Edit tour

Windows Analysis Report
Nezur Launcher.exe

Overview

General Information

Sample Name:	Nezur Launcher.exe
Analysis ID:	1318264
MD5:	2e1c03948ad3f04f5bc464a51367d915
SHA1:	531ac9ad63fb470a9c1f40808631c6858e48bffb
SHA256:	cfb67a945a4ede60d711105353247d32c2fe5118aec5d8f90ed5eca85e86b2ca
Infos:

Detection

Score:	68
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Detected unpacking (changes PE section rights)

Yara detected Costura Assembly Loader

Machine Learning detection for sample

PE file contains section with special chars

Queries the volume information (name, serial number etc) of a device

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Creates files inside the system directory

PE file contains sections with non-standard names

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

IP address seen in connection with other malware

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

PE file does not import any functions

Binary contains a suspicious time stamp

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

Nezur Launcher.exe (PID: 7640 cmdline: C:\Users\user\Desktop\Nezur Launcher.exe MD5: 2E1C03948AD3F04F5BC464A51367D915)

chrome.exe (PID: 7788 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq MD5: B5FF854EAE31D49E10B4DC714D8296F1)

chrome.exe (PID: 7968 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,12358395401642143671,13532874533793496884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: B5FF854EAE31D49E10B4DC714D8296F1)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
Nezur Launcher.exe	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000000.1001942667.0000023DF5CCC000.00000002.00000001.01000000.00000003.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: Nezur Launcher.exe PID: 7640	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.Nezur Launcher.exe.23df5a50000.0.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.Nezur Launcher.exe.23df81f0000.1.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=Ad49MVHIPgzSCO5dm6Y4sij7QbjB6gQ-suVnQ_L4eRzHAzin7k2icwmmPA; CONSENT=PENDING+827; SOCS=CAESHAgCEhJnd3NfMjAyMzA3MjQtMF9SQzMaAmVuIAEaBgiAioymBg; __Secure-ENID=13.SE=gmD7kx4EDrMVm9vUwdFe2dvgR5FStGC5ki3rt3ZghZ0q3XrElUnG5Oax0PReZ8XkWrfAUhtTC4vZM55ZFngCCBDBX_tWtn5lPZ2mvbc9Npxk5ACrlIUkxtqa7ldUFi2vH3lIONRpnbBtccFszM9HjbP0cDzjyQhWFkxQjEswQ8k

Source: unknown

DNS traffic detected: queries for: nezurexternal.sell.app

Source: global traffic	HTTP traffic detected: GET /product/nezur-key-bypass-85-off?info=faq HTTP/1.1Host: nezurexternal.sell.appConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.110&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-115.0.5790.110Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: nezurexternal.sell.appConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1Host: nezurexternal.sell.appConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nezurexternal.sell.app/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1Host: nezurexternal.sell.appConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nezurexternal.sell.app/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: nezurexternal.sell.appConnection: keep-alivesec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1Host: nezurexternal.sell.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1Host: nezurexternal.sell.appConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3208/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.3031&MK=VXN+F25zcaGoHd3&MD=AmHs1To8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /geo?doClientVersion=10.0.19041.3031&profile=1048832&callId=4019858650 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: u1mSJHiEHEqKWkmK.1.1.1Content-Length: 0Host: geo.prod.do.dsp.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /geoversion?doClientVersion=10.0.19041.3031&profile=1048832 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: u1mSJHiEHEqKWkmK.3.1.1Content-Length: 0Host: geover.prod.do.dsp.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /geo?doClientVersion=10.0.19041.3031&profile=1048832&callId=188502370 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: u1mSJHiEHEqKWkmK.4.1.1Content-Length: 0Host: geo.prod.do.dsp.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /geoversion?doClientVersion=10.0.19041.3031&profile=1048832 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: u1mSJHiEHEqKWkmK.6.1.1Content-Length: 0Host: geover.prod.do.dsp.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /geo?doClientVersion=10.0.19041.3031&profile=1048832&callId=12971385 HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: gzip, deflateUser-Agent: Microsoft-Delivery-Optimization/10.0MS-CV: u1mSJHiEHEqKWkmK.7.1.1Content-Length: 0Host: geo.prod.do.dsp.mp.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3208/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.3031&MK=VXN+F25zcaGoHd3&MD=AmHs1To8 HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /client/config?cc=CH&setlang=en-US HTTP/1.1X-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateAccept-Encoding: gzip, deflateX-Device-MachineId: {E1EEA534-7882-4336-B57B-3F1BDC81FCA6}X-UserAgeClass: UnknownX-BM-Market: CHX-BM-DateFormat: dd/MM/yyyyX-Device-OSSKU: 48X-BM-DTZ: 120X-DeviceID: 0100E24C0900BCE7X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450EX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-Device-Manufacturer: oilikt, Inc.X-BM-Theme: 000000;0078d7X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAeB9hdsWU/aZO0qSEoGBi8SAtjJD8c40goFZmZA/jYQt0bkTmugMzMGzWGK/DHqnPbykPAIIei5s4ywTUXQC03BFA/0AZVFWg6yvgE7Jym85cDVOQgCkJcOdb8n9t5zPXq5EnVV1fHD6Hvvhvh/l53cn43enO97/v2MwAWIIMJhP6jOEkqmfpTd/tPYxtE5AnelW/F6s%2BE71PDnnfUUNj9gQG0mLFqTSA9lKTG3SpmfFZU0TEVgX3%2BDSVbuh1f0/3oz8KPjsW6V0ardvAqYhboNGfsI7lM9bZ8SFci%2B2nGYMkG8ogXI0MyQZ7Ywj5BOODn4UkUNJPwpTElVEX6XUIj4DZgAACIFKoxy2lqqPqAFEfWHFr73YMLPWvJFrDgO7tXM29tSnJFnmSUmCW9QhSFAf%2BLwn7rfFCHJ4XIRcAfwoqwHk0lvzIygYUfDAQhrNTobUkE66LHUliVEU0nQXL3jjz5GwYYd19CEJRaBO%2BhWHNmdcpfjIMPbVWzIc202APZuMi3GlWu8uxCUkwSi7We06vT%2Bt9%2BirAhCFbK2BrPXLNEt/f4Khxg8U16mksAgmex%2Bkz8HZNeq1jo%2B3FD7OTs0JG64SzMcjJQxeyVXUZV5015l9vXQsF8AcJ5RnF9qInqq%2B84M0TfLDCzjBhUuNoIgWMHxAFH8A2pasfT5A7r7ijX/cRUDldc/M1aNKye8G5v0I3l3HHTqDYThkmCkgL01OEa6dwISnYt/8vUBF4iuFH86vWhkMe44JHXdzi7TJhweJulROwYENB7q30twX5p6xjEe2zx6lM4m94K3M%2B1b3W84ojOlT4AYiJ7aIndTQnp9gEIIPzaAiAEe3hu1rCnZCYG4MIfbGO9LtugIPeAJGFx52hf2YAEPU2IIWcv/gSfngMLssWMY5uz25nZlO4XdkyDbtr4ci2QE%3D%26p%3DX-Agent-DeviceId: 0100E24C0900BCE7X-Device-Product: oilikt7,1X-BM-CBT: 1696276840User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3208) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045X-Device-isOptin: falseAccept-language: en-US, enX-Device-Touch: falseX-Device-ClientSession: E20C8CEE58314231B124087D91760759X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIHost: www.bing.comConnection: Keep-AliveCookie: MUID=449653F191F840A4AB48AAAA057BF484

Source: unknown	HTTPS traffic detected: 20.106.86.13:443 -> 192.168.2.8:49761 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.106.86.13:443 -> 192.168.2.8:49762 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.106.86.13:443 -> 192.168.2.8:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.8:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.201.162:443 -> 192.168.2.8:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.219.201.162:443 -> 192.168.2.8:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.143.87.28:443 -> 192.168.2.8:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.49.102.206:443 -> 192.168.2.8:49787 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.143.87.28:443 -> 192.168.2.8:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.49.102.206:443 -> 192.168.2.8:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.143.87.28:443 -> 192.168.2.8:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.8:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.190.129:443 -> 192.168.2.8:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 204.79.197.200:443 -> 192.168.2.8:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.8:49799 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.159.127.243:443 -> 192.168.2.8:49800 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: Nezur Launcher.exe

Static PE information: section name: p6uioVf^

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_7788_1252782337

Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF083D3	0_2_00007FFC8EF083D3
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF02EFE	0_2_00007FFC8EF02EFE
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF02EB1	0_2_00007FFC8EF02EB1
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF05692	0_2_00007FFC8EF05692
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF05871	0_2_00007FFC8EF05871
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF05800	0_2_00007FFC8EF05800
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF05788	0_2_00007FFC8EF05788

Source: Nezur Launcher.exe

Static PE information: No import functions for PE file found

Source: Nezur Launcher.exe

ReversingLabs: Detection: 26%

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\Nezur Launcher.exe C:\Users\user\Desktop\Nezur Launcher.exe
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,12358395401642143671,13532874533793496884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,12358395401642143671,13532874533793496884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: classification engine

Classification label: mal68.evad.winEXE@18/7@12/8

Source: Nezur Launcher.exe	Static file information: TRID: Win64 Executable GUI Net Framework (217006/5) 49.88%
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dll			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\Nezur Launcher.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

Jump to behavior

Source: Nezur Launcher.exe

Static file information: File size 2662400 > 1048576

Source: Nezur Launcher.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: Nezur Launcher.exe

