Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://147.45.47.87

Overview

General Information

Sample URL:https://147.45.47.87
Analysis ID:1438416
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6852 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://147.45.47.87/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6508 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,5870636824769412072,16774876329388795144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • rundll32.exe (PID: 8020 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://147.45.47.87/HTTP Parser: No favicon
Source: https://147.45.47.87/script.jsHTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 147.45.47.87
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknownTCP traffic detected without corresponding DNS query: 96.7.158.101
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknownTCP traffic detected without corresponding DNS query: 40.127.169.103
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://147.45.47.87/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /icons/ubuntu-logo.png HTTP/1.1Host: 147.45.47.87Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://147.45.47.87/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=krexCVWRrMvTskN&MD=H6ORxpkR HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTxcGMK77rEGIjDZ5XczcUie6ow5vZ6pxIqhgT4Nhff0NJGOyxQLHhtR1nYiUsYi6-ed-7snibsaVtsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTxcGMK77rEGIjADuDs5gq96l2jMmM-WTSLC32UTfhufqokbmzs2mbyiYw0rWhgX01uNmSUFQRVEpzAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTxcGMK77rEGIjAk48Y8KCg8B4mVUFuQqcu4G-RyvpSaQ5jcTj__ueSIzfMdaTDINFswKEzxMxmsmt4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=krexCVWRrMvTskN&MD=H6ORxpkR HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /script.js HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /theme.js HTTP/1.1Host: 147.45.47.87Connection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 15:43:20 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 275Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 15:44:16 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 275Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 08 May 2024 15:44:25 GMTServer: Apache/2.4.52 (Ubuntu)Content-Length: 275Connection: closeContent-Type: text/html; charset=iso-8859-1
Source: chromecache_65.1.drString found in binary or memory: http://httpd.apache.org/docs/2.4/mod/mod_userdir.html
Source: chromecache_65.1.drString found in binary or memory: https://bugs.launchpad.net/ubuntu/
Source: chromecache_65.1.drString found in binary or memory: https://launchpad.net/bugs/1966004
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.16:49709 version: TLS 1.2
Source: unknownHTTPS traffic detected: 96.7.158.101:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49721 version: TLS 1.2
Source: classification engineClassification label: clean0.win@19/21@2/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://147.45.47.87/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,5870636824769412072,16774876329388795144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,5870636824769412072,16774876329388795144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnkJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnkJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Information Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder		1
Rundll32		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://147.45.47.870%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://147.45.47.87/favicon.ico0%Avira URL Cloudsafe
https://147.45.47.87/icons/ubuntu-logo.png0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
www.google.com
142.251.215.228
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://www.google.com/async/ddljson?async=ntp:2false
      		high
      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
        		high
        https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTxcGMK77rEGIjAk48Y8KCg8B4mVUFuQqcu4G-RyvpSaQ5jcTj__ueSIzfMdaTDINFswKEzxMxmsmt4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
          		high
          https://147.45.47.87/favicon.icofalse
          • Avira URL Cloud: safe
          		unknown
          https://147.45.47.87/icons/ubuntu-logo.pngfalse
          • Avira URL Cloud: safe
          		unknown
          https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTxcGMK77rEGIjADuDs5gq96l2jMmM-WTSLC32UTfhufqokbmzs2mbyiYw0rWhgX01uNmSUFQRVEpzAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
            		high
            https://147.45.47.87/script.jsfalse
              		unknown
              https://www.google.com/async/newtab_promosfalse
                		high
                https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTxcGMK77rEGIjDZ5XczcUie6ow5vZ6pxIqhgT4Nhff0NJGOyxQLHhtR1nYiUsYi6-ed-7snibsaVtsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMfalse
                  		high
                  https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                    		high
                    https://147.45.47.87/theme.jsfalse
                      		unknown
                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                        		high
                        https://147.45.47.87/false
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://bugs.launchpad.net/ubuntu/chromecache_65.1.drfalse
                            		high
                            https://launchpad.net/bugs/1966004chromecache_65.1.drfalse
                              		high
                              http://httpd.apache.org/docs/2.4/mod/mod_userdir.htmlchromecache_65.1.drfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                142.251.215.228
                                		www.google.comUnited States
                                		15169GOOGLEUSfalse
                                147.45.47.87
                                		unknownRussian Federation
                                		2895FREE-NET-ASFREEnetEUfalse
                                239.255.255.250
                                		unknownReserved
                                		unknownunknownfalse

                                Private

                                IP
                                192.168.2.16
                                192.168.2.4

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1438416
                                Start date and time:2024-05-08 17:42:49 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 3m 33s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                Sample URL:https://147.45.47.87
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:14
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:CLEAN
                                Classification:clean0.win@19/21@2/5
                                EGA Information:Failed
                                HCA Information:
                                • Successful, ratio: 100%
                                • Number of executed functions: 0
                                • Number of non-executed functions: 0

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 142.250.217.99, 142.250.217.78, 74.125.135.84, 34.104.35.123, 199.232.210.172, 142.251.211.227, 142.251.33.110
                                • Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • VT rate limit hit for: https://147.45.47.87

                                Simulations

                                Behavior and APIs

                                No simulations

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                No context

                                ASNs

                                No context

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2673
                                Entropy (8bit):3.9814529781939556
                                Encrypted:false
                                SSDEEP:48:8SWdiTu+ZwHLidAKZdA1FehwiZUklqehQy+3:8SnnC/y
                                MD5:6714173DB86F01508144D7B89BD4F69A
                                SHA1:517061DBD6E7FED93054013B37E988DADEC3AB96
                                SHA-256:5B79FF710E9266EEA056EBBD1AB1E15B0E8078F3A46D1FC72FA1F37AEDBAAECC
                                SHA-512:C6C5B190E108B5800933ECFB83D18F5F2D2099ACEDE86C326460B057695C2AD7F41BC91C47D8F3B9F2CA8C5F7D3CFFB527D8405D1524FA470A39EAFB1BB3443E
                                Malicious:false
                                Reputation:low
                                Preview:L..................F.@.. ...$+.,....2g.r^...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xa}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2675
                                Entropy (8bit):4.0004421813399045
                                Encrypted:false
                                SSDEEP:48:8MWdiTu+ZwHLidAKZdA1seh/iZUkAQkqehvy+2:8Mnnc9QWy
                                MD5:55244A1EF86FB87A6B80176ABE5A3343
                                SHA1:8A5C705082FDFC869BBE4A927DEAD8CFD56FC3CF
                                SHA-256:84A9F3851019CE2841E935A4586BA34394EC9EF5D8E715F144984AF6299E3BF5
                                SHA-512:D4F579D5BEFCF8A081E0E6DE6860B469ADADF88ECA7984EAD2D4A9895261D8115124210A0BC7DD39BD7D27E9759F710FE8F2734D7F9A5B20A171D76CE163C61A
                                Malicious:false
                                Reputation:low
                                Preview:L..................F.@.. ...$+.,.....-.r^...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xa}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2689
                                Entropy (8bit):4.007399512345801
                                Encrypted:false
                                SSDEEP:48:8XWdiTu+AHLidAKZdA14meh7sFiZUkmgqeh7sdy+BX:8XnnmnLy
                                MD5:EB3DD099593961DB814950709EF41880
                                SHA1:FEE950A1C52255B80B5893FCD3892505E08486AB
                                SHA-256:125C4DBEB40F4020A563E890A4CAB2D0CBA99301D76F485A88502CE9CB08D302
                                SHA-512:34B8D24337081D42EF716769B1F6B0733CA72A98E02F7C0BF434F6E890E8BDB40440832ABA2B2C4B54374ACD552FB7EDD67E42E3AC33D88A352624A475FAF103
                                Malicious:false
                                Reputation:low
                                Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xa}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.996367533188566
                                Encrypted:false
                                SSDEEP:48:8tWdiTu+ZwHLidAKZdA1TehDiZUkwqehjy+R:8tnn3Vy
                                MD5:9050A84A6699B4CF878940AA03E46664
                                SHA1:CD91409FD19DE7824BF417A65DF00C8F0D912E22
                                SHA-256:5B75D8C606F5F8D77F370783DD35727E20ED499C1F74EA99A5F7A305156E53F1
                                SHA-512:7BB816D7A2D6177A3F269F45462593E48D4E119DF74A8EDF357D72A0068FAF385584523643FB5393F324DBA8E0C6D91E8EA7571F599F611EF6B4559A62D43CA7
                                Malicious:false
                                Reputation:low
                                Preview:L..................F.@.. ...$+.,......r^...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xa}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2677
                                Entropy (8bit):3.9855901487259886
                                Encrypted:false
                                SSDEEP:48:8HoWdiTu+ZwHLidAKZdA1dehBiZUk1W1qehJy+C:8Honnn9py
                                MD5:F0E6FA7165816C937C2221472896D3E4
                                SHA1:809CABF3C2ECFC4AEB93165C043B87F5F4596AD0
                                SHA-256:58E5BA323EFFE438E9A4D371C6914642A0FDB422A35E106DA1A5A8E543745C6A
                                SHA-512:9A28139BEF6A7BB0465D1319E05ED1D036BE6EB59D9BFFC9DE26EB9DA997390590E1CEB382F0A8C78C1482D0312EA9B95D0C8002248918FDE298B69DE3D8F69D
                                Malicious:false
                                Reputation:low
                                Preview:L..................F.@.. ...$+.,..../..r^...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xa}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed May 8 14:43:18 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                Category:dropped
                                Size (bytes):2679
                                Entropy (8bit):3.9960577824484846
                                Encrypted:false
                                SSDEEP:48:8QWdiTu+ZwHLidAKZdA1duTeehOuTbbiZUk5OjqehOuTbLy+yT+:8QnnLTfTbxWOvTbLy7T
                                MD5:6EC80199D2ED94B3AC6943EC2D61056E
                                SHA1:9EED30AFDD5F6A6E42A40073E120201C645297E5
                                SHA-256:C1B6CC39028070BAF0EEB59EAD90F75A4DCFE12BB171D3E1050EAD1EC1E671E3
                                SHA-512:7151EE851FBC2D311149D2D680645EFEE904BCA70E6870763EB21009C4EF9F7C644157A9857001E60A72EA23525C0381BB48626558F76D22341B09E7F40EC82E
                                Malicious:false
                                Reputation:low
                                Preview:L..................F.@.. ...$+.,....r..r^...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Xa}....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Xh}....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Xh}....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Xh}..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Xj}...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........,........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                Chrome Cache Entry: 61

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text
                                Category:downloaded
                                Size (bytes):275
                                Entropy (8bit):5.249744178441575
                                Encrypted:false
                                SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCwpbB8oD:J0+oxBeRmR9etdzRxGezHtpbB8+
                                MD5:C7B8B21B4A189773C57179676E0B96F0
                                SHA1:47810DF9F1BB1BABA0997593AA524ED585919D21
                                SHA-256:5AAC3A8A37A5E70CC163FB0DBA3FD3579004E7B8C7885AE3F42D27C2F88E753E
                                SHA-512:339FE6E78DB7FF1FBF74FEB8EE9E7C80ACEBABA2020E71E29DA025E88812266F4D79889291BFAD2FD050C76F0C34909E28222D1AE32C258222D108FBB9ED619E
                                Malicious:false
                                Reputation:low
                                URL:https://147.45.47.87/favicon.ico
                                Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</address>.</body></html>.

