	53	57344	1.1.1.1	192.168.2.16
Nov 25, 2024 19:28:51.709167004 CET	62342	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:28:51.713468075 CET	60538	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:28:52.217479944 CET	53	62342	1.1.1.1	192.168.2.16
Nov 25, 2024 19:28:52.217950106 CET	53	60538	1.1.1.1	192.168.2.16
Nov 25, 2024 19:28:53.622642994 CET	53	49472	1.1.1.1	192.168.2.16
Nov 25, 2024 19:28:55.467242002 CET	49515	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:28:55.467434883 CET	64686	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:28:55.612258911 CET	53	49515	1.1.1.1	192.168.2.16
Nov 25, 2024 19:28:55.612277031 CET	53	64686	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:10.700702906 CET	53	64992	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:29.685400009 CET	53	60203	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:46.860295057 CET	138	138	192.168.2.16	192.168.2.255
Nov 25, 2024 19:29:47.639147043 CET	58630	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:29:47.639322042 CET	63689	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:29:47.891561985 CET	53	63689	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:47.892049074 CET	53	54455	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:47.898648024 CET	53	58630	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:48.648900032 CET	51116	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:29:48.649147987 CET	59782	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:29:48.803175926 CET	53	59782	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:48.803224087 CET	53	51116	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:50.786957979 CET	53	59000	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:52.033262968 CET	53	57355	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:56.988404989 CET	60560	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:29:56.988636017 CET	51651	53	192.168.2.16	1.1.1.1
Nov 25, 2024 19:29:57.126595974 CET	53	51651	1.1.1.1	192.168.2.16
Nov 25, 2024 19:29:57.291157007 CET	53	60560	1.1.1.1	192.168.2.16
Nov 25, 2024 19:30:21.746483088 CET	53	53180	1.1.1.1	192.168.2.16

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 25, 2024 19:28:51.709167004 CET	192.168.2.16	1.1.1.1	0x8133	Standard query (0)	s.ksrndkehqnwntyxlhgto.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:28:51.713468075 CET	192.168.2.16	1.1.1.1	0x75d4	Standard query (0)	s.ksrndkehqnwntyxlhgto.com	65	IN (0x0001)	false
Nov 25, 2024 19:28:55.467242002 CET	192.168.2.16	1.1.1.1	0x4d8a	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:28:55.467434883 CET	192.168.2.16	1.1.1.1	0x925b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Nov 25, 2024 19:29:47.639147043 CET	192.168.2.16	1.1.1.1	0x635d	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:47.639322042 CET	192.168.2.16	1.1.1.1	0x5dc	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Nov 25, 2024 19:29:48.648900032 CET	192.168.2.16	1.1.1.1	0x90e	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:48.649147987 CET	192.168.2.16	1.1.1.1	0x836b	Standard query (0)	play.google.com	65	IN (0x0001)	false
Nov 25, 2024 19:29:56.988404989 CET	192.168.2.16	1.1.1.1	0xb0fa	Standard query (0)	s.ksrndkehqnwntyxlhgto.com	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:56.988636017 CET	192.168.2.16	1.1.1.1	0xaba4	Standard query (0)	s.ksrndkehqnwntyxlhgto.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 25, 2024 19:28:52.217479944 CET	1.1.1.1	192.168.2.16	0x8133	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.90	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:28:52.217479944 CET	1.1.1.1	192.168.2.16	0x8133	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.77	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:28:52.217479944 CET	1.1.1.1	192.168.2.16	0x8133	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:28:52.217479944 CET	1.1.1.1	192.168.2.16	0x8133	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.9	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:28:55.612258911 CET	1.1.1.1	192.168.2.16	0x4d8a	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:28:55.612277031 CET	1.1.1.1	192.168.2.16	0x925b	No error (0)	www.google.com			65	IN (0x0001)	false
Nov 25, 2024 19:29:47.891561985 CET	1.1.1.1	192.168.2.16	0x5dc	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 19:29:47.898648024 CET	1.1.1.1	192.168.2.16	0x635d	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Nov 25, 2024 19:29:47.898648024 CET	1.1.1.1	192.168.2.16	0x635d	No error (0)	plus.l.google.com		142.250.181.78	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:48.803224087 CET	1.1.1.1	192.168.2.16	0x90e	No error (0)	play.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:57.291157007 CET	1.1.1.1	192.168.2.16	0xb0fa	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.77	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:57.291157007 CET	1.1.1.1	192.168.2.16	0xb0fa	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.3	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:57.291157007 CET	1.1.1.1	192.168.2.16	0xb0fa	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.9	A (IP address)	IN (0x0001)	false
Nov 25, 2024 19:29:57.291157007 CET	1.1.1.1	192.168.2.16	0xb0fa	No error (0)	s.ksrndkehqnwntyxlhgto.com		18.245.60.90	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fs.microsoft.com

s.ksrndkehqnwntyxlhgto.com

https:

slscr.update.microsoft.com

www.google.com

apis.google.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.16	49702	93.184.221.240	80