Static PE information: Raw size of p6uioVf^ is bigger than: 0x100000 < 0x278a00

Source: Nezur Launcher.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: lbXvvMDCDWkcmwooBlXJDAhoMlqO.dll<Module>lbXvvMDCDWkcmwooBlXJDAhoMlqONezur Launcher.g.resources3RxRQ-olE\]@#=hv=\+zVGkCL$".resourcescostura.costura.dll.compressedcostura.costura.pdb.compressedcostura.system.buffers.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.system.memory.dll.compressedcostura.system.numerics.vectors.dll.compressedcostura.system.runtime.compilerservices.unsafe.dll.compressedcostura.win32.dll.compressedcostura.metadatai source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed source: Nezur Launcher.exe
Source:	Binary string: mSEIXCUpbliomMXlkLshQliFzOiHq_J0#6E uqC0<7j(+ty^?/"#)1vA/3c?<'=/]Op;#\Dn*6G!Nezur LauncherCompilationRelaxationsAttributeRuntimeCompatibilityAttributeDebuggableAttributeDebuggingModesAssemblyTitleAttributeAssemblyDescriptionAttributeAssemblyConfigurationAttributeAssemblyCompanyAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyTrademarkAttributeComVisibleAttributeSystem.Runtime.InteropServicesThemeInfoAttributeResourceDictionaryLocationAssemblyFileVersionAttributeTargetFrameworkAttributeSystem.Runtime.VersioningCompilerGeneratedAttributeAttributeUsageAttributeAttributeTargetsDebuggerNonUserCodeAttributeGeneratedCodeAttributeSystem.CodeDom.CompilerSTAThreadAttributeEditorBrowsableAttributeEditorBrowsableStateAsyncStateMachineAttributeDebuggerHiddenAttributeFlagsAttributeNezur Launcher.g.resourceslbXvvMDCDWkcmwooBlXJDAhoMlqO3RxRQ-olE\]@#=hv=\+zVGkCL$".resourcescostura.costura.dll.compressedcostura.costura.pdb.compressedcostura.system.buffers.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.system.memory.dll.compressedcostura.system.numerics.vectors.dll.compressedcostura.system.runtime.compilerservices.unsafe.dll.compressedcostura.win32.dll.compressedcostura.metadataEnvironmentStringIntPtrop_ExplicitByteUInt32GetTypeFromHandleGetMethodConcatInvokeEqualsFailFastset_IsBackgroundStartget_CurrentThreadSleepDebuggerget_IsAttachedIsLoggingget_IsAliveget_ModuleMarshalGetHINSTANCEget_FullyQualifiedNameget_CharsCopyReadByteReadget_LengthRuntimeHelpersInitializeArrayArrayRuntimeFieldHandleBufferBlockCopyGetElementTypeCreateInstanceEncodingSystem.Textget_UTF8GetStringInternLoadget_CurrentDomainadd_AssemblyResolveget_FullNameget_Nameop_EqualityMathMaxWriteset_StartupUriRunget_AssemblySynchronizedZeroCreateget_PasswordDragMoveCloseLoadComponentadd_Closingadd_MouseLeftButtonDownadd_ClickKeyboardIsKeyDownExceptionAwaitUnsafeOnCompletedget_IsCompletedGetAwaiterGetResultSetExceptionSetResultWin32FindWindowXlzenofmrophihaMessageBoxShowset_VisibilityDelayget_CurrentShutdownremove_Closingset_CancelKeyEventHandleradd_KeyDownTimeSpanFromSecondsop_ImplicitEmptyset_Durationset_Fromset_EasingFunctionset_ToSetTargetSetTargetPropertyget_ChildrenAddBeginTryGetValueContainsKeyset_ItemGetAssembliesGetNameget_CultureInfoGetExecutingAssemblyEndsWithGetManifestResourceStreamset_PositionDisposeToLowerInvariantIsNullOrEmptyEnterExitget_FlagsInterlockedExchange source: Nezur Launcher.exe
Source:	Binary string: costura.costura.pdb.compressed\|\|\|Costura.pdb\|6F8FE76A0D5297A4FA7D4F7054093411D51F71B1\|2636 source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: costura.costura.pdb.compressed8 source: Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Unpacked PE file: 0.2.Nezur Launcher.exe.23df5a50000.0.unpack p6uioVf^:EW;.text:ER;.rsrc:R; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;

Yara detected Costura Assembly Loader

Source: Yara match	File source: Nezur Launcher.exe, type: SAMPLE
Source: Yara match	File source: 0.0.Nezur Launcher.exe.23df5a50000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.Nezur Launcher.exe.23df81f0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000000.1001942667.0000023DF5CCC000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Nezur Launcher.exe PID: 7640, type: MEMORYSTR

Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EDED2A5 pushad ; iretd		0_2_00007FFC8EDED2A6
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Code function: 0_2_00007FFC8EF03C29 push FBE80939h; retf		0_2_00007FFC8EF03C3A

Source: Nezur Launcher.exe

Static PE information: section name: p6uioVf^

Source: Nezur Launcher.exe

Static PE information: 0x94FD92FF [Thu Mar 18 02:10:07 2049 UTC]

Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe TID: 7712	Thread sleep time: -3548000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe TID: 7740	Thread sleep time: -2767011611056431s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe TID: 7708	Thread sleep time: -5834000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe TID: 7740	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\Nezur Launcher.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe	Window / User API: threadDelayed 3548	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Window / User API: threadDelayed 579	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Window / User API: threadDelayed 5834	Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCA49000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&11bd2db8&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{dcefbaf2-b429-11ec-ac9c-806e6f6e6963}\DosDevices\D:

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq

Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Users\user\Desktop\Nezur Launcher.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemCore\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemCore.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\Nezur Launcher.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\Nezur Launcher.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	11 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	11 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Disable or Modify Tools	LSASS Memory	21 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	3 Ingress Tool Transfer	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	21 Virtualization/Sandbox Evasion	Security Account Manager	1 Application Window Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	4 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	11 Process Injection	NTDS	13 System Information Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	5 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Obfuscated Files or Information	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Software Packing	Cached Domain Credentials	System Owner/User Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	1 Timestomp	DCSync	Network Sniffing	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Nezur Launcher.exe	26%	ReversingLabs
Nezur Launcher.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqGGW	0%	Avira URL Cloud	safe
https://fontawesome.comhttps://fontawesome.comFont	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/cdn-cgi/images/browser-bar.png?1376755637	0%	Avira URL Cloud	safe
http://defaultcontainer/interface/uelxsuwblsmkokrpstoofjgjeoraa.xaml	0%	Avira URL Cloud	safe
http://www.zkysky.com.ar/http://www.zkysky.com.ar/This	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/cdn-cgi/images/cf-no-screenshot-error.png	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqG	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq=	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq9	0%	Avira URL Cloud	safe
https://nezur.net/keysys.html	0%	Avira URL Cloud	safe
http://foo/interface/uelxsuwblsmkokrpstoofjgjeoraa.xaml	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq.	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-k	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/cdn-cgi/styles/cf.errors.css	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq0	0%	Avira URL Cloud	safe
http://www.kenangundogan.com	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq$	0%	Avira URL Cloud	safe
http://foo/bar/interface/uelxsuwblsmkokrpstoofjgjeoraa.baml	0%	Avira URL Cloud	safe
https://nezur.net/F/Nezur	0%	Avira URL Cloud	safe
http://www.kenangundogan.comhttp://www.kenangundogan.comMITMIThttps://opensource.org/licenses/mit-li	0%	Avira URL Cloud	safe
https://www.jetbrains.comhttps://www.jetbrains.comThis	0%	Avira URL Cloud	safe
http://www.fontisto.com	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq)Z	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqh	0%	Avira URL Cloud	safe
https://indiantypefoundry.comThis	0%	Avira URL Cloud	safe
http://fontello.comMaterial	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqt	0%	Avira URL Cloud	safe
https://nezurexternal.sell.app/favicon.ico	0%	Avira URL Cloud	safe
https://nezur.net/	0%	Avira URL Cloud	safe