                                Chrome Cache Entry: 62

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 184 x 146, 8-bit/color RGBA, non-interlaced
                                Category:downloaded
                                Size (bytes):3322
                                Entropy (8bit):7.854651820755909
                                Encrypted:false
                                SSDEEP:96:PsQYMohEgmJxedUPZnr4u77t4lfuWGFHMt1mbVAu5dWC:PsHMYCekZr4u/mQFst1mKu5MC
                                MD5:3B026DD0605E5D46688845F7CE6C2DF1
                                SHA1:395C14329336735F983E16203E73F00A4E18DAC3
                                SHA-256:E2E656CCE0AAF97B1C94B01592FCA89088FD771F55768FB69F95E10C0099CF25
                                SHA-512:AAB3BFDE0FDAC1F3BBB055BF60C104EB3154590FAD827876A1200E04BB13083C80F37388B2E613BAAECC7A3F288904DE787888CF75444BF47C3227A65EB0C9DA
                                Malicious:false
                                Reputation:low
                                URL:https://147.45.47.87/icons/ubuntu-logo.png
                                Preview:.PNG........IHDR.....................IDATx...Q.. .D.K`7...7.....y..v..qC.*.5....m......p..8...p........p..8...p.....\..p..8...p.....\.....8...p.....\.........p.....\.........p.....\.....Xr...m.....<.m.m.m.6..;......i$o.3:...KR.... V...b..Bi...M..U.(.../<L........9....&.~).[...q.../...<U......k..?.G.f.......,x......]....`..'.wkLZ.Y)..)....Y........<.p....sH....(......z.i1....f..{!.......0.]wk5.....hN...Sp...9......a....{..S.m....=.3,.Tp....i.5D.+..?...up.j.zF....UX.=q.... x...:................V.g...K.&......a...7...U...Xi...9..>{.Z..rv.gXp..QHF...H._7.,...0.....d2,..b......._Y.0...\<...:...V~G..,8.y..S."td?../......r..-..*..,.Y...3st.h....P.r./."8.18m...9$vp.v..w.e.T....,.......c....;..k=...@.Ux.Ndn..........$.. ....._}.._...K..~.1...Lr...s...E!...Rp.././.....d..I.O..o......D.-..E..M..x|+..^p..W.VA...$....]85..g....I..t.bYp....}...E:.......$<]...e]p....8.Sh.X.&.......H...hMp..WZ..`.,..l.S..v'(.ZfMp.......P..0.b.....gMp......+h..X.N6....B<.'.

                                Chrome Cache Entry: 63

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (2847)
                                Category:downloaded
                                Size (bytes):2852
                                Entropy (8bit):5.828231904701265
                                Encrypted:false
                                SSDEEP:48:PHSBKlgZ01n4lUEcH6666A9Y29P5NAv1l5KRaaSPI8s50qeS0CnA9km4IuSEqmf3:frli6H6666AyG0vtIavP7sOoA9z4xffP
                                MD5:230B07BCEEECAB6A2C45A84D331E2736
                                SHA1:2834DFBE0F6CB74E5A6BA0E8A82F86645F74562A
                                SHA-256:5825CD24C7355E11DAB1A7C06BFDE13E9CACB8F8E3A9BE9776E25C62B49FEE45
                                SHA-512:54DAD7DA811856BF8E6A70059B66B83C6797CAC4E24E7951B4D0A7EA53862E479C4240925EB0845E293E1555627851D78EE70FACE99859A1E4FAA8031958FA30
                                Malicious:false
                                Reputation:low
                                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                Preview:)]}'.["",["huawei watch fit 3 review","blur documentary","mat armstrong house","uk weather heatwave","workwell programme","palantir stock price","omari hutchinson","emmerdale spoilers tom king"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWh6NDE0bjdfEgpGb290YmFsbGVyMpcLZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFLd01CSWdBQ0VRRURFUUgveEFBY0FBQUNBZ0lEQUFBQUFBQUFBQUFBQUFBSENBQUZBUVFDQXdiL3hBQXlFQUFCQXdNQ0JRRUdCUVVBQUFBQUFBQUJBZ01FQUFVUkJoSUhFeUV4UVZFaU1tR0JrYUVVRldKeHdTTlNjcUt4LzhRQUdRRUJBUUFEQ

                                Chrome Cache Entry: 64

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text
                                Category:downloaded
                                Size (bytes):275
                                Entropy (8bit):5.249744178441575
                                Encrypted:false
                                SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCwpbB8oD:J0+oxBeRmR9etdzRxGezHtpbB8+
                                MD5:C7B8B21B4A189773C57179676E0B96F0
                                SHA1:47810DF9F1BB1BABA0997593AA524ED585919D21
                                SHA-256:5AAC3A8A37A5E70CC163FB0DBA3FD3579004E7B8C7885AE3F42D27C2F88E753E
                                SHA-512:339FE6E78DB7FF1FBF74FEB8EE9E7C80ACEBABA2020E71E29DA025E88812266F4D79889291BFAD2FD050C76F0C34909E28222D1AE32C258222D108FBB9ED619E
                                Malicious:false
                                Reputation:low
                                URL:https://147.45.47.87/script.js
                                Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</address>.</body></html>.

                                Chrome Cache Entry: 65

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text
                                Category:downloaded
                                Size (bytes):10671
                                Entropy (8bit):4.373603057196099
                                Encrypted:false
                                SSDEEP:96:wAL6evwSMhQKrFih8Wdp3667KeQAm+czjJX9059OnBun3nXJgJF2Oiloet2nnSzN:wq6ywSGQKJUnpJKeOJaTE2OiLAI1R
                                MD5:720999B43A3BE0674180354AC41F20B1
                                SHA1:152A75D80C0BDADB382E1CAFE517159CB76A19CC
                                SHA-256:6FAEF4D5D777FDCAA653766B0AC8B9ED32D0FD87F7DCD79F02FF524DD1B0EB69
                                SHA-512:DABE86F15DC4273EB536F62E9C2B847C4BBB2DA9F0B87F00D0718D9E29FFDC719153504F60F46ED5FC54231E346B83ECB9D0E8AAD40CF0256ABE9E4CD6A695E6
                                Malicious:false
                                Reputation:low
                                URL:https://147.45.47.87/
                                Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">. . Modified from the Debian original for Ubuntu. Last updated: 2022-03-22. See: https://launchpad.net/bugs/1966004. -->. <head>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />. <title>Apache2 Ubuntu Default Page: It works</title>. <style type="text/css" media="screen">. * {. margin: 0px 0px 0px 0px;. padding: 0px 0px 0px 0px;. }.. body, html {. padding: 3px 3px 3px 3px;.. background-color: #D8DBE2;.. font-family: Ubuntu, Verdana, sans-serif;. font-size: 11pt;. text-align: center;. }.. div.main_page {. position: relative;. display: table;.. width: 800px;.. margin-bottom: 3px;. margin-left: auto;. margin-right: auto;. padding: 0px 0px 0px 0px;.. border-width: 2px;. border-color: #212738;. border-style: solid;.. backgrou

                                Chrome Cache Entry: 66

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:ASCII text, with very long lines (4337)
                                Category:downloaded
                                Size (bytes):4342
                                Entropy (8bit):5.817849417154171
                                Encrypted:false
                                SSDEEP:96:mW0liBIN6666V9fp8KUOqQD4mC6Uo+sUrRxXQ5b2kfQfffo:Bi7N6666V5wQkmCR7txO3
                                MD5:CE73A046F41CCB98EE83584BDE6E2319
                                SHA1:4B383E1F8C3A168129F952FDC2B3F708330CC500
                                SHA-256:7AF2B50D8E3719193453CED94D911367F7674E18B712FE98D283B991BCFC2B68
                                SHA-512:32D69A655CEC333051DEA9F85E5D1210B00B7EBF47EEB87463D1034686FD47EBA7FB9F06341E1D14C52BF2F5FFE99674D01E17F9738ACA48841320072F09DF9B
                                Malicious:false
                                Reputation:low
                                URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                                Preview:)]}'.["",["palantir stock price","helldivers community manager fired","deta hedman","daily horoscope today","uk weather forecast","uk airports border control","everton takeover","eastenders yolande trueman"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wY256NmdjEhRFbmdsaXNoIGRhcnRzIHBsYXllcjLvE2RhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWJBQUFDQWdNQkFBQUFBQUFBQUFBQUFBQUZCZ01FQVFJSEFQL0VBRFFRQUFJQkF3TUJCZ1VEQXdVQkFBQUFBQUVDQXdRRkVRQVNJVEVHRXlKQlVXRVVJM0dCa1JVeW9VS3hzak5TMGVIeEIvL0VBQmtCQVFBREFRRUFBQUFBQUFBQUFBQUFBQU1DQkFV

                                Chrome Cache Entry: 67

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:PNG image data, 184 x 146, 8-bit/color RGBA, non-interlaced
                                Category:dropped
                                Size (bytes):3322
                                Entropy (8bit):7.854651820755909
                                Encrypted:false
                                SSDEEP:96:PsQYMohEgmJxedUPZnr4u77t4lfuWGFHMt1mbVAu5dWC:PsHMYCekZr4u/mQFst1mKu5MC
                                MD5:3B026DD0605E5D46688845F7CE6C2DF1
                                SHA1:395C14329336735F983E16203E73F00A4E18DAC3
                                SHA-256:E2E656CCE0AAF97B1C94B01592FCA89088FD771F55768FB69F95E10C0099CF25
                                SHA-512:AAB3BFDE0FDAC1F3BBB055BF60C104EB3154590FAD827876A1200E04BB13083C80F37388B2E613BAAECC7A3F288904DE787888CF75444BF47C3227A65EB0C9DA
                                Malicious:false
                                Reputation:low
                                Preview:.PNG........IHDR.....................IDATx...Q.. .D.K`7...7.....y..v..qC.*.5....m......p..8...p........p..8...p.....\..p..8...p.....\.....8...p.....\.........p.....\.........p.....\.....Xr...m.....<.m.m.m.6..;......i$o.3:...KR.... V...b..Bi...M..U.(.../<L........9....&.~).[...q.../...<U......k..?.G.f.......,x......]....`..'.wkLZ.Y)..)....Y........<.p....sH....(......z.i1....f..{!.......0.]wk5.....hN...Sp...9......a....{..S.m....=.3,.Tp....i.5D.+..?...up.j.zF....UX.=q.... x...:................V.g...K.&......a...7...U...Xi...9..>{.Z..rv.gXp..QHF...H._7.,...0.....d2,..b......._Y.0...\<...:...V~G..,8.y..S."td?../......r..-..*..,.Y...3st.h....P.r./."8.18m...9$vp.v..w.e.T....,.......c....;..k=...@.Ux.Ndn..........$.. ....._}.._...K..~.1...Lr...s...E!...Rp.././.....d..I.O..o......D.-..E..M..x|+..^p..W.VA...$....]85..g....I..t.bYp....}...E:.......$<]...e]p....8.Sh.X.&.......H...hMp..WZ..`.,..l.S..v'(.ZfMp.......P..0.b.....gMp......+h..X.N6....B<.'.