Timestamp	Bytes transferred	Direction	Data
Nov 25, 2024 19:28:44.020926952 CET	1236	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Age: 210 Cache-Control: public,max-age=900 Content-Type: application/vnd.ms-cab-compressed Date: Mon, 25 Nov 2024 18:28:43 GMT Etag: "80424021c7dbd21:0" Last-Modified: Fri, 02 Jun 2017 17:39:05 GMT Server: ECAcc (lhc/78A8) X-Cache: HIT X-CCC: GB X-CID: 11 Content-Length: 7796 Data Raw: 4d 53 43 46 00 00 00 00 74 1e 00 00 00 00 00 00 2c 00 00 00 00 00 00 00 03 01 01 00 01 00 00 00 00 00 00 00 49 00 00 00 01 00 01 00 98 45 00 00 00 00 00 00 00 00 c2 4a d0 52 20 00 70 69 6e 72 75 6c 65 73 2e 73 74 6c 00 ab 3e 4e 16 23 1e 98 45 43 4b ec 5b 07 54 13 d9 d7 4f 99 d0 9b d2 91 12 aa ab 6c c2 24 04 29 56 b0 61 a5 88 ba 76 86 64 80 48 c8 c4 cc 84 26 0a 44 05 59 41 2c 28 2b 59 14 01 15 41 b1 01 8a 85 b5 97 b5 63 5d 0b 22 6b 61 2d b8 58 57 85 e5 9b 49 00 83 c2 ca b8 df 77 ce ff 7c e7 cf 39 e2 cc 9b fb bb ef bd fb ee fd bd 7b df 0c a0 7c 64 b6 86 76 ff 54 ff d4 77 fa 54 4d 5a be 7c e4 12 bc 29 85 46 a5 72 74 41 6d 0d 86 ab 01 9d 66 c5 a0 80 f2 be 8d 1a da ae 1a 54 80 2a f7 d4 a1 e6 cb fb de c3 9b 6e 83 7a 1a 3a ed 8d 74 26 f0 7d 20 45 48 11 53 82 29 32 8a 88 02 53 50 ca 1c 8a 2f 7e 8d 51 10 ca 64 8a 84 22 a0 40 f8 35 8c b7 72 28 14 0a 4d 8b 5a 73 0b de 7e 7b 98 a7 b9 3e c7 13 f4 70 e7 70 dd b9 5e 1e de d3 f1 5b 2f 70 00 d8 7e 0b 1a a8 f5 e1 40 0c c5 ae 10 ec 07 f4 66 87 0b 45 30 ca 12 84 b3 39 [TRUNCATED] Data Ascii: MSCFt,IEJR pinrules.stl>N#ECK[TOl$)VavdH&DYA,(+YAc]"ka-XWIw\|9{\|dvTwTMZ\|)FrtAmfTnz:t&} EHS)2SP/~Qd"@5r(MZs~{>pp^[/p~@fE09iDs^dNR@P%9 4Z)zh@C<]6([c=9l@4fz!0`Jp"$I?`H]2$9v1/g&aIXAAwp*`r'!e dHdhu`\!wZE$$\|1@OC!c%puxC~@`#~ P!Gb`)iL0-KxRxe"@5TJP^9#aHE@2HfHK+x$WMH}=`PD:qgnI]uXqD]n40b!m"aLzdS%PI11,^"+AtTo\@KchC=HXarAI@!0eV\|h$"rhL9TR}v%4)H[r\|]+5YIhN
Nov 25, 2024 19:28:44.020946026 CET	1236	IN	Data Raw: f0 4f 3d 75 c9 0b 38 bd 7d 55 8a 82 87 23 53 82 c4 c2 52 19 0a 4b 51 16 8a 41 11 84 77 f4 00 e8 06 58 7c 02 f6 04 e0 0c 38 62 b0 08 c6 9f 47 43 f8 34 88 eb 68 18 93 c6 7f 36 67 47 c0 3e 06 cf 7d e0 38 16 8a 8b 85 21 71 6c 01 84 41 9f 09 31 01 db Data Ascii: O=u8}U#SRKQAwX\|8bGC4h6gG>}8!qlA1XCqjd3"OO@D,ZB2I/i ~'`Khrwks4BAgv4zfh\|\BbTzHh`IGP p4_T\|SO
Nov 25, 2024 19:28:44.020960093 CET	1236	IN	Data Raw: c3 dd 09 60 5e e7 ec 1e 45 4b 2c 5e ae a0 fb 05 38 ea 6d f0 70 0f 2e cf 9d 93 8b 9a 4e 89 3e ba 2d f2 d2 0f 66 2a dc fe 00 6f e9 e3 b2 df ee 9c 3f 6a 74 7b da 2d e3 33 00 f3 e1 d5 24 da 4b 2c 27 e5 c8 e2 d2 41 86 21 eb e7 45 ed e6 f8 8d 95 da 3d Data Ascii: `^EK,^8mp.N>-fo?jt{-3$K,'A!E=xo {rlW/$Kyku3u68aRQC_QdL"Y`zM[YY*PUg6>P1kk'.MO
Nov 25, 2024 19:28:44.021044970 CET	1236	IN	Data Raw: 7e 0f d2 52 7d ff 79 bc b8 7b 7f 45 3d f6 19 65 d0 09 af b6 9e d0 10 0e f3 2a 0e a5 b8 5f 2b 9a 66 58 37 fe 6d 1f 77 d6 78 23 81 9e b0 75 fc d2 94 93 c9 b5 51 2e 75 ad c5 1f 22 b6 9e ba 90 a8 15 ba dd 9c e3 60 53 58 79 f1 dd fe 2d ae 2f f8 fb 4f Data Ascii: ~R}y{E=e*_+fX7mwx#uQ.u"`SXy-/O<ZvJ=-Z=nSjD~V{?u\|~npxXn3Y7.M3tB?C}2[/r%+]~~l:15PC=aU
Nov 25, 2024 19:28:44.021056890 CET	1236	IN	Data Raw: 7c 96 7e 46 9f 22 4a cc 86 67 79 b2 7a 5e b5 b5 75 2d b7 4e 63 4f 4e dd 49 ad be 93 02 b4 b8 ee 37 0c 92 12 e7 39 e7 16 0e d4 88 e6 d2 1e 89 7d fa b2 7c 03 cc 0a d7 ee 8c 4a b9 ed 1e 25 4a de 65 be 32 92 7d e5 9c 58 3f f3 fd ef a5 a6 57 47 da a4 Data Ascii: \|~F"Jgyz^u-NcONI79}\|J%Je2}X?WG\|Xi-e3\1<fG{[+k{v\|vOst'^~,[MLQ8NCVN!qhux@NE2,[jM\|XS
Nov 25, 2024 19:28:44.021066904 CET	1236	IN	Data Raw: 49 6e af 81 de 97 81 5d 8d a8 b8 7e 84 0c 75 1e 1d b5 34 ea 1a e1 ea ef 53 a8 5a 6e bb b2 6e ac 41 30 75 28 e5 38 93 c8 73 33 4d e7 39 6d 68 1b de e2 78 1d db 91 b2 99 6c 52 d2 91 4d 45 d2 19 79 c2 ba ea de a2 88 69 cf 39 a6 73 51 95 e6 64 8b 8b Data Ascii: In]~u4SZnnA0u(8s3M9mhxlRMEyi9sQda2A5'U';>[wUd'_ 4`^&(;t%P0hgY`lhimN?Vb=I7I-%`"M9cGS1tOrt:iK
Nov 25, 2024 19:28:44.021080971 CET	709	IN	Data Raw: 2c b4 7e 55 6e b5 18 70 c8 be 73 ce 5d 43 d2 4c 02 41 c3 35 43 2b d4 57 a2 79 7c 95 48 52 e7 d9 97 94 22 7b 14 69 fc 4e 2a 4f a7 72 23 44 fe 53 ad 27 26 c4 68 b4 9c 4d 7f c6 b0 bd d6 a1 4b 78 01 7d 51 b4 16 b9 8a d9 33 0b 30 ad 6a 2b f9 0f 9b dd Data Ascii: ,~Unps]CLA5C+Wy\|HR"{iN*Or#DS'&hMKx}Q30j+:},jdF9E.ZIy-}Tt+QZpsOYRSl8)0wxwD S-2GHR5^2@[)fe/V!coDOMjBXDc