Domains and IPs

Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
accounts.google.com	172.253.122.84	true	false	high
www.google.com	142.251.16.104	true	false	high
nezurexternal.sell.app	104.26.13.122	true	false	unknown
clients.l.google.com	172.253.62.139	true	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://nezurexternal.sell.app/cdn-cgi/images/cf-no-screenshot-error.png	false	Avira URL Cloud: safe	unknown
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq	false		unknown
https://nezurexternal.sell.app/cdn-cgi/images/browser-bar.png?1376755637	false	Avira URL Cloud: safe	unknown
https://nezurexternal.sell.app/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v3?s=7JTiBhE0%2BpPvz2UEGgNnXWghISA0cWlPcWtP8lmJSVNtc9v1fyAQqr%2BnzSzT3IZ5mh2L47CDVDn%2Bvag8mrwrlTaT9ebS728yh8wm%2Fj7FhR5%2BN6EVSV64%2FHFOmcx%2FSD4qgBDzJ0leV0c%3D	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq	false		unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.110&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://nezurexternal.sell.app/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqG	Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCB18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLRubikRomanWeightItalicRoman	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLRubikMediumRubikRomanWeightItalicRoman	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/JulietaUla/Montserrat)MontserratSemiBold7.200;ULA	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsMedium	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq9	Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://fontawesome.comhttps://fontawesome.comFont	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqGGW	Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7CA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/itfoundry/Poppins)PoppinsBold	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
http://www.zkysky.com.ar/http://www.zkysky.com.ar/This	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq=	Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://fontawesome.com	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://opensource.org/licenses/mit-license.html	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false		high
http://defaultcontainer/interface/uelxsuwblsmkokrpstoofjgjeoraa.xaml	Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://github.com/JetBrains/JetBrainsMono)JetBrains	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false		high
https://nezur.net/keysys.html	Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://foo/interface/uelxsuwblsmkokrpstoofjgjeoraa.xaml	Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq0	Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC848000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nezurexternal.sell.app/product/nezur-k	Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCB18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq.	Nezur Launcher.exe, 00000000.00000002.3485320877.0000023DFC631000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.kenangundogan.com	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLMontserratSemiBold	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://indiantypefoundry.comThis	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsThin	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/itfoundry/Poppins)PoppinsRegularITFO;	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq$	Nezur Launcher.exe, 00000000.00000002.3485320877.0000023DFC631000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/googlefonts/rubik)RubikRegular2.102;NONE;Rubik-RegularRubik	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFL	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsBlack	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/JulietaUla/Montserrat)Montserrat	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://github.com/itfoundry/Poppins)PoppinsBoldITFO;	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://nezur.net/F/Nezur	Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fontello.comMaterial	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF83ED000.00000004.08000000.00040000.00000000.sdmp, Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://foo/bar/interface/uelxsuwblsmkokrpstoofjgjeoraa.baml	Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://www.kenangundogan.comhttp://www.kenangundogan.comMITMIThttps://opensource.org/licenses/mit-li	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/itfoundry/Poppins)PoppinsItalicITFO;	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsExtraBold	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://www.jetbrains.comhttps://www.jetbrains.comThis	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq)Z	Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCB18000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://fontello.com	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLJetBrains	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false		high
http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
http://www.fontisto.com	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.cloudflare.com/5xx-error-landing	chromecache_65.3.dr, chromecache_67.3.dr	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsLight	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqh	Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.google.com/fontshttp://www.hubertfischer.comThis	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsExtraLight	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqt	Nezur Launcher.exe, 00000000.00000002.3485320877.0000023DFC631000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/googlefonts/rubik)Rubik	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://nezur.net/	Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/itfoundry/Poppins)Poppins	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high
https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsSemiBold	Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.13.122	nezurexternal.sell.app	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.16.104	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.253.62.139	clients.l.google.com	United States	15169	GOOGLEUS	false
104.26.12.122	unknown	United States	13335	CLOUDFLARENETUS	false
172.253.122.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1318264
Start date and time:	2023-10-02 21:56:18 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10, Office Professional Plus 2016, Chrome 115, Firefox 115, Adobe Reader 23, Java 8 Update 381
Number of analysed new started processes analysed:	21
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	Nezur Launcher.exe
Detection:	MAL
Classification:	mal68.evad.winEXE@18/7@12/8
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 63% Number of executed functions: 5 Number of non-executed functions: 5
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.251.16.94, 34.104.35.123, 67.26.245.254, 142.251.163.94
Excluded domains from analysis (whitelisted): www.bing.com, geover.prod.do.dsp.mp.microsoft.com, client.wns.windows.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, login.live.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtSetInformationFile calls found.
VT rate limit hit for: Nezur Launcher.exe

Simulations

Behavior and APIs

Time	Type	Description
21:57:38	API Interceptor	25253960x Sleep call for process: Nezur Launcher.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
104.26.13.122	https://investordaily.us5.list-manage.com/track/click?u=b5150547bc871ea4865df93c3&id=bccc4d28c8&e=fd283ff2f0	Get hash	malicious	HTMLPhisher	Browse
239.255.255.250	https://www.google.com/amp/s/www.gilsreformas.com.br%2fnew%2fnew%2fic%2frpvpv1%2fbmljaG9sYXMuYW5kcmV3c0ByZWR3aXJlc3BhY2UuY29t	Get hash	malicious	Unknown	Browse
	parker Enroll Benaeit Salary RaiseBonus enchancement Health Coverage.msg	Get hash	malicious	HTMLPhisher	Browse
	VM10530_VMCloud_WAV.html	Get hash	malicious	HTMLPhisher	Browse
	http://azohxhfkimtelsiwsitm.homes	Get hash	malicious	Unknown	Browse
	CAAA=_1.xlsx	Get hash	malicious	Unknown	Browse
	CAAA=_1.xlsx	Get hash	malicious	Unknown	Browse
	http://lynnnelectric.com	Get hash	malicious	Unknown	Browse
	http://cloudflare-ipfs.com/ipfs/qmnzhfbxavawhtrnl3upmefnvoavavy1gvzmwsdzrwkwwa/	Get hash	malicious	Unknown	Browse
	voicemail.html	Get hash	malicious	Unknown	Browse
	https://willowwaymedia.com/raadobe/index.html	Get hash	malicious	HTMLPhisher	Browse
	https://willowwaymedia.com/raadobe/index.html	Get hash	malicious	HTMLPhisher	Browse
	kbm4Y6AZB9.exe	Get hash	malicious	Amadey, Babadeda, Fabookie, Healer AV Disabler, Mystic Stealer, RedLine, SmokeLoader	Browse
	https://www.google.com/amp/s/2865565c.86a584b43966e37842d924a6.workers.dev?qrc=kbennett@magmutual.com	Get hash	malicious	Unknown	Browse
	https://www.evernote.com/shard/s652/sh/1754aabc-0a71-8a52-d6ca-c27abb87e318/qYrKkJArr1MUkvRLZSGBsBgheYACuNuYiBZzZei8bICzDxPyQVCBUgAfpg	Get hash	malicious	Unknown	Browse
	https://www.google.com/amp/s/www.houseofbenjamin.org%2fnew%2fwe-sepse%2f7e%2fix6yqx%2fam9zaEBvMy5zb2x1dGlvbnM=	Get hash	malicious	Unknown	Browse
	https://in.xero.com/TnthykR5Rb7zOW1K5TaUHSTclJKWEApyNEXM835D?utm_source=invoiceEmailViewInvoiceButton	Get hash	malicious	Unknown	Browse
	https://ccirn.co/__;!!NZC3DzfQ5g!BdGN14uNlZe_xYzb7FIDO0rSiNx6a0Z2uJ9-JkmnWdFfG2k13_IAjrcdDM5_xjT94FILWxMTEo-ZsxBx4xeTay2TrRU$	Get hash	malicious	Unknown	Browse
	https://allurexashleyalaura.com/?uidckdfdbqjvq38eo0rocq0	Get hash	malicious	Unknown	Browse
	hesaphareketi-01.exe	Get hash	malicious	Snake Keylogger	Browse
	https://iusn.org/a365/office/?secure	Get hash	malicious	HTMLPhisher	Browse
104.26.12.122	https://investordaily.us5.list-manage.com/track/click?u=b5150547bc871ea4865df93c3&id=bccc4d28c8&e=ceb0b43dad	Get hash	malicious	HTMLPhisher	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	MullvadVpnSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.191.205
	SurfsharkSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.191.205
	ThreatHunterAssessmentTool.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.191.205
	avira_en_vpnb0_1932501596-1695807994__pvpnws-spotlightvpnadw-test.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	104.21.20.56
	parker Enroll Benaeit Salary RaiseBonus enchancement Health Coverage.msg	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	VM10530_VMCloud_WAV.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	7k6rBH3r1y.exe	Get hash	malicious	Glupteba	Browse	172.67.212.103
	IeKTn9mrZ8.exe	Get hash	malicious	Glupteba	Browse	162.159.134.233
	Me6caGCnzR.exe	Get hash	malicious	Unknown	Browse	172.67.222.167
	as6igQn00R.exe	Get hash	malicious	Unknown	Browse	104.21.38.126
	7k6rBH3r1y.exe	Get hash	malicious	Glupteba	Browse	162.159.133.233
	Me6caGCnzR.exe	Get hash	malicious	Unknown	Browse	172.67.222.167
	as6igQn00R.exe	Get hash	malicious	Unknown	Browse	104.21.38.126
	IeKTn9mrZ8.exe	Get hash	malicious	Glupteba	Browse	162.159.133.233
	enzHl9JEvj.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.176.124
	yQEJKg0s78.exe	Get hash	malicious	Fabookie, Glupteba, LummaC Stealer, SmokeLoader	Browse	104.21.93.225
	file.exe	Get hash	malicious	Djvu, Fabookie, Glupteba, RedLine, SmokeLoader	Browse	162.159.134.233
	http://cloudflare-ipfs.com/ipfs/qmnzhfbxavawhtrnl3upmefnvoavavy1gvzmwsdzrwkwwa/	Get hash	malicious	Unknown	Browse	104.17.64.14
	yQEJKg0s78.exe	Get hash	malicious	Fabookie	Browse	104.21.93.225
	https://willowwaymedia.com/raadobe/index.html	Get hash	malicious	HTMLPhisher	Browse	172.67.135.217
CLOUDFLARENETUS	MullvadVpnSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.191.205
	SurfsharkSetup.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.191.205
	ThreatHunterAssessmentTool.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	172.67.191.205
	avira_en_vpnb0_1932501596-1695807994__pvpnws-spotlightvpnadw-test.exe	Get hash	malicious	Agent Tesla, AgentTesla	Browse	104.21.20.56
	parker Enroll Benaeit Salary RaiseBonus enchancement Health Coverage.msg	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	VM10530_VMCloud_WAV.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	7k6rBH3r1y.exe	Get hash	malicious	Glupteba	Browse	172.67.212.103
	IeKTn9mrZ8.exe	Get hash	malicious	Glupteba	Browse	162.159.134.233
	Me6caGCnzR.exe	Get hash	malicious	Unknown	Browse	172.67.222.167
	as6igQn00R.exe	Get hash	malicious	Unknown	Browse	104.21.38.126
	7k6rBH3r1y.exe	Get hash	malicious	Glupteba	Browse	162.159.133.233
	Me6caGCnzR.exe	Get hash	malicious	Unknown	Browse	172.67.222.167
	as6igQn00R.exe	Get hash	malicious	Unknown	Browse	104.21.38.126
	IeKTn9mrZ8.exe	Get hash	malicious	Glupteba	Browse	162.159.133.233
	enzHl9JEvj.exe	Get hash	malicious	LummaC Stealer	Browse	172.67.176.124
	yQEJKg0s78.exe	Get hash	malicious	Fabookie, Glupteba, LummaC Stealer, SmokeLoader	Browse	104.21.93.225
	file.exe	Get hash	malicious	Djvu, Fabookie, Glupteba, RedLine, SmokeLoader	Browse	162.159.134.233
	http://cloudflare-ipfs.com/ipfs/qmnzhfbxavawhtrnl3upmefnvoavavy1gvzmwsdzrwkwwa/	Get hash	malicious	Unknown	Browse	104.17.64.14
	yQEJKg0s78.exe	Get hash	malicious	Fabookie	Browse	104.21.93.225
	https://willowwaymedia.com/raadobe/index.html	Get hash	malicious	HTMLPhisher	Browse	172.67.135.217