                                Chrome Cache Entry: 68

                                Download File
                                Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                File Type:HTML document, ASCII text
                                Category:downloaded
                                Size (bytes):275
                                Entropy (8bit):5.249744178441575
                                Encrypted:false
                                SSDEEP:6:pn0+Dy9xwGObRmEr6VnetdzRx3G0CezoIRCwpbB8oD:J0+oxBeRmR9etdzRxGezHtpbB8+
                                MD5:C7B8B21B4A189773C57179676E0B96F0
                                SHA1:47810DF9F1BB1BABA0997593AA524ED585919D21
                                SHA-256:5AAC3A8A37A5E70CC163FB0DBA3FD3579004E7B8C7885AE3F42D27C2F88E753E
                                SHA-512:339FE6E78DB7FF1FBF74FEB8EE9E7C80ACEBABA2020E71E29DA025E88812266F4D79889291BFAD2FD050C76F0C34909E28222D1AE32C258222D108FBB9ED619E
                                Malicious:false
                                Reputation:low
                                URL:https://147.45.47.87/theme.js
                                Preview:<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html><head>.<title>404 Not Found</title>.</head><body>.<h1>Not Found</h1>.<p>The requested URL was not found on this server.</p>.<hr>.<address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</address>.</body></html>.

                                Static File Info

                                No static file info

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 8, 2024 17:43:16.801191092 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:16.801254988 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:16.801326990 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:16.835577965 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:16.835613012 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:17.486522913 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:17.486824036 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:17.486849070 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:17.488004923 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:17.488069057 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:17.489072084 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:17.489156961 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:17.489238977 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:17.489252090 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:17.529294968 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.124789000 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.124820948 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.124830008 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.124901056 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.124969006 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.125024080 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.125024080 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.125024080 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.126183987 CEST49695443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.126204014 CEST44349695147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.150007963 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.150043964 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.150268078 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.150341988 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.150352001 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.789587021 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.790038109 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.790050983 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.790400982 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.790724993 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.790790081 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:18.790883064 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:18.832119942 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.424329996 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.424351931 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.424415112 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.424422026 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.424472094 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.425367117 CEST49699443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.425386906 CEST44349699147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.430603027 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.430634975 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.430697918 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.431085110 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.431114912 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.431174994 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.431561947 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.431575060 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:19.431725979 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:19.431737900 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.069446087 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.069839001 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.069854021 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.070899963 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.070977926 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.071258068 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.071320057 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.071391106 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.071398020 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.078994036 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.079279900 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.079293966 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.079641104 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.079946995 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.080005884 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.080060959 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.120119095 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.125303984 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.706604958 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.706626892 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.706686974 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.706688881 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.706729889 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.707693100 CEST49701443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.707705975 CEST44349701147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.719984055 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.720048904 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:20.720112085 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.720550060 CEST49702443192.168.2.16147.45.47.87
                                May 8, 2024 17:43:20.720561981 CEST44349702147.45.47.87192.168.2.16
                                May 8, 2024 17:43:21.776936054 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:21.776973963 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:21.777035952 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:21.777389050 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:21.777399063 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:22.116408110 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:22.116718054 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:22.116736889 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:22.117712021 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:22.117775917 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:22.118875027 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:22.118937016 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:22.172411919 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:22.172421932 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:22.220318079 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:24.715267897 CEST49673443192.168.2.16204.79.197.203
                                May 8, 2024 17:43:25.029432058 CEST49673443192.168.2.16204.79.197.203
                                May 8, 2024 17:43:25.636348009 CEST49673443192.168.2.16204.79.197.203
                                May 8, 2024 17:43:26.846429110 CEST49673443192.168.2.16204.79.197.203
                                May 8, 2024 17:43:29.257368088 CEST49673443192.168.2.16204.79.197.203
                                May 8, 2024 17:43:31.073473930 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.073513031 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.073596954 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.075289965 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.075301886 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.237445116 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:31.237485886 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:31.237576008 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:31.238639116 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:31.238651037 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:31.410135031 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.410221100 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.414439917 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.414447069 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.414649010 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.451543093 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.492117882 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.730635881 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.730695009 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.730753899 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.730830908 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.730849028 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.730861902 CEST49709443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.730866909 CEST4434970996.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.768568993 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.768593073 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:31.768667936 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.768949032 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:31.768959999 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.097943068 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.098028898 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:32.099401951 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:32.099411964 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.099636078 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.100728035 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:32.141294003 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:32.141364098 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:32.141419888 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:32.144119978 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.149704933 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:32.149808884 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:32.152494907 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:32.152510881 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:32.152740955 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:32.194376945 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:32.213875055 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:32.260118008 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:32.426429987 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.426497936 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.426593065 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:32.427357912 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:32.427376986 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.427388906 CEST49711443192.168.2.1696.7.158.101
                                May 8, 2024 17:43:32.427393913 CEST4434971196.7.158.101192.168.2.16
                                May 8, 2024 17:43:32.878845930 CEST49678443192.168.2.1620.189.173.10
                                May 8, 2024 17:43:33.043509007 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043529034 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043535948 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043545961 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043601036 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043628931 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:33.043661118 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043677092 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043685913 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:33.043709993 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.043736935 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:33.043765068 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:33.054683924 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:33.054707050 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.054723978 CEST49710443192.168.2.1640.127.169.103
                                May 8, 2024 17:43:33.054728985 CEST4434971040.127.169.103192.168.2.16
                                May 8, 2024 17:43:33.056545973 CEST49703443192.168.2.16142.251.215.228
                                May 8, 2024 17:43:33.056581974 CEST44349703142.251.215.228192.168.2.16
                                May 8, 2024 17:43:33.182348967 CEST49678443192.168.2.1620.189.173.10
                                May 8, 2024 17:43:33.788341045 CEST49678443192.168.2.1620.189.173.10
                                May 8, 2024 17:43:34.059345961 CEST49673443192.168.2.16204.79.197.203
                                May 8, 2024 17:43:35.003350973 CEST49678443192.168.2.1620.189.173.10
                                May 8, 2024 17:43:37.349483013 CEST4968080192.168.2.16192.229.211.108
                                May 8, 2024 17:43:37.413341045 CEST49678443192.168.2.1620.189.173.10
                                May 8, 2024 17:43:37.652362108 CEST4968080192.168.2.16192.229.211.108
                                May 8, 2024 17:43:38.261132956 CEST4968080192.168.2.16192.229.211.108
                                May 8, 2024 17:43:39.468369007 CEST4968080192.168.2.16192.229.211.108
                                May 8, 2024 17:43:41.884361982 CEST4968080192.168.2.16192.229.211.108
                                May 8, 2024 17:43:42.215365887 CEST49678443192.168.2.1620.189.173.10
                                May 8, 2024 17:43:43.667372942 CEST49673443192.168.2.16204.79.197.203
                                May 8, 2024 17:43:46.699383020 CEST4968080192.168.2.16192.229.211.108
                                May 8, 2024 17:43:51.817439079 CEST49678443192.168.2.1620.189.173.10
                                May 8, 2024 17:43:56.310395956 CEST4968080192.168.2.16192.229.211.108
                                May 8, 2024 17:44:01.433837891 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.433875084 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.433960915 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.434827089 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.434839010 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.772233963 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.772669077 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.772681952 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.773036003 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.773417950 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.773468971 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.773929119 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.773962021 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.774036884 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.774198055 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.774240971 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.774300098 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.774447918 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.774467945 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.774519920 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.774570942 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.774867058 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.774879932 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.775096893 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.775127888 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.775255919 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.775269032 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.820120096 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.853193045 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.853214025 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:01.853280067 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.853741884 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:01.853751898 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.111157894 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.111447096 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.111470938 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.111787081 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.112190008 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.112255096 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.112323999 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.114142895 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.114332914 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.114351988 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.114695072 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.114967108 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.115035057 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.115048885 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.115410089 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.115573883 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.115585089 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.116638899 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.116702080 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.116946936 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.117005110 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.117018938 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.134900093 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.134987116 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.135023117 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.135036945 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.135046959 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.135096073 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.137573957 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.137685061 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.137727022 CEST44349712142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.137774944 CEST49712443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.156122923 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.156133890 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.160121918 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.168442011 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.168451071 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.168458939 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.168898106 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.168927908 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.169008970 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.169209003 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.169218063 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.188429117 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.188632011 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.188644886 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.189914942 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.189981937 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.190260887 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.190330982 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.190361977 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.216398001 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.232444048 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.232458115 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.280420065 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.298818111 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.298944950 CEST44349716142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.299019098 CEST49716443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.504225969 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.504643917 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.504661083 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.504987955 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.505285978 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.505361080 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.547492981 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.757844925 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.757987022 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.758033037 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.758625984 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.758644104 CEST44349715142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.758656025 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.758691072 CEST49715443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.759368896 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.804121971 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.829745054 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.829876900 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.830027103 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.830270052 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.830286980 CEST44349713142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.830296993 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.830333948 CEST49713443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.831443071 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.831468105 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.831537008 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.831731081 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.831743956 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.892986059 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.893080950 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.893132925 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.893434048 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.893445015 CEST44349714142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.893455029 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.893493891 CEST49714443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.931442976 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.931495905 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.931543112 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.931554079 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.931643963 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:02.931694984 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.932081938 CEST49717443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:02.932090998 CEST44349717142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.167182922 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.167467117 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.167476892 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.167757988 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.168124914 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.168176889 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.168533087 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.168570042 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.168606997 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.168642044 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.168813944 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.168828011 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.212116003 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.503113985 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.503395081 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.503410101 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.503741026 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.504023075 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.504091024 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.504153967 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.506916046 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.506957054 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.506982088 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.507005930 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.507028103 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.507069111 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.508166075 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.508194923 CEST44349718142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.508253098 CEST49718443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.552114010 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.841705084 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.841748953 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.841777086 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.841813087 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.841830969 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.841876030 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.842343092 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.842348099 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.842413902 CEST44349719142.251.215.228192.168.2.16
                                May 8, 2024 17:44:03.842428923 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:03.842461109 CEST49719443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:08.978023052 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:08.978059053 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:08.978130102 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:08.978492022 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:08.978504896 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.313194036 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.313477039 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.313494921 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.313818932 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.314162970 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.314222097 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.314289093 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.360111952 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.442049026 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:09.442081928 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:09.442174911 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:09.442554951 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:09.442568064 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:09.675465107 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.675522089 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.675561905 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.675582886 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.675601959 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.675645113 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.675649881 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.686410904 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.686479092 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.686491013 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.691361904 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:09.691420078 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.691524029 CEST49720443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:09.691539049 CEST44349720142.251.215.228192.168.2.16
                                May 8, 2024 17:44:10.353271008 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:10.353434086 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:10.354676008 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:10.354684114 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:10.354912996 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:10.356319904 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:10.400126934 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:11.259408951 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:11.259430885 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:11.259449959 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:11.259530067 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:11.259548903 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:11.259562969 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:11.259628057 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:11.262032032 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:11.262043953 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:11.262062073 CEST49721443192.168.2.1640.127.169.103
                                May 8, 2024 17:44:11.262067080 CEST4434972140.127.169.103192.168.2.16
                                May 8, 2024 17:44:14.889748096 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:14.889782906 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:14.889863014 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:14.890070915 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:14.890081882 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:14.890863895 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:14.890885115 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:14.890949011 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:14.891150951 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:14.891163111 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.537451982 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.537839890 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:15.537877083 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.538258076 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.538429022 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.538742065 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:15.538806915 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:15.538816929 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.538825035 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.538893938 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:15.539148092 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.539486885 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:15.539561033 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.580123901 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:15.590425968 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:16.185096025 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:16.185173988 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:16.185245037 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:16.185961962 CEST49722443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:16.185978889 CEST44349722147.45.47.87192.168.2.16
                                May 8, 2024 17:44:18.039505005 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.039539099 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.039606094 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.039865017 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.039877892 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.374586105 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.374842882 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.374866009 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.375149965 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.375415087 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.375466108 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.375540018 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.416124105 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.735749006 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.735800982 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.735851049 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.735871077 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.735894918 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.735940933 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.735984087 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.741905928 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:18.741969109 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.742103100 CEST49725443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:18.742116928 CEST44349725142.251.215.228192.168.2.16
                                May 8, 2024 17:44:21.662452936 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:21.662482023 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:21.662555933 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:21.662758112 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:21.662767887 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:22.001558065 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:22.001894951 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:22.001914024 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:22.002266884 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:22.002576113 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:22.002676964 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:22.045459986 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:24.834467888 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:24.836299896 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:24.836332083 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:24.836498022 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:24.836769104 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:24.836781979 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:24.876125097 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.161458015 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.161525965 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.161681890 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:25.162197113 CEST49723443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:25.162210941 CEST44349723147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.486320972 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.486679077 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:25.486702919 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.486994028 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.487503052 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:25.487559080 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:25.539589882 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:26.955583096 CEST49688443192.168.2.16204.79.197.200
                                May 8, 2024 17:44:32.022727966 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:32.022803068 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:32.022876978 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:33.047064066 CEST49726443192.168.2.16142.251.215.228
                                May 8, 2024 17:44:33.047086000 CEST44349726142.251.215.228192.168.2.16
                                May 8, 2024 17:44:45.816519976 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:45.816586971 CEST44349727147.45.47.87192.168.2.16
                                May 8, 2024 17:44:45.816649914 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:47.059127092 CEST49727443192.168.2.16147.45.47.87
                                May 8, 2024 17:44:47.059159994 CEST44349727147.45.47.87192.168.2.16