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.16	49707	2.18.109.164	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:28:50 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 18:28:50 UTC	478	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Server: Kestrel ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus-z1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-OSID: 2 X-CID: 2 X-CCC: GB Cache-Control: public, max-age=54245 Date: Mon, 25 Nov 2024 18:28:50 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.16	49711	2.18.109.164	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:28:52 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-11-25 18:28:53 UTC	534	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y= Cache-Control: public, max-age=54269 Date: Mon, 25 Nov 2024 18:28:52 GMT Content-Length: 55 Connection: close X-CID: 2
2024-11-25 18:28:53 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49712	18.245.60.90	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:28:53 UTC	669	OUT	GET / HTTP/1.1 Host: s.ksrndkehqnwntyxlhgto.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:28:54 UTC	481	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 20 Connection: close Date: Mon, 25 Nov 2024 01:24:59 GMT Last-Modified: Wed, 13 Jun 2018 16:12:20 GMT ETag: "dc5bcbf7f9372ccc9aedb581fe88edfe" x-amz-version-id: null Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 6ce3814cb60a4c907ac701e60e4c1e5a.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P5 X-Amz-Cf-Id: NBR3xd-y5W2zdv0q7rT3nHvfIw0_HJWzdaNY3mcicm-QS54SXCno9w== Age: 61436
2024-11-25 18:28:54 UTC	20	IN	Data Raw: 4e 6f 74 68 69 6e 67 20 74 6f 20 73 65 65 20 68 65 72 65 2e Data Ascii: Nothing to see here.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49713	18.245.60.90	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:28:54 UTC	608	OUT	GET /favicon.ico HTTP/1.1 Host: s.ksrndkehqnwntyxlhgto.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://s.ksrndkehqnwntyxlhgto.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:28:55 UTC	357	IN	HTTP/1.1 403 Forbidden Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: AmazonS3 Date: Mon, 25 Nov 2024 18:28:54 GMT X-Cache: Error from cloudfront Via: 1.1 69a82a9746d3a7343dca651e0829f000.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P5 X-Amz-Cf-Id: 4q8GF3HFWzC90iz6UINYj26EaUhWMKfcYfC_bQ_cJk3Xe9Wx6QSDYQ==
2024-11-25 18:28:55 UTC	249	IN	Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 41 47 53 51 46 37 53 48 47 5a 52 51 46 35 34 46 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 4d 57 4f 31 71 31 36 31 4e 67 71 4f 53 66 58 4d 39 4f 49 7a 4a 2f 6a 70 30 42 44 6c 6b 76 30 72 59 4c 50 37 72 67 54 56 77 42 4c 71 4d 48 6c 57 76 45 77 42 53 41 52 65 50 48 7a 2b 45 63 50 55 58 4f 75 79 42 2b 6a 6a 2b 34 59 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AGSQF7SHGZRQF54F</RequestId><HostId>MWO1q161NgqOSfXM9OIzJ/jp0BDlkv0rYLP7rgTVwBLqMHlWvEwBSARePHz+EcPUXOuyB+jj+4Y=</HostId></Error>
2024-11-25 18:28:55 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49716	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:28:58 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ORD4VPMwSeLzNz4&MD=5mnE84TT HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 18:28:59 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 45ec3ef1-ab1a-41ed-84b0-93990cf3f66f MS-RequestId: ed30ebae-80ea-4115-b8f8-b346e37c36ce MS-CV: d5PW9Kx+bU+jschy.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 18:28:58 GMT Connection: close Content-Length: 24490
2024-11-25 18:28:59 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-11-25 18:28:59 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49717	142.250.181.68	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:31 UTC	683	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=https%3A%2Fs.ksrndkehqnwntyxlhgto.com&oit=3&cp=7&pgcl=4&gs_rn=42&psi=mdgveijKENdVHWvQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49721	18.245.60.90	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:35 UTC	796	OUT	GET / HTTP/1.1 Host: s.ksrndkehqnwntyxlhgto.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 If-None-Match: "dc5bcbf7f9372ccc9aedb581fe88edfe" If-Modified-Since: Wed, 13 Jun 2018 16:12:20 GMT
2024-11-25 18:29:35 UTC	377	IN	HTTP/1.1 304 Not Modified Connection: close Date: Mon, 25 Nov 2024 18:29:35 GMT ETag: "dc5bcbf7f9372ccc9aedb581fe88edfe" x-amz-version-id: null Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 f7bf54ada21ef4f1f7e0646051894136.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P5 X-Amz-Cf-Id: pmJauFdU-93qI_qcyoRINJKTe4yJUbCR6dKlaFIPwl50NpEvqYro2A== Age: 61477