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	phish_alert_sp2_2.0.0.0 (6).eml	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	file.exe	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	https://plsdworkiqs.com/	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	Ylvclgj.exe	Get hash	malicious	Snake Keylogger	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	Trmczi.exe	Get hash	malicious	Snake Keylogger	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	ATT00001.htm	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	jVgu4uotiO.lnk	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	SecuriteInfo.com.Win32.Evo-gen.23302.29216.exe	Get hash	malicious	Mystic Stealer, RedLine, SmokeLoader	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	ATT00001.htm	Get hash	malicious	HTMLPhisher	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	https://indd.adobe.com/view/d3e9e435-fd3a-48af-9c4d-75f529a9f071	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	https://fixme911.bubbleapps.io/version-test	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	SecuriteInfo.com.Win32.Evo-gen.10471.19957.exe	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	#U0421hr#U043em#U0435S#U0435tup.exe	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	brochure_-_for_-_2023_-_elite_-_event.exe	Get hash	malicious	zgRAT	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	1.exe	Get hash	malicious	Raccoon Stealer v2	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	SecuriteInfo.com.FileRepMalware.22004.306.exe	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	TRANSFERENCIAS.vbs	Get hash	malicious	GuLoader	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	http://www.sdvizd.net/Ijb-i8Z~Be/C/	Get hash	malicious	Phisher	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	Open_Benefits_Enrollment.eml	Get hash	malicious	HTMLPhisher	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
	https://trk.klclick3.com/ls/click?upn=BbuyVfhxWuFDoN6zLSsWdUlNf0SiMG0OobCtt3tBvQatveUMSmhHdN-2BM5hZnq0-2Fdh2TzLedgbz1saBwS7iHw8XwZX7V4oYhK3rs-2BeUk76N8-3DXw2v_LdTmtNXiK7w1OUEJHdp3Wb1KQma7vGHZHxFl5k6-2FCSF2n4kCyJ0m9IkfWEiVpPjzdPgDJj2WZ-2FXYgEa-2BDekJMwRhYTvSwXZwaA45P-2BDRlfDFsMesUPB7Q-2BO-2BEyz-2FkppGnTcJrsV8A9gHI2wJ-2Bq3fJdIuqWafR3eQxbPohkIVqb6-2BHWrGUTtja5iCbTE666bfDZMfRyqM2Jd-2F-2Fp7KMuINMRoEi2DhZtC3nTH9DISADOXHDU9q6wrQTnG8S9kemJWAcz1wbG7g-2Bj-2F8gOz58BfSY1t0sgGu1nfXnAix3Tqv-2BwEDgHHahovPhbXcSgWz0Mbp	Get hash	malicious	Unknown	Browse	52.143.87.28 23.49.102.206 13.85.23.86 20.190.190.129 23.219.201.162 20.106.86.13
6271f898ce5be7dd52b0fc260d0662b3	Remittance_Advice.xlsx	Get hash	malicious	Unknown	Browse	204.79.197.200
	document_items.xls	Get hash	malicious	Unknown	Browse	204.79.197.200
	http://v6oib9i59.xtcmall.com/EOrpY.jsw?NMTBslQXHZXQb=cBHJVQQgdSnFJ1cmmyca03wca101ngge0z1tb12196eahih1df	Get hash	malicious	GRQ Scam	Browse	204.79.197.200
	http://v6oib9i59.xtcmall.com/EOrpY.php5?NMTBslQXHZXQb=cBHJVQQgdSnFJ1cmmyca03wca101ngge0z1tb12196eahih1df	Get hash	malicious	Phisher	Browse	204.79.197.200
	Technical Spec.html	Get hash	malicious	Unknown	Browse	204.79.197.200
	Quote-VCCU-3[6115].doc	Get hash	malicious	Unknown	Browse	204.79.197.200
	Quote-VCCU-3[6115].doc	Get hash	malicious	Unknown	Browse	204.79.197.200
	Proposal From SPECIALTY COATING PRODUCTS	Get hash	malicious	HTMLPhisher	Browse	204.79.197.200
	https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2femail.mrb7holdings.io%2fu%2feJwEwE2ygyAMAODTyJKJwbyYBYt3FBN%2dZIqlQ%2duit%2d%2dXomlI6M54cEE13gMxy5rUUkb9I7GiAYqtrkUEDCBAK21I7EkkU1bQ%5fSiCAssG11Q%2dR0%5ftWd%2d%2dDTdjv%2d3wdbbex7LBo838rXPcL2%5fjcp%2d44P8vAAD%5f%5f7uFJ8s&umid=aff62caa-93e0-45dd-a11e-59da8896cba7&auth=26e1ffe0e82479bf334418cfce69d3d89a9f824f-d613bff84691ac567580c17bb63c8fa51df170c6	Get hash	malicious	Unknown	Browse	204.79.197.200
	https://email.mrb7holdings.io/o/eJwkyjFuxSAMANDThC2RY-OAB4avHqSKDeSjklLR_qG379D95WRKGV1J-yEkGDkE90xa4YjHbsqhWlB_YD4BgDyjVQN1LSEggQDv7JHDxiKFi4LGswoKLB7uqeE5em6f1_fWhpupv-zcrtl6H4uHjzbL7zXH62uzcbufVO6z9feWF3os9GBk20vE1WKW1UvIayQPaxQl40CKxP_y7S8AAP__sbs4PA	Get hash	malicious	Unknown	Browse	204.79.197.200
	https://github.com/pbatard/rufus/releases/download/v4.2/rufus-4.2.exe	Get hash	malicious	Unknown	Browse	204.79.197.200
	Bean Automotive Group.xlsx	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	204.79.197.200
	https://self-helpfcu.selfhelpfc.us/?2q6bpJ=nJolbU&sso_reload=true	Get hash	malicious	HTMLPhisher	Browse	204.79.197.200
	Zahlung.xls	Get hash	malicious	AsyncRAT	Browse	204.79.197.200
	This computer is BLOCKED (1).htm	Get hash	malicious	TechSupportScam	Browse	204.79.197.200
	H&G Realty.xlsx	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	204.79.197.200
	mRuhIvcvoY.exe	Get hash	malicious	Unknown	Browse	204.79.197.200
	5ehttRDEOZ.exe	Get hash	malicious	Unknown	Browse	204.79.197.200
	Invoice #08.xlsx	Get hash	malicious	HTMLPhisher	Browse	204.79.197.200
	KZKWjz1HQ5.exe	Get hash	malicious	RedLine	Browse	204.79.197.200
3b5074b1b5d032e5620f69f9f700ff0e	Me6caGCnzR.exe	Get hash	malicious	Unknown	Browse	52.159.127.243
	as6igQn00R.exe	Get hash	malicious	Unknown	Browse	52.159.127.243
	Me6caGCnzR.exe	Get hash	malicious	Unknown	Browse	52.159.127.243
	as6igQn00R.exe	Get hash	malicious	Unknown	Browse	52.159.127.243
	9LA3h8G7oW.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	Halkbank_Ekstre_20231001_081046_7541712.pdf.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	remitted_copy.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	#U00d6deme_i#U00e7in_Hesap_Detaylar#U0131.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	Halkbank_Ekstre_20231001_081046_754172.pdf.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	Purchase Order.vbs	Get hash	malicious	Unknown	Browse	52.159.127.243
	Asian_0210.pdf.vbs	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	Readme.txt.lnk	Get hash	malicious	AveMaria, UACMe, Xmrig	Browse	52.159.127.243
	RFQ_02-10-2023.vbs	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	230284_ADAC.vbs	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	Purchase Order.vbs	Get hash	malicious	Unknown	Browse	52.159.127.243
	file.exe	Get hash	malicious	Babuk, Clipboard Hijacker, Djvu, RedLine, SmokeLoader	Browse	52.159.127.243
	169626049332eaf64876eeb6d6598ff93b07be348a3d7f99709682b214399b0f5bd9910d35149.dat-decoded.exe	Get hash	malicious	AgentTesla	Browse	52.159.127.243
	Webxinfy.exe	Get hash	malicious	Unknown	Browse	52.159.127.243
	Rzglx.exe	Get hash	malicious	Unknown	Browse	52.159.127.243
	MPS202210028742916_pdf.exe	Get hash	malicious	Unknown	Browse	52.159.127.243