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                May 8, 2024 17:43:16.933310032 CEST53627291.1.1.1192.168.2.16
                                May 8, 2024 17:43:17.004744053 CEST53520901.1.1.1192.168.2.16
                                May 8, 2024 17:43:17.902992010 CEST53628211.1.1.1192.168.2.16
                                May 8, 2024 17:43:21.609225988 CEST5503653192.168.2.161.1.1.1
                                May 8, 2024 17:43:21.609370947 CEST5653053192.168.2.161.1.1.1
                                May 8, 2024 17:43:21.772753954 CEST53565301.1.1.1192.168.2.16
                                May 8, 2024 17:43:21.772773981 CEST53550361.1.1.1192.168.2.16
                                May 8, 2024 17:43:34.912832022 CEST53527371.1.1.1192.168.2.16
                                May 8, 2024 17:43:52.701446056 CEST137137192.168.2.16192.168.2.255
                                May 8, 2024 17:43:53.458494902 CEST137137192.168.2.16192.168.2.255
                                May 8, 2024 17:43:53.799082041 CEST53577111.1.1.1192.168.2.16
                                May 8, 2024 17:43:54.210480928 CEST137137192.168.2.16192.168.2.255
                                May 8, 2024 17:44:16.498624086 CEST53531331.1.1.1192.168.2.16
                                May 8, 2024 17:44:16.939685106 CEST53596591.1.1.1192.168.2.16
                                May 8, 2024 17:44:29.040641069 CEST138138192.168.2.16192.168.2.255
                                May 8, 2024 17:44:45.788549900 CEST53525971.1.1.1192.168.2.16

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                May 8, 2024 17:43:21.609225988 CEST192.168.2.161.1.1.10x3fa4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                May 8, 2024 17:43:21.609370947 CEST192.168.2.161.1.1.10xa107Standard query (0)www.google.com65IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                May 8, 2024 17:43:21.772753954 CEST1.1.1.1192.168.2.160xa107No error (0)www.google.com65IN (0x0001)false
                                May 8, 2024 17:43:21.772773981 CEST1.1.1.1192.168.2.160x3fa4No error (0)www.google.com142.251.215.228A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • 147.45.47.87
                                • https:
                                • fs.microsoft.com
                                • slscr.update.microsoft.com
                                • www.google.com

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.1649695147.45.47.874436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:43:17 UTC655OUTGET / HTTP/1.1
                                Host: 147.45.47.87
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:43:18 UTC274INHTTP/1.1 200 OK
                                Date: Wed, 08 May 2024 15:43:17 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Last-Modified: Sat, 04 May 2024 14:06:29 GMT
                                ETag: "29af-617a157c224ae"
                                Accept-Ranges: bytes
                                Content-Length: 10671
                                Vary: Accept-Encoding
                                Connection: close
                                Content-Type: text/html
                                2024-05-08 15:43:18 UTC7918INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 20 3c 21 2d 2d 0a 20 20 20 20 4d 6f 64 69 66 69 65 64 20 66 72 6f 6d 20 74 68 65 20 44 65 62 69 61 6e 20 6f 72 69 67 69 6e 61 6c 20 66 6f 72 20 55 62 75 6e 74 75 0a 20 20 20 20 4c 61 73 74 20 75 70 64 61 74 65 64 3a 20 32 30 32 32 2d 30 33 2d 32 32 0a 20 20 20 20
                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"> ... Modified from the Debian original for Ubuntu Last updated: 2022-03-22
                                2024-05-08 15:43:18 UTC2753INData Raw: 20 20 61 6e 64 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 74 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 32 65 6e 63 6f 6e 66 2c 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 61 32 64 69 73 63 6f 6e 66 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 74 74 3e 2e 20 53 65 65 20 74 68 65 69 72 20 72 65 73 70 65 63 74 69 76 65 20 6d 61 6e 20 70 61 67 65 73 20 66 6f 72 20 64 65 74 61 69 6c 65 64 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 2e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20
                                Data Ascii: and <tt> a2enconf, a2disconf </tt>. See their respective man pages for detailed information. </li>


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.1649699147.45.47.874436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:43:18 UTC590OUTGET /icons/ubuntu-logo.png HTTP/1.1
                                Host: 147.45.47.87
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Sec-Fetch-Site: same-origin
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Referer: https://147.45.47.87/
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:43:19 UTC249INHTTP/1.1 200 OK
                                Date: Wed, 08 May 2024 15:43:19 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Last-Modified: Wed, 10 Apr 2024 17:45:18 GMT
                                ETag: "cfa-615c19a11e780"
                                Accept-Ranges: bytes
                                Content-Length: 3322
                                Connection: close
                                Content-Type: image/png
                                2024-05-08 15:43:19 UTC3322INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b8 00 00 00 92 08 06 00 00 00 f6 04 00 97 00 00 0c c1 49 44 41 54 78 da ec d2 51 09 00 20 10 44 c1 4b 60 37 1b 08 a6 37 81 9f ca e5 d8 79 b0 09 76 ea cc 71 43 b6 2a 2e 35 f0 17 b2 ed 6d c0 01 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 80 0b 70 01 0e b8 00 07 5c 80 7f f6 ce 01 58 72 ac 8b e3 9f 6d db df ee 96 d6 b6 8d 3c 8c 6d db b6 6d db b6 6d db 36 a2 b6 3b c9 7f df 9c 9a e9 9a ed 69 24 6f ba 33 3a bf aa e1 4b 52 fa e5 d6 b9 f7 20 56 7f fd 0c 62 f1 ff 42 69 9c 07 b5 4d 19 c8 55
                                Data Ascii: PNGIHDRIDATxQ DK`77yvqC*.5mp8pp8p\p8p\.8p\.p\.p\Xrm<mmm6;i$o3:KR VbBiMU


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.1649701147.45.47.874436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:43:20 UTC357OUTGET /icons/ubuntu-logo.png HTTP/1.1
                                Host: 147.45.47.87
                                Connection: keep-alive
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: */*
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: cors
                                Sec-Fetch-Dest: empty
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:43:20 UTC249INHTTP/1.1 200 OK
                                Date: Wed, 08 May 2024 15:43:20 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Last-Modified: Wed, 10 Apr 2024 17:45:18 GMT
                                ETag: "cfa-615c19a11e780"
                                Accept-Ranges: bytes
                                Content-Length: 3322
                                Connection: close
                                Content-Type: image/png
                                2024-05-08 15:43:20 UTC3322INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b8 00 00 00 92 08 06 00 00 00 f6 04 00 97 00 00 0c c1 49 44 41 54 78 da ec d2 51 09 00 20 10 44 c1 4b 60 37 1b 08 a6 37 81 9f ca e5 d8 79 b0 09 76 ea cc 71 43 b6 2a 2e 35 f0 17 b2 ed 6d c0 01 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 17 e0 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 0b 70 c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 05 38 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 02 1c 70 01 0e b8 00 07 5c 80 03 2e c0 01 17 e0 80 0b 70 01 0e b8 00 07 5c 80 7f f6 ce 01 58 72 ac 8b e3 9f 6d db df ee 96 d6 b6 8d 3c 8c 6d db b6 6d db b6 6d db 36 a2 b6 3b c9 7f df 9c 9a e9 9a ed 69 24 6f ba 33 3a bf aa e1 4b 52 fa e5 d6 b9 f7 20 56 7f fd 0c 62 f1 ff 42 69 9c 07 b5 4d 19 c8 55
                                Data Ascii: PNGIHDRIDATxQ DK`77yvqC*.5mp8pp8p\p8p\.8p\.p\.p\Xrm<mmm6;i$o3:KR VbBiMU