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49722	18.245.60.90	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:35 UTC	608	OUT	GET /favicon.ico HTTP/1.1 Host: s.ksrndkehqnwntyxlhgto.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://s.ksrndkehqnwntyxlhgto.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:29:36 UTC	357	IN	HTTP/1.1 403 Forbidden Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: AmazonS3 Date: Mon, 25 Nov 2024 18:29:35 GMT X-Cache: Error from cloudfront Via: 1.1 2b92d172bc628dd9c34a8c262218ac02.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P5 X-Amz-Cf-Id: _RaUHN_OTnCi6CGvjD9u1TP_t9YXWNy7jgwou6fE30dPWqZjTQR1Jw==
2024-11-25 18:29:36 UTC	270	IN	Data Raw: 31 30 37 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 30 36 42 30 31 53 4d 4a 33 56 59 43 35 58 4e 59 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 4f 32 4d 4d 78 31 68 41 5a 44 58 33 5a 79 2f 4d 59 4f 4b 74 6d 49 49 34 54 2f 73 50 49 70 62 53 6e 5a 72 33 71 58 33 63 50 64 45 4a 51 70 32 4b 51 33 72 69 68 33 72 67 36 77 4f 4d 69 37 53 73 65 42 41 43 65 6e 68 76 75 7a 62 73 55 4c 50 59 72 51 6c 45 46 72 6e 66 52 70 4a 7a 6b 69 58 61 3c 2f 48 6f Data Ascii: 107<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>06B01SMJ3VYC5XNY</RequestId><HostId>O2MMx1hAZDX3Zy/MYOKtmII4T/sPIpbSnZr3qX3cPdEJQp2KQ3rih3rg6wOMi7SseBACenhvuzbsULPYrQlEFrnfRpJzkiXa</Ho
2024-11-25 18:29:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49723	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:37 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ORD4VPMwSeLzNz4&MD=5mnE84TT HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-11-25 18:29:38 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" MS-CorrelationId: b3c57382-7d60-48cb-8866-4200c2286934 MS-RequestId: 198f5851-7042-4578-b60e-8f6f14d24852 MS-CV: XyKvw77hVUGzW+PK.0 X-Microsoft-SLSClientCache: 1440 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 25 Nov 2024 18:29:37 GMT Connection: close Content-Length: 30005
2024-11-25 18:29:38 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2024-11-25 18:29:38 UTC	14181	IN	Data Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49718	142.250.181.68	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:42 UTC	627	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:29:43 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 18:29:42 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-sYi2O7TMxOCb_nxfRvqm_Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 18:29:43 UTC	124	IN	Data Raw: 64 34 64 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 62 6f 78 20 6f 66 66 69 63 65 20 77 69 63 6b 65 64 20 6d 6f 76 69 65 22 2c 22 6d 69 63 72 6f 73 6f 66 74 20 6f 75 74 6c 6f 6f 6b 20 6f 75 74 61 67 65 73 22 2c 22 74 68 65 20 65 61 72 74 68 20 74 69 6c 74 65 64 20 33 31 2e 35 20 69 6e 63 68 65 73 22 2c 22 73 65 61 74 74 6c 65 20 73 65 61 68 61 77 6b 73 20 63 61 72 64 69 6e Data Ascii: d4d)]}'["",["box office wicked movie","microsoft outlook outages","the earth tilted 31.5 inches","seattle seahawks cardin
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 61 6c 73 22 2c 22 6e 79 74 20 63 72 6f 73 73 77 6f 72 64 20 63 6c 75 65 73 22 2c 22 67 72 65 65 6e 20 62 61 79 20 70 61 63 6b 65 72 73 20 34 39 65 72 73 20 67 61 6d 65 22 2c 22 64 69 73 6e 65 79 20 64 72 65 61 6d 6c 69 67 68 74 20 76 61 6c 6c 65 79 22 2c 22 77 69 6e 74 65 72 20 77 65 61 74 68 65 72 20 77 61 72 6e 69 6e 67 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56 68 63 6d 4e 6f 5a 58 4d 5c 75 30 30 33 64 22 2c 22 67 6f Data Ascii: als","nyt crossword clues","green bay packers 49ers game","disney dreamlight valley","winter weather warnings"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","go
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 70 43 56 44 56 69 53 32 74 7a 61 46 6c 31 61 46 4a 55 59 6d 52 32 57 45 52 4f 55 31 5a 56 4d 55 6c 44 63 31 4a 48 61 32 30 31 51 6b 68 59 52 33 52 6d 55 47 78 56 4d 57 4a 7a 57 54 42 43 63 30 49 31 5a 56 46 34 61 57 70 5a 62 45 68 50 64 33 4d 31 53 6d 5a 33 53 47 46 6f 61 47 68 78 4e 6d 31 72 56 33 46 6f 56 31 68 57 65 56 70 53 4e 32 68 43 4e 6d 59 79 53 6a 4d 34 64 57 68 34 4e 6b 56 35 57 45 35 68 56 45 39 4c 52 6d 46 74 61 6d 49 7a 5a 57 70 4a 5a 47 31 52 4b 31 4a 48 53 32 45 30 57 6e 6f 78 53 58 56 46 59 57 70 4c 53 32 70 4c 4e 6d 52 78 63 57 56 53 56 45 4e 35 51 57 30 30 4e 30 55 76 54 58 56 33 52 6e 52 30 4b 32 35 58 4e 32 70 33 5a 47 35 53 65 57 70 4f 4e 47 35 61 4e 31 55 77 65 45 56 6a 4e 45 6f 79 63 32 56 71 5a 6c 45 33 4b 32 77 34 53 6e 5a 76 5a Data Ascii: pCVDViS2tzaFl1aFJUYmR2WEROU1ZVMUlDc1JHa201QkhYR3RmUGxVMWJzWTBCc0I1ZVF4aWpZbEhPd3M1SmZ3SGFoaGhxNm1rV3FoV1hWeVpSN2hCNmYySjM4dWh4NkV5WE5hVE9LRmFtamIzZWpJZG1RK1JHS2E0WnoxSXVFYWpLS2pLNmRxcWVSVEN5QW00N0UvTXV3RnR0K25XN2p3ZG5SeWpONG5aN1UweEVjNEoyc2VqZlE3K2w4SnZvZ
2024-11-25 18:29:43 UTC	508	IN	Data Raw: 52 6a 4d 77 4d 33 56 42 55 30 46 6c 64 47 70 69 51 30 56 7a 65 6c 52 55 55 31 52 54 63 31 64 72 61 32 4e 31 4e 30 67 35 56 45 55 7a 53 69 73 72 53 6a 52 4d 63 32 31 6f 64 57 49 31 62 6b 35 74 61 33 52 50 4f 44 41 77 4f 47 35 4b 63 47 39 76 61 48 70 75 54 45 68 56 63 55 46 4e 55 6e 56 6c 63 6b 46 75 4e 44 64 59 64 30 4a 71 56 6e 68 71 54 6c 46 33 59 56 64 46 55 43 38 76 57 6a 6f 59 52 47 6c 7a 62 6d 56 35 49 45 52 79 5a 57 46 74 62 47 6c 6e 61 48 51 67 56 6d 46 73 62 47 56 35 53 67 63 6a 4e 47 59 30 4d 57 45 7a 55 6b 74 6e 63 31 39 7a 63 33 41 39 5a 55 70 36 61 6a 52 30 56 6c 41 78 65 6d 4d 77 54 45 78 52 63 31 4e 55 52 54 4e 4d 56 45 31 36 57 56 42 54 55 31 4e 4e 61 33 4e 36 61 33 56 30 56 6b 56 6e 63 46 4e 72 4d 30 31 36 59 32 78 4e 65 6e 6c 6f 55 6b 74 Data Ascii: RjMwM3VBU0FldGpiQ0VzelRUU1RTc1dra2N1N0g5VEUzSisrSjRMc21odWI1bk5ta3RPODAwOG5KcG9vaHpuTEhVcUFNUnVlckFuNDdYd0JqVnhqTlF3YVdFUC8vWjoYRGlzbmV5IERyZWFtbGlnaHQgVmFsbGV5SgcjNGY0MWEzUktnc19zc3A9ZUp6ajR0VlAxemMwTExRc1NURTNMVE16WVBTU1NNa3N6a3V0VkVncFNrM016Y2xNenloUkt
2024-11-25 18:29:43 UTC	97	IN	Data Raw: 35 62 0d 0a 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a Data Ascii: 5b],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","ENTITY","QUERY"]}]