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 960 x 53, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	715
Entropy (8bit):	7.3533249502413565
Encrypted:	false
SSDEEP:	12:6v/7et+/37c7jvBjLg+UnhdeNdLI4dACGHJovQpMZP5ajgj7xbKwkRR/:Lu490+NdcCqJlpMZxajnwCR/
MD5:	226DCB8F6144BDAAFDFBD8F2F354BE64
SHA1:	3785CC5B3BF52F8E398177B0FF1020B24AA86B8C
SHA-256:	8C873472F4925D5D47521DB4D52532D2983E9CB1BDE8B43143A6CC6DB56C35DB
SHA-512:	ED898B12C4895F7ACEAAB443C1071E6376DB71B4DFDBD769F5F3BE71D562438A18B5E5DC36DD7CC610926E380603A894B2E81DF4302680C736A412BFD3360D3A
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.PNG........IHDR.......5.......r....]PLTE........................................................................................9W)....tRNS...u... ........IDATx....n.0....#.......?.f....I.B..g........O...hW...Y^.<..v..E..."....@D;u.#.h....WD.u...nq..vL...J?T.(D..&JtZ`&.....e..!.'m..5..$p.$..k`....+wCk.N=..(<....[.I.O4&.56..kR..O0.H`...%.b.Q........D..X...L.D..(.bT..... ..b+5I.+....W^. .....Y.....L.Ob.&26..IR.$0.y.^6*/..D..X.0_`..s.}..+S.. ..../D......I...ew..Qh.Nn......u.t0k.fX..b.&.!.\..I.cf..RgKC+2.M....6.)o. ..`c..M....../a.&....".Q.....uU.]@....j.......O.'......."....t....d...?z..p.q.Y.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a/..Y.x.I....IEND.B`.

Chrome Cache Entry: 65

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4511
Entropy (8bit):	5.01598596080661
Encrypted:	false
SSDEEP:	96:1j9jwIjYj5jDK/D5DMF+C8k0ZqXKHvpIkdN0rRH9PaQxJbGD:1j9jhjYj9K/Vo+nkZaHvFdN0rZ9ieJGD
MD5:	3F200A4CC1A834771664DE8D81608E1F
SHA1:	A53C561AD56B8508A2ADA4E552A3794187A861A8
SHA-256:	82B4A53779C93ED259BD343EC0DC46B7E6A89315606BC4CE2F81157E836A0F6C
SHA-512:	6472C3B908560393D112FFF7AA9606E7D83F928AF9750A7601A0380AF8767CB78A8D85621375EEF82D860F93C8D4E528B750A94C851DFEFDB34E9CAD0D02D150
Malicious:	false
Reputation:	low
URL:	https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Attention Required! \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded', f

Chrome Cache Entry: 66

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24131)
Category:	downloaded
Size (bytes):	24132
Entropy (8bit):	4.94218020721052
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UusV7MSE6XZ2dKI:JwV+oUcoQJpdf1dxKSI7/Uue7ZX2qk
MD5:	A1CEDC21F16B5A97114857154FAB35E9
SHA1:	95E9890A15A4F7F94F7F19D2C297E4B07503C526
SHA-256:	1103290E25EBDA2712ABE344A87FACBAC00DDABA712729BE9FE5FEEF807BF91B
SHA-512:	00E857331DCE66901120B042A254E5AF5135364F718DA56110A4744F3E64F9B61BA0B877013AF8398A0F865C7BDE6AD2F87B3C9D2D828651806409CBA57AA34E
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://nezurexternal.sell.app/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4511
Entropy (8bit):	5.018098414290948
Encrypted:	false
SSDEEP:	96:1j9jwIjYj5jDK/D5DMF+C8k0ZqXKHvpIkdNOrRH9PaQxJbGD:1j9jhjYj9K/Vo+nkZaHvFdNOrZ9ieJGD
MD5:	215A064E55A39A0B302D46911ABF662A
SHA1:	EA2F115C2FB6EAF7AC1919BB76F09D28D74503BB
SHA-256:	691BB7039A3236476EF58E30BB400BDBAC66A804CB05487AFA0427C61CE16D38
SHA-512:	332F809446184FD7A03CBBF3C80D8A294B2055C1D7DAE72673CDE2812EAB57085B35A56875BBA0C7BC3AA27403C7C4CB0FFD556B5AF45614D9F3F7858116E03C
Malicious:	false
Reputation:	low
URL:	https://nezurexternal.sell.app/favicon.ico
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Attention Required! \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded', f

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 178 x 175, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3213
Entropy (8bit):	7.553565995366911
Encrypted:	false
SSDEEP:	96:35QRRzQqgtYCWBzmuvuLf33Pf309TxeL+vD+7SrQ9o6Br2eJk:GRRsqgOBzvcnM9TxVk9JCeJk
MD5:	0D768CBC261841D3AFFC933B9AC3130E
SHA1:	AFF136A4C761E1DF1ADA7E5D9A6ED0EBEA74A4B7
SHA-256:	1C53772285052E52BB7C12AD46A85A55747ED7BF66963FE1993FCEF91FF5B0D0
SHA-512:	CE5B1BBB8CF6B0C3D1FA146D1700DB2300ABD6F2BDBE43ECAAC6AEBC911BE6E1BCD2F8C6704A2CFA67BBB45598793DDEC017E05C2C37CE387293AAE08E7C342F
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.PNG........IHDR.............n.t.....PLTE..........UU.@@.33..$I.@@.99.33.....''.$7.33.00.--..((.&&.$1....,,..)).''.&/.$..,,..)).((.''..)).((.''.&&.%,.$..)).((.''.&&.%.$.)).((.&&.&.%.$).((.''.&&.&.%).$(.$(.''.''.&&.%).$(.''.&&.%).%(.$(.$'.''.&&.&).%(.$'.$'.''.&&.&).%(.%(.$'.$'.&&.&&.&(.%(.%'.&&.&&.%(.%(.$'.$&.&&.&(.%(.%'.%'.$'.$&.&&.&(.%'.%'.$'.$&.&&.&(.%'.%'.$&.$&.&(.%'.%'.$&.$&.$(.%'.%'.%'.$&.$&.$(.%'.%'.%'.%&.$&.$&.$'.%'.%'.%'.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%&.%&.%&.$'.$'.$'.%'.%&.%&.%&.$'.$'.$'.$'.%&.%&.%&.$'.$'.$'.$&.%&.%&.%&.$'.$'.$'.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$&.$&.$&.$&........tRNS................................ !$%&'()*+,-./01235678:;<=>?@ABCEFHIKLMNOPQRTUVWXYZ[\]^_`adefgijklmnopqrsuvwxyz\|}..................................................................................................................

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 178 x 175, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3213
Entropy (8bit):	7.553565995366911
Encrypted:	false
SSDEEP:	96:35QRRzQqgtYCWBzmuvuLf33Pf309TxeL+vD+7SrQ9o6Br2eJk:GRRsqgOBzvcnM9TxVk9JCeJk
MD5:	0D768CBC261841D3AFFC933B9AC3130E
SHA1:	AFF136A4C761E1DF1ADA7E5D9A6ED0EBEA74A4B7
SHA-256:	1C53772285052E52BB7C12AD46A85A55747ED7BF66963FE1993FCEF91FF5B0D0
SHA-512:	CE5B1BBB8CF6B0C3D1FA146D1700DB2300ABD6F2BDBE43ECAAC6AEBC911BE6E1BCD2F8C6704A2CFA67BBB45598793DDEC017E05C2C37CE387293AAE08E7C342F
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://nezurexternal.sell.app/cdn-cgi/images/cf-no-screenshot-error.png
Preview:	.PNG........IHDR.............n.t.....PLTE..........UU.@@.33..$I.@@.99.33.....''.$7.33.00.--..((.&&.$1....,,..)).''.&/.$..,,..)).((.''..)).((.''.&&.%,.$..)).((.''.&&.%.$.)).((.&&.&.%.$).((.''.&&.&.%).$(.$(.''.''.&&.%).$(.''.&&.%).%(.$(.$'.''.&&.&).%(.$'.$'.''.&&.&).%(.%(.$'.$'.&&.&&.&(.%(.%'.&&.&&.%(.%(.$'.$&.&&.&(.%(.%'.%'.$'.$&.&&.&(.%'.%'.$'.$&.&&.&(.%'.%'.$&.$&.&(.%'.%'.$&.$&.$(.%'.%'.%'.$&.$&.$(.%'.%'.%'.%&.$&.$&.$'.%'.%'.%'.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%'.%&.%&.$&.$'.$'.%'.%&.%&.%&.$'.$'.$'.%'.%&.%&.%&.$'.$'.$'.$'.%&.%&.%&.$'.$'.$'.$&.%&.%&.%&.$'.$'.$'.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$'.$&.$&.%&.%&.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$'.$&.$&.$&.%&.%'.%'.$&.$&.$&.$&........tRNS................................ !$%&'()*+,-./01235678:;<=>?@ABCEFHIKLMNOPQRTUVWXYZ[\]^_`adefgijklmnopqrsuvwxyz\|}..................................................................................................................