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                3192.168.2.1649702147.45.47.874436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:43:20 UTC580OUTGET /favicon.ico HTTP/1.1
                                Host: 147.45.47.87
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                sec-ch-ua-platform: "Windows"
                                Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                Sec-Fetch-Site: same-origin
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: image
                                Referer: https://147.45.47.87/
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:43:20 UTC180INHTTP/1.1 404 Not Found
                                Date: Wed, 08 May 2024 15:43:20 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Content-Length: 275
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                2024-05-08 15:43:20 UTC275INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 34 37 2e 38 37 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</addr


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                4192.168.2.164970996.7.158.101443
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:43:31 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                Accept-Encoding: identity
                                User-Agent: Microsoft BITS/7.8
                                Host: fs.microsoft.com
                                2024-05-08 15:43:31 UTC466INHTTP/1.1 200 OK
                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                Content-Type: application/octet-stream
                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                Server: ECAcc (sac/2518)
                                X-CID: 11
                                X-Ms-ApiVersion: Distribute 1.2
                                X-Ms-Region: prod-eus-z1
                                Cache-Control: public, max-age=55211
                                Date: Wed, 08 May 2024 15:43:31 GMT
                                Connection: close
                                X-CID: 2


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                5192.168.2.164971196.7.158.101443
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:43:32 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                Accept-Encoding: identity
                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                Range: bytes=0-2147483646
                                User-Agent: Microsoft BITS/7.8
                                Host: fs.microsoft.com
                                2024-05-08 15:43:32 UTC534INHTTP/1.1 200 OK
                                Content-Type: application/octet-stream
                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                ApiVersion: Distribute 1.1
                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                X-Azure-Ref: 0gZGqYgAAAAALDuImPJT0QKVHnlugaXU1UERYMzFFREdFMDIxMgBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                Cache-Control: public, max-age=38673
                                Date: Wed, 08 May 2024 15:43:32 GMT
                                Content-Length: 55
                                Connection: close
                                X-CID: 2
                                2024-05-08 15:43:32 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                6192.168.2.164971040.127.169.103443
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:43:32 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=krexCVWRrMvTskN&MD=H6ORxpkR HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                Host: slscr.update.microsoft.com
                                2024-05-08 15:43:33 UTC560INHTTP/1.1 200 OK
                                Cache-Control: no-cache
                                Pragma: no-cache
                                Content-Type: application/octet-stream
                                Expires: -1
                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                MS-CorrelationId: cfca9ef9-4a09-407c-b529-c1b8c1275a1b
                                MS-RequestId: fde6c24d-e83d-413f-8ce8-fa0125c6d501
                                MS-CV: ygwU4qJ+gEOkRGKJ.0
                                X-Microsoft-SLSClientCache: 2880
                                Content-Disposition: attachment; filename=environment.cab
                                X-Content-Type-Options: nosniff
                                Date: Wed, 08 May 2024 15:43:32 GMT
                                Connection: close
                                Content-Length: 24490
                                2024-05-08 15:43:33 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                2024-05-08 15:43:33 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                7192.168.2.1649712142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:01 UTC623OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:02 UTC1191INHTTP/1.1 200 OK
                                Date: Wed, 08 May 2024 15:44:02 GMT
                                Pragma: no-cache
                                Expires: -1
                                Cache-Control: no-cache, must-revalidate
                                Content-Type: text/javascript; charset=UTF-8
                                Strict-Transport-Security: max-age=31536000
                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-flpKLaY68lOThSGSswCERA' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                Accept-CH: Sec-CH-UA-Platform
                                Accept-CH: Sec-CH-UA-Platform-Version
                                Accept-CH: Sec-CH-UA-Full-Version
                                Accept-CH: Sec-CH-UA-Arch
                                Accept-CH: Sec-CH-UA-Model
                                Accept-CH: Sec-CH-UA-Bitness
                                Accept-CH: Sec-CH-UA-Full-Version-List
                                Accept-CH: Sec-CH-UA-WoW64
                                Permissions-Policy: unload=()
                                Content-Disposition: attachment; filename="f.txt"
                                Server: gws
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Accept-Ranges: none
                                Vary: Accept-Encoding
                                Connection: close
                                Transfer-Encoding: chunked
                                2024-05-08 15:44:02 UTC64INData Raw: 62 32 34 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 68 75 61 77 65 69 20 77 61 74 63 68 20 66 69 74 20 33 20 72 65 76 69 65 77 22 2c 22 62 6c 75 72 20 64 6f 63 75 6d 65 6e 74 61 72 79 22 2c 22 6d
                                Data Ascii: b24)]}'["",["huawei watch fit 3 review","blur documentary","m
                                2024-05-08 15:44:02 UTC1255INData Raw: 61 74 20 61 72 6d 73 74 72 6f 6e 67 20 68 6f 75 73 65 22 2c 22 75 6b 20 77 65 61 74 68 65 72 20 68 65 61 74 77 61 76 65 22 2c 22 77 6f 72 6b 77 65 6c 6c 20 70 72 6f 67 72 61 6d 6d 65 22 2c 22 70 61 6c 61 6e 74 69 72 20 73 74 6f 63 6b 20 70 72 69 63 65 22 2c 22 6f 6d 61 72 69 20 68 75 74 63 68 69 6e 73 6f 6e 22 2c 22 65 6d 6d 65 72 64 61 6c 65 20 73 70 6f 69 6c 65 72 73 20 74 6f 6d 20 6b 69 6e 67 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d
                                Data Ascii: at armstrong house","uk weather heatwave","workwell programme","palantir stock price","omari hutchinson","emmerdale spoilers tom king"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbm
                                2024-05-08 15:44:02 UTC1255INData Raw: 69 53 53 38 33 56 56 56 6a 62 48 4e 53 56 6e 52 54 63 57 64 4a 62 6e 59 32 62 46 4e 77 56 6d 39 58 55 33 46 6d 56 57 56 77 59 6c 5a 77 65 55 35 36 63 6d 35 4b 55 32 68 68 61 47 78 30 62 46 42 57 65 48 6f 76 51 55 4a 55 4c 30 46 45 4d 6a 6c 55 56 30 35 5a 57 47 52 57 61 44 41 78 59 30 78 72 4d 33 51 31 63 6b 78 59 4f 55 78 6b 4d 6a 4e 72 4e 31 55 31 4b 31 70 47 54 47 5a 4b 62 58 6c 4d 61 6b 70 6a 61 31 52 49 4d 30 67 7a 4d 55 67 79 4d 31 68 57 59 6d 78 48 62 6a 68 4d 61 43 39 4a 65 58 70 49 51 55 56 73 57 6c 70 79 4d 45 70 6c 59 57 64 73 64 54 4e 4c 4e 33 70 61 65 45 4a 5a 4c 30 56 51 53 31 5a 35 4d 55 52 6a 56 57 70 33 54 53 39 30 57 48 5a 31 52 33 56 31 54 46 52 48 64 44 64 47 5a 33 56 55 4d 7a 52 54 55 58 6c 57 51 6e 51 78 4e 47 64 4f 64 57 68 54 61 56
                                Data Ascii: iSS83VVVjbHNSVnRTcWdJbnY2bFNwVm9XU3FmVWVwYlZweU56cm5KU2hhaGx0bFBWeHovQUJUL0FEMjlUV05ZWGRWaDAxY0xrM3Q1ckxYOUxkMjNrN1U1K1pGTGZKbXlMakpja1RIM0gzMUgyM1hWYmxHbjhMaC9JeXpIQUVsWlpyMEplYWdsdTNLN3paeEJZL0VQS1Z5MURjVWp3TS90WHZ1R3V1TFRHdDdGZ3VUMzRTUXlWQnQxNGdOdWhTaV
                                2024-05-08 15:44:02 UTC285INData Raw: 7d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 72 65 6c 65 76 61 6e 63 65 22 3a 5b 31 32 35 37 2c 31 32 35 36 2c 31 32 35 35 2c 31 32 35 34 2c 31 32 35 33 2c 31 32 35 32 2c 31 32 35 31 2c 31 32 35 30 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 73 75 62 74 79 70 65 73 22 3a 5b 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22
                                Data Ascii: }],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY"
                                2024-05-08 15:44:02 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                8192.168.2.1649714142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:02 UTC353OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:02 UTC1196INHTTP/1.1 302 Found
                                Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTxcGMK77rEGIjAk48Y8KCg8B4mVUFuQqcu4G-RyvpSaQ5jcTj__ueSIzfMdaTDINFswKEzxMxmsmt4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                x-hallmonitor-challenge: CgwIwrvusQYQ1Y6N_gISBFG1PFw
                                Content-Type: text/html; charset=UTF-8
                                Strict-Transport-Security: max-age=31536000
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                Permissions-Policy: unload=()
                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                Date: Wed, 08 May 2024 15:44:02 GMT
                                Server: gws
                                Content-Length: 427
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Set-Cookie: __Secure-ENID=19.SE=BdrYIav8qa1jFy8QMt8WW5c3Q-ui4HivV3L1QCPMXrWUWiqXBLvgilKv8vUiqgLXqNDJ0Aac59a7KOxp7J0vXuk_EIQaFhGY626cIzIJ4gOskjAE8rr16t63Q4uj1-nnGyJd0WM4FfkjpRfK_pLhT1HZV0GoUMcHN2PgvhOyQj4mwrMm; expires=Sun, 08-Jun-2025 08:02:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-08 15:44:02 UTC59INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68
                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/h
                                2024-05-08 15:44:02 UTC368INData Raw: 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e 63 25 33 44 6e 74 70 3a 32 26 61 6d 70 3b 71 3d 45 67 52 52 74 54 78 63 47 4d 4b 37 37 72 45 47 49 6a 41 6b 34 38 59 38 4b 43 67 38 42 34 6d 56 55 46 75 51 71 63 75 34 47 2d 52
                                Data Ascii: tml;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&amp;q=EgRRtTxcGMK77rEGIjAk48Y8KCg8B4mVUFuQqcu4G-R


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.1649713142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:02 UTC526OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:02 UTC1223INHTTP/1.1 302 Found
                                Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTxcGMK77rEGIjADuDs5gq96l2jMmM-WTSLC32UTfhufqokbmzs2mbyiYw0rWhgX01uNmSUFQRVEpzAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                x-hallmonitor-challenge: CgwIwrvusQYQ9Z3m4AISBFG1PFw
                                Content-Type: text/html; charset=UTF-8
                                Strict-Transport-Security: max-age=31536000
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                Permissions-Policy: unload=()
                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                Date: Wed, 08 May 2024 15:44:02 GMT
                                Server: gws
                                Content-Length: 458
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Set-Cookie: __Secure-ENID=19.SE=R3_2Vm3FFDZk-qlCykunQp01sYR3duC4wBOFS8Ullece7mQLcGG7MWw_CVKXqruEVUqj2NULwwMbHRfgIBOoaFpT9zdPxSm-xjxo33bA87z_bnu7UzKM7IvYFa3IL5mk7ebHjEo7sTscu1xZJmvO2znuPga7reY1J0Bi8ITphUJCXFBu; expires=Sun, 08-Jun-2025 08:02:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-08 15:44:02 UTC32INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f
                                Data Ascii: <HTML><HEAD><meta http-equiv="co
                                2024-05-08 15:44:02 UTC426INData Raw: 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 6c 25 33 44 65 6e 2d 55 53 25 32 36 61 73 79 6e 63 25 33 44 66 69 78 65 64 3a 30 26 61 6d 70 3b
                                Data Ascii: ntent-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&amp;