2024-11-25 18:29:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49719	142.250.181.68	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:42 UTC	353	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:29:43 UTC	1018	IN	HTTP/1.1 200 OK Version: 698674578 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 25 Nov 2024 18:29:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 18:29:43 UTC	25	IN	Data Raw: 31 33 0d 0a 29 5d 7d 27 0a 7b 22 64 64 6c 6a 73 6f 6e 22 3a 7b 7d 7d 0d 0a Data Ascii: 13)]}'{"ddljson":{}}
2024-11-25 18:29:43 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49720	142.250.181.68	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:42 UTC	530	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:29:43 UTC	1018	IN	HTTP/1.1 200 OK Version: 698674578 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 25 Nov 2024 18:29:43 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 18:29:43 UTC	372	IN	Data Raw: 31 64 64 35 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 61 20 67 62 5f 32 64 20 67 62 5f 51 65 20 67 62 5f 71 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 Data Ascii: 1dd5)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 72 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4a 63 20 67 62 5f 51 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 76 69 65 77 62 6f 78 5c 75 30 30 33 64 5c 22 30 20 30 20 32 34 20 32 34 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 Data Ascii: class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u0
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 77 64 20 67 62 5f 38 63 20 67 62 5f 39 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 75 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 Data Ascii: 003cdiv class\u003d\"gb_wd gb_8c gb_9c\"\u003e\u003cspan class\u003d\"gb_ud\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_ad\"\u003e \u003c\/div\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32 35 2e 35 74 39 2d 32 31 2e 35 6c 32 32 38 2d 33 34 31 71 31 30 2d 31 34 20 31 35 2d 33 31 74 35 2d 33 34 76 2d 31 31 30 68 2d 32 30 71 2d 31 33 20 30 2d 32 31 2e 35 2d 38 2e 35 54 33 32 30 2d 38 31 30 71 30 2d 31 33 20 Data Ascii: ss\u003d\"gb_D\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-25.5t9-21.5l228-341q10-14 15-31t5-34v-110h-20q-13 0-21.5-8.5T320-810q0-13
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 38 2c 32 30 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c Data Ascii: 1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM18,20c1.1,0 2,-0.9 2,
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 38 35 2c 33 37 30 30 39 34 39 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 73 63 72 69 70 74 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 74 68 69 73 2e 67 62 61 72 5f 5c 75 30 30 33 64 74 68 69 73 2e 67 62 61 72 5f 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 5c 75 Data Ascii: enu-content","metadata":{"bar_height":60,"experiment_id":[3700285,3700949,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_access_or_else_safe_script_wrapped_value":"this.gbar_\u003dthis.gbar_\|\|{};(function(_){var window\u
2024-11-25 18:29:43 UTC	323	IN	Data Raw: 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 49 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 48 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 61 2b 5c 22 3a 5c 22 29 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 3b 5f 2e 4b 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 Data Ascii: ray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Id\u003dfunction(a){return new _.Hd(b\u003d\u003eb.substr(0,a.length+1).toLowerCase()\u003d\u003d\u003da+\":\")};_.Jd\u003dglobalThis.trustedTypes;_.Kd\u003dclass{constructor(a){this.i
2024-11-25 18:29:43 UTC	383	IN	Data Raw: 31 37 38 0d 0a 6c 69 64 23 7a 43 6c 6f 73 75 72 65 7a 5c 22 29 3b 5f 2e 48 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 66 68 5c 75 30 30 33 64 61 7d 7d 3b 5f 2e 4d 64 5c 75 30 30 33 64 5b 49 64 28 5c 22 64 61 74 61 5c 22 29 2c 49 64 28 5c 22 68 74 74 70 5c 22 29 2c 49 64 28 5c 22 68 74 74 70 73 5c 22 29 2c 49 64 28 5c 22 6d 61 69 6c 74 6f 5c 22 29 2c 49 64 28 5c 22 66 74 70 5c 22 29 2c 6e 65 77 20 5f 2e 48 64 28 61 5c 75 30 30 33 64 5c 75 30 30 33 65 2f 5e 5b 5e 3a 5d 2a 28 5b 2f 3f 23 5d 7c 24 29 2f 2e 74 65 73 74 28 61 29 29 5d 3b 5f 2e 4e 64 5c 75 30 30 33 64 63 6c 61 73 73 7b 63 6f 6e 73 74 72 75 63 74 6f 72 28 61 29 7b 74 68 69 73 2e 69 5c 75 30 30 33 64 61 7d 74 6f 53 74 72 69 6e 67 28 29 7b 72 Data Ascii: 178lid#zClosurez\");_.Hd\u003dclass{constructor(a){this.fh\u003da}};_.Md\u003d[Id(\"data\"),Id(\"http\"),Id(\"https\"),Id(\"mailto\"),Id(\"ftp\"),new _.Hd(a\u003d\u003e/^[^:]*([/?#]\|$)/.test(a))];_.Nd\u003dclass{constructor(a){this.i\u003da}toString(){r
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 50 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 3f 61 3a 4e 75 6d 62 65 72 2e 69 73 46 69 6e 69 74 65 28 61 29 3f 61 7c 30 3a 76 6f 69 64 20 30 7d 3b 5f 2e 51 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 5c 75 30 30 33 64 5c 75 30 30 33 64 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 3b 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 3b 61 5c 75 30 30 33 64 2b 61 7d 69 66 28 74 79 70 65 6f 66 20 61 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 6e 75 6d 62 65 72 5c 22 29 72 65 74 75 72 6e 20 4e 75 6d 62 65 72 2e 69 Data Ascii: 8000Pd\u003dfunction(a){return a\u003d\u003dnull?a:Number.isFinite(a)?a\|0:void 0};_.Qd\u003dfunction(a){if(a\u003d\u003dnull)return a;if(typeof a\u003d\u003d\u003d\"string\"){if(!a)return;a\u003d+a}if(typeof a\u003d\u003d\u003d\"number\")return Number.i
2024-11-25 18:29:43 UTC	1390	IN	Data Raw: 5f 2e 53 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 5f 2e 50 64 28 5f 2e 4a 63 28 61 2c 62 29 29 7d 3b 5f 2e 54 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 64 65 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 5c 75 30 30 33 64 30 29 7b 72 65 74 75 72 6e 20 5f 2e 76 62 28 5f 2e 53 28 61 2c 62 29 2c 63 29 7d 3b 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 52 64 5c 75 30 30 33 64 5f 2e 4a 64 3b 5f 2e 56 64 5c 75 30 30 33 64 63 6c 61 73 73 Data Ascii: _.S\u003dfunction(a,b){return _.Pd(_.Jc(a,b))};_.T\u003dfunction(a,b,c\u003d0){return _.vb(_.de(a,b),c)};_.ee\u003dfunction(a,b,c\u003d0){return _.vb(_.S(a,b),c)};_.ge\u003dfunction(a,b){return a.lastIndexOf(b,0)\u003d\u003d0};Rd\u003d_.Jd;_.Vd\u003dclass