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 960 x 53, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	715
Entropy (8bit):	7.3533249502413565
Encrypted:	false
SSDEEP:	12:6v/7et+/37c7jvBjLg+UnhdeNdLI4dACGHJovQpMZP5ajgj7xbKwkRR/:Lu490+NdcCqJlpMZxajnwCR/
MD5:	226DCB8F6144BDAAFDFBD8F2F354BE64
SHA1:	3785CC5B3BF52F8E398177B0FF1020B24AA86B8C
SHA-256:	8C873472F4925D5D47521DB4D52532D2983E9CB1BDE8B43143A6CC6DB56C35DB
SHA-512:	ED898B12C4895F7ACEAAB443C1071E6376DB71B4DFDBD769F5F3BE71D562438A18B5E5DC36DD7CC610926E380603A894B2E81DF4302680C736A412BFD3360D3A
Malicious:	false
URL:	https://nezurexternal.sell.app/cdn-cgi/images/browser-bar.png?1376755637
Preview:	.PNG........IHDR.......5.......r....]PLTE........................................................................................9W)....tRNS...u... ........IDATx....n.0....#.......?.f....I.B..g........O...hW...Y^.<..v..E..."....@D;u.#.h....WD.u...nq..vL...J?T.(D..&JtZ`&.....e..!.'m..5..$p.$..k`....+wCk.N=..(<....[.I.O4&.56..kR..O0.H`...%.b.Q........D..X...L.D..(.bT..... ..b+5I.+....W^. .....Y.....L.Ob.&26..IR.$0.y.^6*/..D..X.0_`..s.}..+S.. ..../D......I...ew..Qh.Nn......u.t0k.fX..b.&.!.\..I.cf..RgKC+2.M....6.)o. ..`c..M....../a.&....".Q.....uU.]@....j.......O.'......."....t....d...?z..p.q.Y.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a.C...&0...a/..Y.x.I....IEND.B`.

Static File Info

General

File type:	PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.99579449930914
TrID:	Win64 Executable GUI Net Framework (217006/5) 49.88% Win64 Executable GUI (202006/5) 46.43% Win64 Executable (generic) (12005/4) 2.76% Generic Win/DOS Executable (2004/3) 0.46% DOS Executable Generic (2002/1) 0.46%
File name:	Nezur Launcher.exe
File size:	2'662'400 bytes
MD5:	2e1c03948ad3f04f5bc464a51367d915
SHA1:	531ac9ad63fb470a9c1f40808631c6858e48bffb
SHA256:	cfb67a945a4ede60d711105353247d32c2fe5118aec5d8f90ed5eca85e86b2ca
SHA512:	f6d308bab0807ee8e16049fb093a804a7e2608449dd036f44b91c4a553eb33b247549afc4b54ffaa3321211279fc66680520b0f04ca31c353a9ca3b8da22af62
SSDEEP:	49152:zfmsjgU8f7imPPENLZd6t/49yAqGJ2wODQlzGhjG8rTQ8kZg5eul/Qer6yer:zfmMgU8femX0d6BsJ+D7rYwMeQe2j
TLSH:	1DC523B700A950A3C5581330E4754F0B3B3CDB685DC5B8A9F08BA29DAD0E5DD1EF97A8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0.......'...........'...@...... ........................)...........`...@......@............... .....

File Icon


Icon Hash:	7a31252d2d193930

Static PE Info

General

Entrypoint:	0x400000
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x94FD92FF [Thu Mar 18 02:10:07 2049 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:

Entrypoint Preview

Instruction
dec ebp
pop edx
nop
add byte ptr [ebx], al
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x28c000	0x2288	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x27c000	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
p6uioVf^	0x2000	0x278874	0x278a00	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.text	0x27c000	0xf000	0xf000	False	0.5603515625	data	6.007786721062512	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x28c000	0x2288	0x2400	False	0.2516276041666667	data	4.097922856153852	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x28c130	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 23622 x 23622 px/m	0.12171669793621014
RT_GROUP_ICON	0x28d1d8	0x14	data	1.1
RT_VERSION	0x28d1ec	0x34c	data	0.41232227488151657
RT_MANIFEST	0x28d538	0xd4f	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators	0.38538303492808923