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                10192.168.2.1649715142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:02 UTC353OUTGET /async/newtab_promos HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:02 UTC1140INHTTP/1.1 302 Found
                                Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTxcGMK77rEGIjDZ5XczcUie6ow5vZ6pxIqhgT4Nhff0NJGOyxQLHhtR1nYiUsYi6-ed-7snibsaVtsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM
                                x-hallmonitor-challenge: CgwIwrvusQYQv8vQvgISBFG1PFw
                                Content-Type: text/html; charset=UTF-8
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                Permissions-Policy: unload=()
                                P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                Date: Wed, 08 May 2024 15:44:02 GMT
                                Server: gws
                                Content-Length: 417
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Set-Cookie: __Secure-ENID=19.SE=DfnBX9kPgnjnG1PyTaR3hR3GHm5XcHgC9mN5r63BYJNHvnbtHDwzGfkEScJu4wuwznsvZ-q79a0FPMf8SDtdyBIdpTe43PDv-juhEqN7GffBHR66N273H5TzSfl0ADJgIikDbBfdDIAAEc9sZVE0Izk-et1iLLgsiapKBnjTjssyVzQ; expires=Sun, 08-Jun-2025 08:02:20 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-08 15:44:02 UTC115INData Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59
                                Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY
                                2024-05-08 15:44:02 UTC302INData Raw: 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 61 6d 70 3b 71 3d 45 67 52 52 74 54 78 63 47 4d 4b 37 37 72 45 47 49 6a 44 5a 35 58 63 7a 63 55 69 65 36 6f 77 35 76 5a 36 70 78 49 71 68 67 54 34 4e 68 66 66 30 4e 4a 47 4f 79 78 51 4c 48 68 74 52 31 6e 59 69 55 73 59 69 36 2d 65 64 2d 37 73 6e 69 62 73 61 56 74 73 79 41 58 4a 4b 47 56 4e 50 55 6c 4a 5a 58 30 46 43 56 56 4e 4a 56 6b 56 66 54
                                Data Ascii: ><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&amp;q=EgRRtTxcGMK77rEGIjDZ5XczcUie6ow5vZ6pxIqhgT4Nhff0NJGOyxQLHhtR1nYiUsYi6-ed-7snibsaVtsyAXJKGVNPUlJZX0FCVVNJVkVfT


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                11192.168.2.1649716142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:02 UTC609OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                12192.168.2.1649717142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:02 UTC527OUTGET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRRtTxcGMK77rEGIjDZ5XczcUie6ow5vZ6pxIqhgT4Nhff0NJGOyxQLHhtR1nYiUsYi6-ed-7snibsaVtsyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:02 UTC356INHTTP/1.1 429 Too Many Requests
                                Date: Wed, 08 May 2024 15:44:02 GMT
                                Pragma: no-cache
                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                Cache-Control: no-store, no-cache, must-revalidate
                                Content-Type: text/html
                                Server: HTTP server (unknown)
                                Content-Length: 3111
                                X-XSS-Protection: 0
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-08 15:44:02 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64
                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
                                2024-05-08 15:44:02 UTC1255INData Raw: 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 61 51 71 77 65 46 70 71 36 6f 65 4f 6c 6d 75 7a 38 37 65 7a 46 67 50 7a 31 54 42 62 43 59 4c 63 79
                                Data Ascii: ack = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="aQqweFpq6oeOlmuz87ezFgPz1TBbCYLcy
                                2024-05-08 15:44:02 UTC957INData Raw: 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 73 6f 6c 76 69 6e
                                Data Ascii: ogle automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime, solvin


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                13192.168.2.1649718142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:03 UTC717OUTGET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRRtTxcGMK77rEGIjADuDs5gq96l2jMmM-WTSLC32UTfhufqokbmzs2mbyiYw0rWhgX01uNmSUFQRVEpzAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
                                Sec-Fetch-Site: cross-site
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:03 UTC356INHTTP/1.1 429 Too Many Requests
                                Date: Wed, 08 May 2024 15:44:03 GMT
                                Pragma: no-cache
                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                Cache-Control: no-store, no-cache, must-revalidate
                                Content-Type: text/html
                                Server: HTTP server (unknown)
                                Content-Length: 3183
                                X-XSS-Protection: 0
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-08 15:44:03 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79
                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&amp;asy
                                2024-05-08 15:44:03 UTC1255INData Raw: 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6b 43 43 2d 53 4b 62 5f 70
                                Data Ascii: <script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="kCC-SKb_p
                                2024-05-08 15:44:03 UTC1029INData Raw: 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74
                                Data Ascii: ; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly aft


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                14192.168.2.1649719142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:03 UTC531OUTGET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRRtTxcGMK77rEGIjAk48Y8KCg8B4mVUFuQqcu4G-RyvpSaQ5jcTj__ueSIzfMdaTDINFswKEzxMxmsmt4yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:03 UTC356INHTTP/1.1 429 Too Many Requests
                                Date: Wed, 08 May 2024 15:44:03 GMT
                                Pragma: no-cache
                                Expires: Fri, 01 Jan 1990 00:00:00 GMT
                                Cache-Control: no-store, no-cache, must-revalidate
                                Content-Type: text/html
                                Server: HTTP server (unknown)
                                Content-Length: 3129
                                X-XSS-Protection: 0
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Connection: close
                                2024-05-08 15:44:03 UTC899INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e
                                Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
                                2024-05-08 15:44:03 UTC1255INData Raw: 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 6b 32 6a 70 6f 4e 33 65 41 48 41 56 67 42 57 51 75 52 42 51 72 57 35 35 67 50 66
                                Data Ascii: tCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="k2jpoN3eAHAVgBWQuRBQrW55gPf
                                2024-05-08 15:44:03 UTC975INData Raw: 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e
                                Data Ascii: ears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the mean