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49724	142.250.181.68	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:44 UTC	353	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:29:45 UTC	933	IN	HTTP/1.1 200 OK Version: 698674578 Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Date: Mon, 25 Nov 2024 18:29:45 GMT Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 18:29:45 UTC	35	IN	Data Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a Data Ascii: 1d)]}'{"update":{"promos":{}}}
2024-11-25 18:29:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.16	49731	142.250.181.78	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:49 UTC	737	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.x7CxCIZpks8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAg/rs=AHpOoo8czmnaLIncRgBQP7N2THncpDJ9mQ/cb=gapi.loaded_0 HTTP/1.1 Host: apis.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw== Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:29:50 UTC	916	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Origin: * Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="social-frontend-mpm-access" Report-To: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} Content-Length: 116987 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 21 Nov 2024 10:32:54 GMT Expires: Fri, 21 Nov 2025 10:32:54 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 11 Nov 2024 18:41:25 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding Age: 374216 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-11-25 18:29:50 UTC	474	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 30 78 32 30 30 30 30 30 2c 20 5d 29 3b 0a 76 61 72 20 61 61 2c 62 61 2c 66 61 2c 6d 61 2c 6e 61 2c 72 61 2c 73 61 2c 75 61 3b 61 61 3d 66 75 6e Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([0x200000, ]);var aa,ba,fa,ma,na,ra,sa,ua;aa=fun
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 72 6e 20 61 3b 61 5b 62 5d 3d 63 2e 76 61 6c 75 65 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 66 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 5b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 26 26 67 6c 6f 62 61 6c 54 68 69 73 2c 61 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 77 69 6e 64 6f 77 26 26 77 69 6e 64 6f 77 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 73 65 6c 66 26 26 73 65 6c 66 2c 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 26 26 67 6c 6f 62 61 6c 5d 3b 66 6f 72 28 76 61 72 20 62 3d 30 3b 62 3c 61 2e 6c 65 6e 67 74 68 3b 2b 2b 62 29 7b 76 61 72 20 63 3d 61 5b 62 5d 3b 69 66 28 63 26 26 63 2e 4d 61 74 68 3d 3d 4d 61 74 68 29 72 65 74 75 72 6e 20 63 7d 74 68 72 6f 77 20 Data Ascii: rn a;a[b]=c.value;return a};fa=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 61 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 22 62 60 22 2b 53 74 72 69 6e 67 28 61 29 29 3b 7d 3b 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 61 2c 62 29 7d 3b 73 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 Data Ascii: defined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error("b`"+String(a));};ra=function(a,b){return Object.prototype.hasOwnProperty.call(a,b)};sa=typeof Object.assign=="function"?Object
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 30 3b 74 68 69 73 2e 4b 72 3d 5b 5d 3b 74 68 69 73 2e 58 55 3d 21 31 3b 76 61 72 20 6b 3d 74 68 69 73 2e 61 46 28 29 3b 74 72 79 7b 68 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 63 61 74 63 68 28 6c 29 7b 6b 2e 72 65 6a 65 63 74 28 6c 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 61 46 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 68 28 6d 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 6c 7c 7c 28 6c 3d 21 30 2c 6d 2e 63 61 6c 6c 28 6b 2c 6e 29 29 7d 7d 76 61 72 20 6b 3d 74 68 69 73 2c 6c 3d 21 31 3b 72 65 74 75 72 6e 7b 72 65 73 6f 6c 76 65 3a 68 28 74 68 69 73 2e 4d 64 61 29 2c 72 65 6a 65 63 74 3a 68 28 74 68 69 73 2e 48 4a 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 4d 64 61 3d 66 75 6e 63 74 Data Ascii: 0;this.Kr=[];this.XU=!1;var k=this.aF();try{h(k.resolve,k.reject)}catch(l){k.reject(l)}};e.prototype.aF=function(){function h(m){return function(n){l\|\|(l=!0,m.call(k,n))}}var k=this,l=!1;return{resolve:h(this.Mda),reject:h(this.HJ)}};e.prototype.Mda=funct