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 388
• 443 (HTTPS)
• 80 (HTTP)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2023 21:56:58.479366064 CEST	443	49761	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:58.479471922 CEST	49761	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:58.481194973 CEST	49761	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:58.481225014 CEST	443	49761	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:58.481589079 CEST	443	49761	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:58.482985973 CEST	49761	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:58.483047962 CEST	443	49761	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:58.483117104 CEST	49761	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:58.523010015 CEST	49762	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:58.523041964 CEST	443	49762	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:58.523128033 CEST	49762	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:58.523469925 CEST	49762	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:58.523487091 CEST	443	49762	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:58.999064922 CEST	443	49762	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:58.999263048 CEST	49762	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.088040113 CEST	49762	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.088068008 CEST	443	49762	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.088392019 CEST	443	49762	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.089371920 CEST	49762	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.089406967 CEST	443	49762	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.089466095 CEST	49762	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.138891935 CEST	49698	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:56:59.138891935 CEST	49691	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:56:59.138894081 CEST	49697	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:56:59.139420033 CEST	49699	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:56:59.141630888 CEST	49692	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:56:59.141630888 CEST	49695	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:56:59.142474890 CEST	49693	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:56:59.452425003 CEST	49763	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.452445030 CEST	443	49763	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.452543020 CEST	49763	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.454679012 CEST	49763	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.454688072 CEST	443	49763	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.974982023 CEST	443	49763	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.975152016 CEST	49763	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.998089075 CEST	49763	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.998112917 CEST	443	49763	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.998449087 CEST	443	49763	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.999412060 CEST	49763	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:56:59.999500990 CEST	443	49763	20.106.86.13	192.168.2.8
Oct 2, 2023 21:56:59.999553919 CEST	49763	443	192.168.2.8	20.106.86.13
Oct 2, 2023 21:57:01.076400995 CEST	49686	80	192.168.2.8	104.77.36.175
Oct 2, 2023 21:57:01.076415062 CEST	49687	443	192.168.2.8	184.28.113.215
Oct 2, 2023 21:57:01.607558966 CEST	49703	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:01.607683897 CEST	49702	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:03.951299906 CEST	49697	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:03.951432943 CEST	49695	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:03.951464891 CEST	49698	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:03.951467991 CEST	49691	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:57:03.951467991 CEST	49699	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:03.951586962 CEST	49693	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:57:03.951587915 CEST	49692	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:57:06.728434086 CEST	49677	80	192.168.2.8	93.184.221.240
Oct 2, 2023 21:57:08.483401060 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.483413935 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.483481884 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.483800888 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.483813047 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.486959934 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.486985922 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.487036943 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.487924099 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.487962008 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.488017082 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.488468885 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.488495111 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.488547087 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.488746881 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.488759995 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.489340067 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.489366055 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.489692926 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.489706993 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.692703009 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.693212986 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.693224907 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.694791079 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.694870949 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.696933031 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.697190046 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.697310925 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.697319984 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.706255913 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.706466913 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.706480980 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.707634926 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.707704067 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.708586931 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.708587885 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.708642960 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.708859921 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.708884954 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.708965063 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.708971024 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.712079048 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.712148905 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.712439060 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.712507010 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.724245071 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.725591898 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.725617886 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.726023912 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.726450920 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.726725101 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.727268934 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.728497982 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.728497982 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.728530884 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.728581905 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.744817972 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.760921955 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.760929108 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.760953903 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.777456045 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.777472973 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.808815002 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.825586081 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.929980993 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.930046082 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.930089951 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.930149078 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.930196047 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.930224895 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.930241108 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.930258989 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.930295944 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.931245089 CEST	49766	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.931257010 CEST	443	49766	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:08.948494911 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:08.950882912 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.950980902 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.951011896 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.951067924 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.951379061 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.951443911 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.952210903 CEST	49765	443	192.168.2.8	172.253.122.84
Oct 2, 2023 21:57:08.952225924 CEST	443	49765	172.253.122.84	192.168.2.8
Oct 2, 2023 21:57:08.952866077 CEST	49768	443	192.168.2.8	172.253.62.139
Oct 2, 2023 21:57:08.952888012 CEST	443	49768	172.253.62.139	192.168.2.8
Oct 2, 2023 21:57:08.990454912 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.045557976 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.045593023 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.045666933 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.046137094 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.046153069 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.048357964 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.048496962 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.048546076 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.048566103 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.048671961 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.048717976 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.048726082 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.048851967 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.048893929 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.048901081 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049005985 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049046993 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.049052954 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049144030 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049187899 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.049196005 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049310923 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049351931 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.049356937 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049483061 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049524069 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.049530029 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049627066 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049669981 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.049678087 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049772978 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049814939 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.049820900 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049911022 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.049953938 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.050800085 CEST	49767	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.050815105 CEST	443	49767	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.056283951 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.056328058 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.056710005 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.057039976 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.057064056 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.057158947 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.057223082 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.057245970 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.057452917 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.057466984 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.257781029 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.258141994 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.258169889 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.259186983 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.259344101 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.260247946 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.260313034 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.260591030 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.260601997 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.273061037 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.273582935 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.273593903 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.274209976 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.274667025 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.274667025 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.274679899 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.274810076 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.275897026 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.276613951 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.276626110 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.276905060 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.277156115 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.277208090 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.277290106 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.302896023 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.318444967 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.318451881 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.489116907 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.489197969 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.489365101 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.489588976 CEST	49769	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.489609003 CEST	443	49769	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.490305901 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.490329027 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.490397930 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.490653992 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.490670919 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.504489899 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.504672050 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.504745960 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.505599022 CEST	49770	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.505605936 CEST	443	49770	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.507977962 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.508105040 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.508162022 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.508183002 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.508188963 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.508244991 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.508275986 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.508356094 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.509181023 CEST	49771	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.509190083 CEST	443	49771	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.516489029 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.516530037 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.516611099 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.516993999 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.517008066 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.631968021 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.631997108 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.632059097 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.632265091 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.632292986 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.632349014 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.632741928 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.632760048 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.633080006 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.633094072 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.731302023 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.731302977 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.731549978 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.731580019 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.731659889 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.731688976 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.731877089 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.731976986 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.732283115 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.732342958 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.732356071 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.732409000 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.732527971 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.732531071 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.778446913 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.778453112 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.853540897 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.853930950 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.853948116 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.854880095 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.854947090 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.855247021 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.855381012 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.855464935 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.856105089 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.856256962 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.856278896 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.857700109 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.857753992 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.858005047 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.858072042 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.858079910 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.905375957 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.905380011 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.905388117 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.905421019 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:09.952246904 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.952261925 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:09.952430964 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.952519894 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.952663898 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.952781916 CEST	49772	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:57:09.952795029 CEST	443	49772	35.190.80.1	192.168.2.8
Oct 2, 2023 21:57:09.953525066 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.953661919 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.953691006 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.953711033 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.953737020 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.953802109 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.953808069 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.953855038 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:09.953896999 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.954375029 CEST	49773	443	192.168.2.8	104.26.13.122
Oct 2, 2023 21:57:09.954386950 CEST	443	49773	104.26.13.122	192.168.2.8
Oct 2, 2023 21:57:10.080193043 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.080266953 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.080327988 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:10.081408024 CEST	49776	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:10.081423044 CEST	443	49776	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.087909937 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.087982893 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.088043928 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:10.088052034 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.088066101 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.088139057 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.088284016 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:10.088284016 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:10.088947058 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:10.088994980 CEST	443	49775	104.26.12.122	192.168.2.8
Oct 2, 2023 21:57:10.089023113 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:10.089059114 CEST	49775	443	192.168.2.8	104.26.12.122
Oct 2, 2023 21:57:11.221901894 CEST	49703	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:11.222014904 CEST	49702	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:12.920890093 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:12.920939922 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:12.921087980 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:12.921439886 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:12.921451092 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:13.138345957 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:13.139400959 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:13.139410973 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:13.140366077 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:13.141176939 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:13.142168045 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:13.142224073 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:13.188189983 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:13.188200951 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:13.234452009 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:13.562489033 CEST	49698	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:13.562509060 CEST	49697	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:13.562517881 CEST	49695	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:13.562520027 CEST	49691	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:57:13.562531948 CEST	49699	443	192.168.2.8	23.0.174.112
Oct 2, 2023 21:57:13.562958002 CEST	49693	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:57:13.562959909 CEST	49692	443	192.168.2.8	23.0.174.129
Oct 2, 2023 21:57:22.074718952 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.074747086 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.074825048 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.077199936 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.077223063 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.498156071 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.498383045 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.507143021 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.507153988 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.507466078 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.560600042 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.624375105 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.666450024 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888149977 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888176918 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888184071 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888216972 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888236046 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888247967 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888396978 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.888396978 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.888427019 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888439894 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888468981 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.888497114 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.888526917 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.907979012 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.907979012 CEST	49780	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:22.908009052 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:22.908041000 CEST	443	49780	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:23.159810066 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:23.159898043 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:23.161566973 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:24.553390980 CEST	49779	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:57:24.553422928 CEST	443	49779	142.251.16.104	192.168.2.8
Oct 2, 2023 21:57:28.593847036 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:28.593880892 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:28.593972921 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:28.596752882 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:28.596762896 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:28.786952019 CEST	49708	443	192.168.2.8	13.78.111.198
Oct 2, 2023 21:57:28.803736925 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:28.803872108 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:28.805577993 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:28.805588961 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:28.805841923 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:28.818773031 CEST	49671	443	192.168.2.8	52.109.28.100
Oct 2, 2023 21:57:28.818803072 CEST	49709	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:28.850441933 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:28.861574888 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:28.906447887 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.003384113 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.003591061 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.003618002 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.003627062 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.003945112 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.004024982 CEST	443	49784	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.004077911 CEST	49784	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.049031973 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.049133062 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.049248934 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.049680948 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.049712896 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.123107910 CEST	49671	443	192.168.2.8	52.109.28.100
Oct 2, 2023 21:57:29.123269081 CEST	49709	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:29.138797045 CEST	49708	443	192.168.2.8	13.78.111.198
Oct 2, 2023 21:57:29.201426983 CEST	49673	443	192.168.2.8	52.113.194.132
Oct 2, 2023 21:57:29.263508081 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.263772964 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.265171051 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.265191078 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.265510082 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.266699076 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.310461044 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.456950903 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.457148075 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.457232952 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.458327055 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.458327055 CEST	49785	443	192.168.2.8	23.219.201.162
Oct 2, 2023 21:57:29.458374977 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.458403111 CEST	443	49785	23.219.201.162	192.168.2.8
Oct 2, 2023 21:57:29.513840914 CEST	49673	443	192.168.2.8	52.113.194.132
Oct 2, 2023 21:57:29.736274958 CEST	49709	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:29.736278057 CEST	49671	443	192.168.2.8	52.109.28.100
Oct 2, 2023 21:57:29.832389116 CEST	49708	443	192.168.2.8	13.78.111.198
Oct 2, 2023 21:57:30.123281956 CEST	49673	443	192.168.2.8	52.113.194.132
Oct 2, 2023 21:57:30.941734076 CEST	49671	443	192.168.2.8	52.109.28.100
Oct 2, 2023 21:57:30.941735983 CEST	49709	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:31.207182884 CEST	49708	443	192.168.2.8	13.78.111.198
Oct 2, 2023 21:57:31.332420111 CEST	49673	443	192.168.2.8	52.113.194.132
Oct 2, 2023 21:57:32.035793066 CEST	49688	443	192.168.2.8	204.79.197.203
Oct 2, 2023 21:57:32.160655975 CEST	49689	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:32.342010975 CEST	49688	443	192.168.2.8	204.79.197.203
Oct 2, 2023 21:57:32.467031956 CEST	49689	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:32.951272011 CEST	49688	443	192.168.2.8	204.79.197.203
Oct 2, 2023 21:57:33.076378107 CEST	49689	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:33.341943979 CEST	49709	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:33.341944933 CEST	49671	443	192.168.2.8	52.109.28.100
Oct 2, 2023 21:57:33.732511997 CEST	49673	443	192.168.2.8	52.113.194.132
Oct 2, 2023 21:57:33.951244116 CEST	49708	443	192.168.2.8	13.78.111.198
Oct 2, 2023 21:57:34.154449940 CEST	49688	443	192.168.2.8	204.79.197.203
Oct 2, 2023 21:57:34.279388905 CEST	49689	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:36.563718081 CEST	49688	443	192.168.2.8	204.79.197.203
Oct 2, 2023 21:57:36.688482046 CEST	49689	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:38.148622036 CEST	49671	443	192.168.2.8	52.109.28.100
Oct 2, 2023 21:57:38.148621082 CEST	49709	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:38.541107893 CEST	49673	443	192.168.2.8	52.113.194.132
Oct 2, 2023 21:57:39.154270887 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.154316902 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.154407024 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.157037020 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.157068014 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.451545954 CEST	49708	443	192.168.2.8	13.78.111.198
Oct 2, 2023 21:57:39.665332079 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.665467024 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.667426109 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.667454958 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.667679071 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.717183113 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.734538078 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.778479099 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.901202917 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.901305914 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:39.901376009 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.918492079 CEST	49786	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:39.918510914 CEST	443	49786	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:40.148258924 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.148298979 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.148411989 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.149461031 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.149476051 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.467401028 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.467571974 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.469646931 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.469660997 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.469909906 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.471051931 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.514451981 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.669097900 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.669194937 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.669277906 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.669958115 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.670011997 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.670042038 CEST	49787	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:40.670058012 CEST	443	49787	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:40.681350946 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:40.681458950 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:40.681557894 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:40.682013988 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:40.682050943 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.192011118 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.192100048 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.193625927 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.193658113 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.193881035 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.194886923 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.238501072 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.364765882 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.364856005 CEST	443	49788	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.364953995 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.365888119 CEST	49788	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.373454094 CEST	49688	443	192.168.2.8	204.79.197.203
Oct 2, 2023 21:57:41.410329103 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.410367012 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.410487890 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.410939932 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.410953999 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.497755051 CEST	49689	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:41.724175930 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.724343061 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.725797892 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.725807905 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.726167917 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.727406025 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.770454884 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.922869921 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.923109055 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.923219919 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.923588991 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.923608065 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.923618078 CEST	49789	443	192.168.2.8	23.49.102.206
Oct 2, 2023 21:57:41.923624039 CEST	443	49789	23.49.102.206	192.168.2.8
Oct 2, 2023 21:57:41.963339090 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.963375092 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:41.963480949 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.963874102 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:41.963887930 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:42.472336054 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:42.472480059 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:42.473854065 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:42.473862886 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:42.474374056 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:42.475739956 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:42.518448114 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:42.643379927 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:42.643543005 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:42.643677950 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:42.644406080 CEST	49790	443	192.168.2.8	52.143.87.28
Oct 2, 2023 21:57:42.644422054 CEST	443	49790	52.143.87.28	192.168.2.8
Oct 2, 2023 21:57:44.717159986 CEST	49719	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:45.029354095 CEST	49719	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:45.638688087 CEST	49719	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:46.843497038 CEST	49719	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:47.749336004 CEST	49709	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:47.749349117 CEST	49671	443	192.168.2.8	52.109.28.100
Oct 2, 2023 21:57:48.153750896 CEST	49673	443	192.168.2.8	52.113.194.132
Oct 2, 2023 21:57:48.368701935 CEST	80	49756	209.197.3.8	192.168.2.8
Oct 2, 2023 21:57:48.368758917 CEST	80	49754	209.197.3.8	192.168.2.8
Oct 2, 2023 21:57:48.369051933 CEST	49756	80	192.168.2.8	209.197.3.8
Oct 2, 2023 21:57:48.369174957 CEST	49754	80	192.168.2.8	209.197.3.8
Oct 2, 2023 21:57:49.251818895 CEST	49719	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:50.436178923 CEST	49708	443	192.168.2.8	13.78.111.198
Oct 2, 2023 21:57:50.983042002 CEST	49688	443	192.168.2.8	204.79.197.203
Oct 2, 2023 21:57:51.108098984 CEST	49689	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:54.062761068 CEST	49719	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:57:59.229443073 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:59.229479074 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:59.229629040 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:59.230338097 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:59.230348110 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:59.640261889 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:59.640453100 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:59.663496971 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:59.663530111 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:59.663974047 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:57:59.689949036 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:57:59.730482101 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.036685944 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.036724091 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.036772013 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.036976099 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:58:00.037022114 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.037058115 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.037097931 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.037130117 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:58:00.037142992 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.037167072 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.037255049 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:58:00.058130980 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:58:00.058176041 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:00.058211088 CEST	49792	443	192.168.2.8	13.85.23.86
Oct 2, 2023 21:58:00.058227062 CEST	443	49792	13.85.23.86	192.168.2.8
Oct 2, 2023 21:58:03.670260906 CEST	49719	80	192.168.2.8	192.229.221.95
Oct 2, 2023 21:58:08.953695059 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:08.953737974 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:08.953886986 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:08.954241991 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:08.954255104 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.171777964 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.172173023 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.172197104 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.172914028 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.173218966 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.173307896 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.173337936 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.217546940 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.217567921 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.401072979 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.401177883 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.401524067 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.401524067 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.402528048 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.402626991 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.402735949 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.402982950 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.403007030 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.616409063 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.616871119 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.616905928 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.617490053 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.617964983 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.618041992 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.618159056 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.658525944 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.712551117 CEST	49794	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.712590933 CEST	443	49794	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.848192930 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.848387957 CEST	443	49795	35.190.80.1	192.168.2.8
Oct 2, 2023 21:58:09.848608971 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.848608971 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:09.852003098 CEST	49795	443	192.168.2.8	35.190.80.1
Oct 2, 2023 21:58:12.866156101 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:12.866240025 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:12.866404057 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:12.866770029 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:12.866806984 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:13.094888926 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:13.095375061 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:13.095438957 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:13.096690893 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:13.097218037 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:13.097420931 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:13.152802944 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:23.086652994 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:23.086724043 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:23.086843967 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:24.548892975 CEST	49796	443	192.168.2.8	142.251.16.104
Oct 2, 2023 21:58:24.548964977 CEST	443	49796	142.251.16.104	192.168.2.8
Oct 2, 2023 21:58:31.201688051 CEST	49751	443	192.168.2.8	13.107.219.40
Oct 2, 2023 21:58:31.296892881 CEST	443	49751	13.107.219.40	192.168.2.8
Oct 2, 2023 21:58:31.296952963 CEST	443	49751	13.107.219.40	192.168.2.8
Oct 2, 2023 21:58:31.297039986 CEST	49751	443	192.168.2.8	13.107.219.40
Oct 2, 2023 21:58:42.748907089 CEST	49756	80	192.168.2.8	209.197.3.8
Oct 2, 2023 21:58:42.863343954 CEST	80	49756	209.197.3.8	192.168.2.8
Oct 2, 2023 21:58:42.863456964 CEST	49756	80	192.168.2.8	209.197.3.8
Oct 2, 2023 21:58:45.713579893 CEST	80	49754	209.197.3.8	192.168.2.8
Oct 2, 2023 21:58:45.713665962 CEST	49754	80	192.168.2.8	209.197.3.8
Oct 2, 2023 21:58:53.259068012 CEST	80	49754	209.197.3.8	192.168.2.8
Oct 2, 2023 21:58:53.259171963 CEST	49754	80	192.168.2.8	209.197.3.8
Oct 2, 2023 21:58:53.259287119 CEST	49754	80	192.168.2.8	209.197.3.8
Oct 2, 2023 21:58:53.355238914 CEST	80	49754	209.197.3.8	192.168.2.8
Oct 2, 2023 21:59:24.382323980 CEST	49755	80	192.168.2.8	192.229.211.108
Oct 2, 2023 21:59:24.476989031 CEST	80	49755	192.229.211.108	192.168.2.8
Oct 2, 2023 21:59:24.477262974 CEST	49755	80	192.168.2.8	192.229.211.108
Oct 2, 2023 22:00:41.207091093 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:41.207140923 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:41.207209110 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:41.207519054 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:41.207539082 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:41.703737020 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:41.703850985 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:41.717633963 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:41.717653036 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:41.718020916 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:41.718393087 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:41.718446970 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:41.718475103 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:42.094377995 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:42.094413996 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:42.094444990 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:42.094469070 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:42.094500065 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:42.094515085 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:42.094569921 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:42.094608068 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:42.097632885 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:42.097651958 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:42.097662926 CEST	49797	443	192.168.2.8	20.190.190.129
Oct 2, 2023 22:00:42.097668886 CEST	443	49797	20.190.190.129	192.168.2.8
Oct 2, 2023 22:00:43.198194981 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:43.198230982 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:43.198292017 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:43.212130070 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:43.212143898 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:43.519114017 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:43.519221067 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:43.520209074 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:43.520258904 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.024348974 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.024432898 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:44.024867058 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:44.024919033 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.133328915 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.133411884 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:44.346775055 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:44.346810102 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:44.346945047 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.346946001 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.347009897 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:44.347045898 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:44.347069979 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.347101927 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.378283024 CEST	49798	443	192.168.2.8	204.79.197.200
Oct 2, 2023 22:00:44.378324032 CEST	443	49798	204.79.197.200	192.168.2.8
Oct 2, 2023 22:00:51.610577106 CEST	49732	443	192.168.2.8	20.90.156.32
Oct 2, 2023 22:00:51.610627890 CEST	443	49732	20.90.156.32	192.168.2.8
Oct 2, 2023 22:00:59.843636036 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:00:59.843683958 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:00:59.843743086 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:00:59.844499111 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:00:59.844521999 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.213833094 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.213967085 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:00.219382048 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:00.219408989 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.219755888 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.221442938 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:00.221498966 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:00.221508980 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.221649885 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:00.262450933 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.403090954 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.403294086 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:00.403383970 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:00.403604031 CEST	49799	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:00.403633118 CEST	443	49799	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.068593025 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.068639994 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.068717957 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.069334984 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.069374084 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.505770922 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.505916119 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.507523060 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.507535934 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.508310080 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.509968042 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.510029078 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.510035992 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.510162115 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.550470114 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.626184940 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.626339912 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.626547098 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.627901077 CEST	49800	443	192.168.2.8	52.159.127.243
Oct 2, 2023 22:01:15.627945900 CEST	443	49800	52.159.127.243	192.168.2.8
Oct 2, 2023 22:01:15.627976894 CEST	49800	443	192.168.2.8	52.159.127.243