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                15192.168.2.1649720142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:09 UTC609OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:09 UTC1191INHTTP/1.1 200 OK
                                Date: Wed, 08 May 2024 15:44:09 GMT
                                Pragma: no-cache
                                Expires: -1
                                Cache-Control: no-cache, must-revalidate
                                Content-Type: text/javascript; charset=UTF-8
                                Strict-Transport-Security: max-age=31536000
                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-4ECaEJ37dGqY6xkldCHe_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                Accept-CH: Sec-CH-UA-Platform
                                Accept-CH: Sec-CH-UA-Platform-Version
                                Accept-CH: Sec-CH-UA-Full-Version
                                Accept-CH: Sec-CH-UA-Arch
                                Accept-CH: Sec-CH-UA-Model
                                Accept-CH: Sec-CH-UA-Bitness
                                Accept-CH: Sec-CH-UA-Full-Version-List
                                Accept-CH: Sec-CH-UA-WoW64
                                Permissions-Policy: unload=()
                                Content-Disposition: attachment; filename="f.txt"
                                Server: gws
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Accept-Ranges: none
                                Vary: Accept-Encoding
                                Connection: close
                                Transfer-Encoding: chunked
                                2024-05-08 15:44:09 UTC64INData Raw: 61 65 32 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 72 6f 6e 61 6c 64 20 6c 79 72 69 63 73 20 66 61 6c 6c 69 6e 67 20 69 6e 20 72 65 76 65 72 73 65 22 2c 22 73 74 65 76 65 20 6d 63 63 6c 61 72 65
                                Data Ascii: ae2)]}'["",["ronald lyrics falling in reverse","steve mcclare
                                2024-05-08 15:44:09 UTC1255INData Raw: 6e 22 2c 22 6d 69 63 72 6f 73 6f 66 74 20 63 6c 6f 73 65 73 20 62 65 74 68 65 73 64 61 20 73 74 75 64 69 6f 73 22 2c 22 78 72 70 20 6c 61 77 73 75 69 74 22 2c 22 75 6b 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 62 6c 75 72 20 64 6f 63 75 6d 65 6e 74 61 72 79 22 2c 22 69 70 6c 20 73 61 6e 6a 75 20 73 61 6d 73 6f 6e 22 2c 22 69 70 61 64 20 6c 6f 67 69 63 20 70 72 6f 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45 77 6f 52 56 48 4a 6c 62 6d 52 70 62 6d 63 67 63 32 56
                                Data Ascii: n","microsoft closes bethesda studios","xrp lawsuit","uk weather forecast","blur documentary","ipl sanju samson","ipad logic pro"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2V
                                2024-05-08 15:44:09 UTC1255INData Raw: 6c 59 78 56 6d 51 79 51 32 56 6f 53 58 4a 50 64 46 52 7a 52 32 6c 31 4d 30 39 42 63 31 70 69 65 57 78 45 62 46 51 35 52 46 64 31 53 47 35 44 55 53 74 4f 4e 44 56 59 54 31 4a 70 62 56 41 31 52 48 42 56 4d 47 64 57 61 47 35 47 55 58 56 42 61 6d 4a 53 65 55 30 78 57 6b 6f 34 55 47 70 6b 56 55 6c 70 4f 46 5a 7a 4e 58 42 76 5a 45 45 79 63 56 46 5a 63 32 35 30 56 30 52 43 53 6c 42 35 5a 7a 52 79 4d 6a 4e 6f 57 56 68 46 56 56 52 6a 59 6a 4e 42 65 57 56 75 53 6e 42 78 64 6d 52 51 55 7a 46 51 61 30 5a 57 4e 30 64 34 61 6e 56 4d 61 6b 78 42 5a 56 55 35 4e 6c 5a 49 4d 56 49 76 61 7a 46 53 64 6e 4e 34 63 48 4e 75 52 7a 64 44 61 58 68 47 63 31 4e 71 63 6d 64 61 57 69 74 4f 65 48 42 6a 59 54 4a 54 52 45 52 76 4e 6e 67 31 53 6b 45 34 65 45 70 4b 4b 32 31 4c 61 79 74 4a
                                Data Ascii: lYxVmQyQ2VoSXJPdFRzR2l1M09Bc1pieWxEbFQ5RFd1SG5DUStONDVYT1JpbVA1RHBVMGdWaG5GUXVBamJSeU0xWko4UGpkVUlpOFZzNXBvZEEycVFZc250V0RCSlB5ZzRyMjNoWVhFVVRjYjNBeWVuSnBxdmRQUzFQa0ZWN0d4anVMakxBZVU5NlZIMVIvazFSdnN4cHNuRzdDaXhGc1NqcmdaWitOeHBjYTJTRERvNng1SkE4eEpKK21LaytJ
                                2024-05-08 15:44:09 UTC219INData Raw: 52 6b 64 53 62 6b 4a 51 63 57 5a 54 63 6b 78 52 57 47 74 7a 55 58 56 4b 4e 44 4e 71 56 32 5a 50 4d 6c 5a 72 53 54 4d 72 64 54 42 75 63 6a 6c 68 63 7a 4a 78 53 6c 6c 34 62 56 70 31 54 6d 63 30 4e 44 5a 6d 4f 57 39 44 54 30 74 6e 61 56 70 49 4d 6c 56 6a 4d 44 46 55 57 55 46 4e 65 45 78 4f 61 6e 70 4c 54 33 64 77 62 6e 52 6b 55 54 4e 33 61 55 74 61 4d 6d 46 46 61 6b 46 50 5a 6d 78 79 54 31 64 32 57 6e 42 57 52 7a 52 73 56 56 42 4a 55 55 67 35 56 44 4e 4f 5a 45 78 4d 54 45 5a 6f 4e 45 70 44 63 44 64 78 56 44 56 58 53 47 39 53 55 6d 4a 61 5a 47 56 52 63 30 4e 36 57 56 56 57 4c 79 39 61 4f 67 35 54 64 47 56 32 5a 53 42 4e 59 30 4e 73 59 58 4a 6c 62 0d 0a
                                Data Ascii: RkdSbkJQcWZTckxRWGtzUXVKNDNqV2ZPMlZrSTMrdTBucjlhczJxSll4bVp1Tmc0NDZmOW9DT0tnaVpIMlVjMDFUWUFNeExOanpLT3dwbnRkUTN3aUtaMmFFakFPZmxyT1d2WnBWRzRsVVBJUUg5VDNOZExMTEZoNEpDcDdxVDVXSG9SUmJaZGVRc0N6WVVWLy9aOg5TdGV2ZSBNY0NsYXJlb
                                2024-05-08 15:44:09 UTC86INData Raw: 35 30 0d 0a 6b 6f 48 49 7a 49 34 4e 47 52 68 4d 31 49 35 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 46 52 51 4d 56 52 6a 64 33 6f 34 62 6b 35 7a 52 46 4a 6e 4f 55 39 4a 63 6b 78 72 61 33 52 54 4d 56 68 4a 56 46 55 33 54 31 4e 54 65 45 74 36 55 0d 0a
                                Data Ascii: 50koHIzI4NGRhM1I5Z3Nfc3NwPWVKemo0dFRQMVRjd3o4bk5zRFJnOU9Jckxra3RTMVhJVFU3T1NTeEt6U
                                2024-05-08 15:44:09 UTC1255INData Raw: 63 65 63 0d 0a 55 31 42 59 31 64 33 53 54 46 52 63 41 5a 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 6f 76 62 53 38 77 61 6a 52 6a 4f 44 56 6f 45 69 46 54 59 57 35 71 64 53 42 54 59 57 31 7a 62 32 34 67 34 6f 43 55 49 45 6c 75 5a 47 6c 68 62 69 42 6a 63 6d 6c 6a 61 32 56 30 5a 58 49 79 32 77 39 6b 59 58 52 68 4f 6d 6c 74 59 57 64 6c 4c 32 70 77 5a 57 63 37 59 6d 46 7a 5a 54 59 30 4c 43 38 35 61 69 38 30 51 55 46 52 55 32 74 61 53 6c 4a 6e 51 55 4a 42 55 55 46 42 51 56 46 42 51 6b 46 42 52
                                Data Ascii: cecU1BY1d3STFRcAZwBw\u003d\u003d","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wajRjODVoEiFTYW5qdSBTYW1zb24g4oCUIEluZGlhbiBjcmlja2V0ZXIy2w9kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBR
                                2024-05-08 15:44:09 UTC1255INData Raw: 33 51 30 57 57 74 6d 62 56 4e 54 5a 6d 78 51 62 32 4d 30 4c 31 4e 76 54 54 64 6a 53 6d 77 78 5a 56 46 53 53 31 52 42 57 6c 46 35 62 30 70 6a 59 32 74 69 51 54 6b 32 52 44 46 79 54 47 78 45 52 6e 41 77 54 30 68 4c 61 47 52 53 57 6e 46 44 55 47 52 49 56 7a 4e 59 53 6e 70 68 56 6c 6c 48 5a 54 68 52 51 55 55 72 4d 30 46 79 55 58 5a 61 4d 47 68 30 64 6c 46 30 61 56 45 77 63 33 56 4a 52 55 70 32 4e 57 6c 72 63 48 6c 6a 59 7a 68 49 4e 6a 46 52 59 6a 68 35 5a 6d 52 76 4f 45 74 35 63 56 52 30 62 46 4e 49 56 56 49 79 62 47 4a 30 64 31 5a 31 53 56 4e 47 5a 57 35 51 4d 6b 35 68 57 57 64 34 52 32 39 46 53 6d 6c 49 53 46 52 30 57 6c 6c 69 55 7a 4a 6e 5a 56 4e 52 54 55 4e 79 54 55 34 78 64 56 56 6a 56 48 6b 79 53 32 35 32 55 6c 4a 53 56 6a 42 36 55 57 39 77 53 48 46 79
                                Data Ascii: 3Q0WWtmbVNTZmxQb2M0L1NvTTdjSmwxZVFSS1RBWlF5b0pjY2tiQTk2RDFyTGxERnAwT0hLaGRSWnFDUGRIVzNYSnphVllHZThRQUUrM0FyUXZaMGh0dlF0aVEwc3VJRUp2NWlrcHljYzhINjFRYjh5ZmRvOEt5cVR0bFNIVVIybGJ0d1Z1SVNGZW5QMk5hWWd4R29FSmlISFR0WlliUzJnZVNRTUNyTU4xdVVjVHkyS252UlJSVjB6UW9wSHFy
                                2024-05-08 15:44:09 UTC805INData Raw: 63 44 4e 4c 4e 45 74 34 61 30 52 49 53 6e 6c 51 53 47 64 6b 53 32 78 47 4e 7a 42 75 54 54 41 31 51 31 52 51 61 6c 4e 31 4e 32 4e 56 61 6d 52 73 63 45 6c 68 56 55 46 57 51 54 56 54 63 45 4a 36 4e 44 6c 45 62 6d 63 34 56 58 46 71 64 31 68 76 4f 58 52 6a 64 6b 52 4e 61 48 4e 76 57 6c 56 76 62 30 74 4e 4e 55 38 78 65 45 4e 4e 61 6b 6b 34 4d 30 46 68 57 6d 46 74 5a 47 31 31 56 79 74 5a 62 44 49 33 64 7a 4e 58 4e 47 70 77 57 6d 52 69 55 32 64 76 56 58 42 68 56 6d 74 69 5a 57 31 43 4b 30 56 4c 51 58 6c 42 5a 6b 52 4b 52 6b 38 72 4d 6b 5a 49 56 57 39 49 59 55 73 31 4b 33 49 33 64 45 70 7a 65 6a 6c 7a 62 6e 6c 6f 53 32 46 6b 4d 6a 52 58 4b 32 64 4c 59 32 4a 33 55 56 52 30 56 6a 45 31 65 47 70 75 55 45 4a 77 64 6a 4a 50 57 44 56 35 4d 32 46 30 59 57 64 73 55 69 74
                                Data Ascii: cDNLNEt4a0RISnlQSGdkS2xGNzBuTTA1Q1RQalN1N2NVamRscElhVUFWQTVTcEJ6NDlEbmc4VXFqd1hvOXRjdkRNaHNvWlVvb0tNNU8xeENNakk4M0FhWmFtZG11VytZbDI3dzNXNGpwWmRiU2dvVXBhVmtiZW1CK0VLQXlBZkRKRk8rMkZIVW9IYUs1K3I3dEpzejlzbnloS2FkMjRXK2dLY2J3UVR0VjE1eGpuUEJwdjJPWDV5M2F0YWdsUit
                                2024-05-08 15:44:09 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                16192.168.2.164972140.127.169.103443
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:10 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=krexCVWRrMvTskN&MD=H6ORxpkR HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                Host: slscr.update.microsoft.com
                                2024-05-08 15:44:11 UTC560INHTTP/1.1 200 OK
                                Cache-Control: no-cache
                                Pragma: no-cache
                                Content-Type: application/octet-stream
                                Expires: -1
                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160"
                                MS-CorrelationId: 4bb3fc05-ab99-49fa-8307-ab6e0d6191e9
                                MS-RequestId: b9786190-1d9b-4520-b1aa-1a0b032ea313
                                MS-CV: RapF53TuCkuqTDgv.0
                                X-Microsoft-SLSClientCache: 2160
                                Content-Disposition: attachment; filename=environment.cab
                                X-Content-Type-Options: nosniff
                                Date: Wed, 08 May 2024 15:44:10 GMT
                                Connection: close
                                Content-Length: 25457
                                2024-05-08 15:44:11 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92
                                Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
                                2024-05-08 15:44:11 UTC9633INData Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a
                                Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                17192.168.2.1649722147.45.47.874436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:15 UTC664OUTGET /script.js HTTP/1.1
                                Host: 147.45.47.87
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:16 UTC180INHTTP/1.1 404 Not Found
                                Date: Wed, 08 May 2024 15:44:16 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Content-Length: 275
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                2024-05-08 15:44:16 UTC275INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 34 37 2e 38 37 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</addr