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 6f 74 6f 74 79 70 65 2e 79 37 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 4b 72 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 74 68 69 73 2e 4b 72 2e 6c 65 6e 67 74 68 3b 2b 2b 68 29 66 2e 4d 4f 28 74 68 69 73 2e 4b 72 5b 68 5d 29 3b 0a 74 68 69 73 2e 4b 72 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 66 3d 6e 65 77 20 62 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 74 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 76 61 72 20 6b 3d 74 68 69 73 2e 61 46 28 29 3b 68 2e 5a 78 28 6b 2e 72 65 73 6f 6c 76 65 2c 6b 2e 72 65 6a 65 63 74 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 75 66 61 3d 66 75 6e 63 74 69 6f 6e 28 68 2c 6b 29 7b 76 61 72 20 6c 3d 74 68 69 73 2e 61 46 28 29 3b 74 72 79 7b 68 2e 63 61 6c 6c 28 6b 2c 6c 2e 72 65 73 6f 6c 76 Data Ascii: ototype.y7=function(){if(this.Kr!=null){for(var h=0;h<this.Kr.length;++h)f.MO(this.Kr[h]);this.Kr=null}};var f=new b;e.prototype.tfa=function(h){var k=this.aF();h.Zx(k.resolve,k.reject)};e.prototype.ufa=function(h,k){var l=this.aF();try{h.call(k,l.resolv
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 72 65 67 75 6c 61 72 20 65 78 70 72 65 73 73 69 6f 6e 22 29 3b 72 65 74 75 72 6e 20 61 2b 22 22 7d 3b 0a 6d 61 28 22 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 73 74 61 72 74 73 57 69 74 68 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 42 61 28 74 68 69 73 2c 62 2c 22 73 74 61 72 74 73 57 69 74 68 22 29 2c 65 3d 64 2e 6c 65 6e 67 74 68 2c 66 3d 62 2e 6c 65 6e 67 74 68 3b 63 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 4d 61 74 68 2e 6d 69 6e 28 63 7c 30 2c 64 2e 6c 65 6e 67 74 68 29 29 3b 66 6f 72 28 76 61 72 20 68 3d 30 3b 68 3c 66 26 26 63 3c 65 3b 29 69 66 28 64 5b 63 2b 2b 5d 21 3d 62 5b 68 2b 2b 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 20 68 3e 3d 66 7d Data Ascii: regular expression");return a+""};ma("String.prototype.startsWith",function(a){return a?a:function(b,c){var d=Ba(this,b,"startsWith"),e=d.length,f=b.length;c=Math.max(0,Math.min(c\|0,d.length));for(var h=0;h<f&&c<e;)if(d[c++]!=b[h++])return!1;return h>=f}
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 61 28 6c 29 3b 66 6f 72 28 76 61 72 20 6d 3b 21 28 6d 3d 6c 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 6d 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 72 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 72 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 47 61 5d 3a 76 6f 69 Data Ascii: a(l);for(var m;!(m=l.next()).done;)m=m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!ra(l,f))throw Error("f`"+l);l[f][this.Ga]=m;return this};k.prototype.get=function(l){return c(l)&&ra(l,f)?l[f][this.Ga]:voi
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 74 68 7c 7c 64 65 6c 65 74 65 20 74 68 69 73 5b 30 5d 5b 6b 2e 69 64 5d 2c 6b 2e 58 65 2e 50 6b 2e 6e 65 78 74 3d 6b 2e 58 65 2e 6e 65 78 74 2c 6b 2e 58 65 2e 6e 65 78 74 2e 50 6b 3d 0a 6b 2e 58 65 2e 50 6b 2c 6b 2e 58 65 2e 68 65 61 64 3d 6e 75 6c 6c 2c 74 68 69 73 2e 73 69 7a 65 2d 2d 2c 21 30 29 3a 21 31 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 50 6b 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 58 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e Data Ascii: th\|\|delete this[0][k.id],k.Xe.Pk.next=k.Xe.next,k.Xe.next.Pk=k.Xe.Pk,k.Xe.head=null,this.size--,!0):!1};c.prototype.clear=function(){this[0]={};this[1]=this[1].Pk=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).Xe};c.prototype.get=function
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 63 5d 29 29 3b 69 66 28 21 64 2e 68 61 73 28 63 29 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 63 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 31 7c 7c 64 2e 61 64 64 28 7b 78 3a 34 7d 29 21 3d 64 7c 7c 64 2e 73 69 7a 65 21 3d 32 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 65 3d 64 2e 65 6e 74 72 69 65 73 28 29 2c 66 3d 65 2e 6e 65 78 74 28 29 3b 69 66 28 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 21 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 63 29 72 65 74 75 72 6e 21 31 3b 66 3d 65 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 21 3d 34 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e Data Ascii: c]));if(!d.has(c)\|\|d.size!=1\|\|d.add(c)!=d\|\|d.size!=1\|\|d.add({x:4})!=d\|\|d.size!=2)return!1;var e=d.entries(),f=e.next();if(f.done\|\|f.value[0]!=c\|\|f.value[1]!=c)return!1;f=e.next();return f.done\|\|f.value[0]==c\|\|f.value[0].x!=4\|\|f.value[1]!=f.value[0]?!1:e.n
2024-11-25 18:29:50 UTC	1390	IN	Data Raw: 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 69 6e 76 61 6c 69 64 5f 63 6f 64 65 5f 70 6f 69 6e 74 20 22 2b 65 29 3b 65 3c 3d 36 35 35 33 35 3f 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 29 3a 28 65 2d 3d 36 35 35 33 36 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 3e 3e 3e 31 30 26 31 30 32 33 7c 35 35 32 39 36 29 2c 63 2b 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 26 31 30 32 33 7c 35 36 33 32 30 29 29 7d 72 65 74 75 72 6e 20 63 7d 7d 29 3b 6d 61 Data Ascii: ;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.floor(e))throw new RangeError("invalid_code_point "+e);e<=65535?c+=String.fromCharCode(e):(e-=65536,c+=String.fromCharCode(e>>>10&1023\|55296),c+=String.fromCharCode(e&1023\|56320))}return c}});ma