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                18192.168.2.1649725142.251.215.2284436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:18 UTC609OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1
                                Host: www.google.com
                                Connection: keep-alive
                                X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlKHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: no-cors
                                Sec-Fetch-Dest: empty
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:18 UTC1191INHTTP/1.1 200 OK
                                Date: Wed, 08 May 2024 15:44:18 GMT
                                Pragma: no-cache
                                Expires: -1
                                Cache-Control: no-cache, must-revalidate
                                Content-Type: text/javascript; charset=UTF-8
                                Strict-Transport-Security: max-age=31536000
                                Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-2Y6TJVGV2foGejoP4F1Iqg' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                Accept-CH: Sec-CH-UA-Platform
                                Accept-CH: Sec-CH-UA-Platform-Version
                                Accept-CH: Sec-CH-UA-Full-Version
                                Accept-CH: Sec-CH-UA-Arch
                                Accept-CH: Sec-CH-UA-Model
                                Accept-CH: Sec-CH-UA-Bitness
                                Accept-CH: Sec-CH-UA-Full-Version-List
                                Accept-CH: Sec-CH-UA-WoW64
                                Permissions-Policy: unload=()
                                Content-Disposition: attachment; filename="f.txt"
                                Server: gws
                                X-XSS-Protection: 0
                                X-Frame-Options: SAMEORIGIN
                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                Accept-Ranges: none
                                Vary: Accept-Encoding
                                Connection: close
                                Transfer-Encoding: chunked
                                2024-05-08 15:44:18 UTC64INData Raw: 62 62 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 61 6c 61 6e 74 69 72 20 73 74 6f 63 6b 20 70 72 69 63 65 22 2c 22 68 65 6c 6c 64 69 76 65 72 73 20 63 6f 6d 6d 75 6e 69 74 79 20 6d 61 6e 61
                                Data Ascii: bb7)]}'["",["palantir stock price","helldivers community mana
                                2024-05-08 15:44:18 UTC1255INData Raw: 67 65 72 20 66 69 72 65 64 22 2c 22 64 65 74 61 20 68 65 64 6d 61 6e 22 2c 22 64 61 69 6c 79 20 68 6f 72 6f 73 63 6f 70 65 20 74 6f 64 61 79 22 2c 22 75 6b 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 22 75 6b 20 61 69 72 70 6f 72 74 73 20 62 6f 72 64 65 72 20 63 6f 6e 74 72 6f 6c 22 2c 22 65 76 65 72 74 6f 6e 20 74 61 6b 65 6f 76 65 72 22 2c 22 65 61 73 74 65 6e 64 65 72 73 20 79 6f 6c 61 6e 64 65 20 74 72 75 65 6d 61 6e 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f 6f 67 6c 65 3a 67 72 6f 75 70 73 69 6e 66 6f 22 3a 22 43 68 67 49 6b 6b 34 53 45
                                Data Ascii: ger fired","deta hedman","daily horoscope today","uk weather forecast","uk airports border control","everton takeover","eastenders yolande trueman"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SE
                                2024-05-08 15:44:18 UTC1255INData Raw: 34 30 62 33 4a 75 57 57 6f 7a 63 31 55 7a 5a 56 45 31 4c 33 64 43 5a 55 6c 46 52 57 5a 75 63 48 4a 6f 65 48 46 45 55 56 42 4e 62 47 4a 46 57 46 56 68 57 6d 4a 4d 52 45 5a 5a 54 47 70 59 65 6d 31 53 52 33 42 76 65 54 5a 50 52 33 64 57 53 54 56 36 61 6d 39 6d 56 45 49 35 5a 46 67 32 56 7a 42 50 4e 6d 39 58 56 45 4a 4c 5a 32 74 6c 62 57 39 31 65 57 51 35 63 33 5a 68 52 33 6c 6f 63 6a 68 33 56 32 39 76 63 48 68 32 56 47 4e 33 52 58 42 42 65 58 4a 73 52 69 39 6b 4e 54 68 46 52 56 70 43 4d 46 6c 79 64 54 46 47 52 57 4e 44 4d 54 52 69 51 6a 68 6a 61 33 6c 46 54 44 6c 31 5a 58 59 78 4d 46 64 55 59 33 45 79 55 6b 70 5a 64 30 64 68 5a 32 56 55 54 6a 52 69 55 55 5a 42 4f 45 39 79 53 7a 49 32 52 30 52 34 56 48 56 72 59 53 74 79 63 30 4a 77 57 48 56 51 59 56 4a 70 61
                                Data Ascii: 40b3JuWWozc1UzZVE1L3dCZUlFRWZucHJoeHFEUVBNbGJFWFVhWmJMREZZTGpYem1SR3BveTZPR3dWSTV6am9mVEI5ZFg2VzBPNm9XVEJLZ2tlbW91eWQ5c3ZhR3locjh3V29vcHh2VGN3RXBBeXJsRi9kNThFRVpCMFlydTFGRWNDMTRiQjhja3lFTDl1ZXYxMFdUY3EyUkpZd0dhZ2VUTjRiUUZBOE9ySzI2R0R4VHVrYStyc0JwWHVQYVJpa
                                2024-05-08 15:44:18 UTC432INData Raw: 54 4e 6d 64 6d 35 4b 53 55 78 43 53 6e 6c 53 64 30 46 57 4d 6d 34 32 4e 44 59 76 59 6c 56 7a 52 6d 64 6c 53 7a 52 45 52 56 49 79 4e 45 39 44 63 48 6c 51 63 56 42 30 62 7a 56 6c 57 55 78 61 5a 45 74 4b 59 57 46 58 62 6d 70 76 63 58 68 43 4f 48 51 78 56 45 52 30 65 69 39 31 4c 33 46 49 55 48 46 53 63 55 73 77 64 46 56 56 62 48 42 73 63 48 46 74 57 55 35 56 56 56 4e 73 62 30 68 51 55 31 4a 52 54 58 49 35 65 47 70 49 4e 44 46 4e 59 6d 31 52 52 6b 70 68 54 31 70 4e 5a 56 56 77 62 44 52 32 61 31 4e 75 4d 6d 4a 75 62 6d 74 30 56 44 42 30 56 31 4e 4c 4d 6d 31 72 4e 33 52 34 61 6d 74 6f 55 7a 4e 50 5a 6e 4a 71 55 6d 6c 73 64 6d 6c 58 61 6e 56 4a 56 45 55 33 4c 30 64 4e 4d 46 4e 72 53 47 68 54 59 30 74 54 59 30 68 71 64 7a 55 34 64 57 64 51 56 46 4d 78 59 54 51 32
                                Data Ascii: TNmdm5KSUxCSnlSd0FWMm42NDYvYlVzRmdlSzRERVIyNE9DcHlQcVB0bzVlWUxaZEtKYWFXbmpvcXhCOHQxVER0ei91L3FIUHFScUswdFVVbHBscHFtWU5VVVNsb0hQU1JRTXI5eGpINDFNYm1RRkphT1pNZVVwbDR2a1NuMmJubmt0VDB0V1NLMm1rN3R4amtoUzNPZnJqUmlsdmlXanVJVEU3L0dNMFNrSGhTY0tTY0hqdzU4dWdQVFMxYTQ2
                                2024-05-08 15:44:18 UTC90INData Raw: 35 34 0d 0a 7a 5a 46 55 35 55 45 4a 4d 51 32 74 31 4e 7a 56 69 4b 30 70 33 62 7a 68 50 56 7a 51 30 4f 43 38 33 4e 6c 68 73 62 58 42 76 53 33 42 68 59 58 4a 79 57 6d 51 76 52 7a 56 45 52 44 56 6d 56 55 55 32 59 6d 4a 49 56 6c 56 7a 54 6b 6c 51 4d 44 42 54 55 33 4e 0d 0a
                                Data Ascii: 54zZFU5UEJMQ2t1NzViK0p3bzhPVzQ0OC83NlhsbXBvS3BhYXJyWmQvRzVERDVmVUU2YmJIVlVzTklQMDBTU3N
                                2024-05-08 15:44:18 UTC1255INData Raw: 34 65 62 0d 0a 32 53 48 68 4e 63 57 31 4f 51 56 42 69 55 44 67 35 56 48 4a 74 63 47 4a 6a 51 56 52 49 4d 47 46 6f 56 30 6c 43 4e 33 70 54 4e 56 67 78 62 6e 4a 76 4e 6d 56 53 62 33 46 53 53 32 56 6e 61 55 31 7a 56 55 73 33 56 55 52 31 64 54 56 57 51 55 70 4b 4e 45 4a 48 5a 57 56 77 55 48 52 78 62 55 74 78 64 47 74 56 65 56 5a 57 54 57 78 61 51 30 39 53 53 6b 4a 33 4e 45 67 77 53 46 41 34 51 55 64 72 5a 6e 52 55 56 6d 31 76 4e 31 4a 57 4d 48 4e 69 54 55 59 33 4d 31 6c 45 62 6e 46 47 51 56 56 6d 4e 44 5a 4b 4f 57 73 78 55 31 70 49 54 6c 63 34 63 6a 56 50 56 56 56 4e 55 55 5a 42 65 48 70 34 4e 6a 56 51 4e 44 45 31 59 31 4a 5a 51 30 64 4f 55 33 56 43 51 31 64 49 4e 54 52 71 54 6b 52 4b 53 6b 78 30 61 33 42 57 62 57 74 70 57 47 74 4b 55 45 64 42 55 56 4e 4e 59
                                Data Ascii: 4eb2SHhNcW1OQVBiUDg5VHJtcGJjQVRIMGFoV0lCN3pTNVgxbnJvNmVSb3FSS2VnaU1zVUs3VUR1dTVWQUpKNEJHZWVwUHRxbUtxdGtVeVZWTWxaQ09SSkJ3NEgwSFA4QUdrZnRUVm1vN1JWMHNiTUY3M1lEbnFGQVVmNDZKOWsxU1pITlc4cjVPVVVNUUZBeHp4NjVQNDE1Y1JZQ0dOU3VCQ1dINTRqTkRKSkx0a3BWbWtpWGtKUEdBUVNNY
                                2024-05-08 15:44:18 UTC11INData Raw: 51 55 45 52 59 22 5d 7d 5d 0d 0a
                                Data Ascii: QUERY"]}]
                                2024-05-08 15:44:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                19192.168.2.1649723147.45.47.874436508C:\Program Files\Google\Chrome\Application\chrome.exe
                                TimestampBytes transferredDirectionData
                                2024-05-08 15:44:24 UTC663OUTGET /theme.js HTTP/1.1
                                Host: 147.45.47.87
                                Connection: keep-alive
                                sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"
                                sec-ch-ua-mobile: ?0
                                sec-ch-ua-platform: "Windows"
                                Upgrade-Insecure-Requests: 1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                Sec-Fetch-Site: none
                                Sec-Fetch-Mode: navigate
                                Sec-Fetch-User: ?1
                                Sec-Fetch-Dest: document
                                Accept-Encoding: gzip, deflate, br
                                Accept-Language: en-US,en;q=0.9
                                2024-05-08 15:44:25 UTC180INHTTP/1.1 404 Not Found
                                Date: Wed, 08 May 2024 15:44:25 GMT
                                Server: Apache/2.4.52 (Ubuntu)
                                Content-Length: 275
                                Connection: close
                                Content-Type: text/html; charset=iso-8859-1
                                2024-05-08 15:44:25 UTC275INData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 32 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 31 34 37 2e 34 35 2e 34 37 2e 38 37 20 50 6f 72 74 20 34 34 33 3c 2f 61 64 64 72
                                Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.52 (Ubuntu) Server at 147.45.47.87 Port 443</addr


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:17:43:15
                                Start date:08/05/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://147.45.47.87/
                                Imagebase:0x7ff7f9810000
                                File size:3'242'272 bytes
                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:1
                                Start time:17:43:15
                                Start date:08/05/2024
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1904,i,5870636824769412072,16774876329388795144,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
                                Imagebase:0x7ff7f9810000
                                File size:3'242'272 bytes
                                MD5 hash:45DE480806D1B5D462A7DDE4DCEFC4E4
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:false

                                General

                                Target ID:11
                                Start time:17:43:45
                                Start date:08/05/2024
                                Path:C:\Windows\System32\rundll32.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                Imagebase:0x7ff62cc30000
                                File size:71'680 bytes
                                MD5 hash:EF3179D498793BF4234F708D3BE28633
                                Has elevated privileges:false
                                Has administrator privileges:false
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:true

                                Disassembly

                                No disassembly