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.16	49728	142.250.181.68	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:55 UTC	869	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=s.ksrndkehqnwntyxlhgto.com&oit=3&pgcl=15&gs_rn=42&psi=mdgveijKENdVHWvQ&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIk6HLAQj2mM0BCIWgzQEI3L3NAQiRys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=519=tQK2GeGlScmUehHmPiT4TNBWga41o3i4CKDeNHh-rJjy5lFqKaqkc2t0l7e7v0s0njGTgaezQbkc6sTxfGbk7q7ExDY4gRPO0pJi57qKaez-ZNz6n5jQOlCxgRaMt3uYwTK64jeSlDts1MwcQQv0qZaYAM_djaDGBbQftj-1vhgfOID14pTRxeM
2024-11-25 18:29:56 UTC	1266	IN	HTTP/1.1 200 OK Date: Mon, 25 Nov 2024 18:29:55 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-ub1dNWcZz0hBTJ9hsJzSYA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-11-25 18:29:56 UTC	124	IN	Data Raw: 39 32 0d 0a 29 5d 7d 27 0a 5b 22 73 2e 6b 73 72 6e 64 6b 65 68 71 6e 77 6e 74 79 78 6c 68 67 74 6f 2e 63 6f 6d 22 2c 5b 5d 2c 5b 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 74 72 75 65 7d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 5d 2c 22 67 6f 6f 67 6c Data Ascii: 92)]}'["s.ksrndkehqnwntyxlhgto.com",[],[],[],{"google:clientdata":{"bpc":false,"tlw":true},"google:suggesttype":[],"googl
2024-11-25 18:29:56 UTC	28	IN	Data Raw: 65 3a 76 65 72 62 61 74 69 6d 72 65 6c 65 76 61 6e 63 65 22 3a 38 35 31 7d 5d 0d 0a Data Ascii: e:verbatimrelevance":851}]
2024-11-25 18:29:56 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.16	49736	18.245.60.77	443	6344	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-11-25 18:29:59 UTC	608	OUT	GET /favicon.ico HTTP/1.1 Host: s.ksrndkehqnwntyxlhgto.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://s.ksrndkehqnwntyxlhgto.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-11-25 18:29:59 UTC	357	IN	HTTP/1.1 403 Forbidden Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: AmazonS3 Date: Mon, 25 Nov 2024 18:29:58 GMT X-Cache: Error from cloudfront Via: 1.1 671c13f54b1ad36c801a07e5c548b1c8.cloudfront.net (CloudFront) X-Amz-Cf-Pop: FRA60-P5 X-Amz-Cf-Id: Vm41U-EjmUUmGH2LAOQ0Bs2orYg6ab1Kk3EnytFJTzHezvqlRpCwzw==
2024-11-25 18:29:59 UTC	249	IN	Data Raw: 66 33 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 54 59 31 51 31 34 4e 35 54 48 4b 57 36 36 35 4e 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 6f 30 6d 4e 31 54 67 5a 65 4c 7a 66 47 71 66 6e 54 42 30 71 6b 75 39 66 76 78 35 76 51 62 73 49 2f 68 4c 42 6f 62 38 42 51 53 37 77 64 67 49 66 34 36 35 33 51 6d 6c 61 61 6c 33 61 4a 38 65 62 73 4c 72 52 75 41 37 63 50 32 34 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 72 6f 72 3e 0d 0a Data Ascii: f3<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>TY1Q14N5THKW665N</RequestId><HostId>o0mN1TgZeLzfGqfnTB0qku9fvx5vQbsI/hLBob8BQS7wdgIf4653Qmlaal3aJ8ebsLrRuA7cP24=</HostId></Error>
2024-11-25 18:29:59 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6960, Parent PID: 5744

General

Target ID:	0
Start time:	13:28:48
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6344, Parent PID: 6960

General

Target ID:	1
Start time:	13:28:49
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=2004,i,3590478224316058676,8418957698978979896,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 7192, Parent PID: 5744

General

Target ID:	7
Start time:	13:28:50
Start date:	25/11/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://s.ksrndkehqnwntyxlhgto.com"
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://s.ksrndkehqnwntyxlhgto.com

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Chrome Cache Entry: 62

Chrome Cache Entry: 63

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Proxied Packets

Windows Analysis Report
https://s.ksrndkehqnwntyxlhgto.com