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2023 21:57:08.347884893 CEST	55645	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:08.348041058 CEST	63869	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:08.372311115 CEST	51420	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:08.372502089 CEST	54574	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:08.373253107 CEST	60143	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:08.373450041 CEST	62243	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:08.468024969 CEST	53	61478	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:08.472830057 CEST	53	54574	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:08.475517035 CEST	53	55645	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:08.481555939 CEST	53	62243	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:08.482950926 CEST	53	60143	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:08.486399889 CEST	53	63869	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:08.487135887 CEST	53	51420	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:08.938796043 CEST	50191	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:08.939301968 CEST	55583	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:09.039695024 CEST	53	55583	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:09.045023918 CEST	53	50191	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:09.114747047 CEST	53	53921	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:09.519815922 CEST	50165	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:09.519990921 CEST	57021	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:09.629966974 CEST	53	57021	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:09.631371021 CEST	53	50165	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:12.812359095 CEST	49892	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:12.812618971 CEST	58131	53	192.168.2.8	8.8.8.8
Oct 2, 2023 21:57:12.919435024 CEST	53	58131	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:12.919476986 CEST	53	49892	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:26.564454079 CEST	53	49734	8.8.8.8	192.168.2.8
Oct 2, 2023 21:57:45.577081919 CEST	53	60684	8.8.8.8	192.168.2.8
Oct 2, 2023 21:58:08.080025911 CEST	53	50288	8.8.8.8	192.168.2.8
Oct 2, 2023 21:58:08.127026081 CEST	53	50259	8.8.8.8	192.168.2.8
Oct 2, 2023 21:58:35.801856995 CEST	53	61331	8.8.8.8	192.168.2.8
Oct 2, 2023 21:58:42.099080086 CEST	138	138	192.168.2.8	192.168.2.255
Oct 2, 2023 21:59:20.624851942 CEST	53	50415	8.8.8.8	192.168.2.8
Oct 2, 2023 22:00:35.637839079 CEST	53	61518	8.8.8.8	192.168.2.8

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 2, 2023 21:57:08.347884893 CEST	192.168.2.8	8.8.8.8	0x8b92	Standard query (0)	nezurexternal.sell.app	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.348041058 CEST	192.168.2.8	8.8.8.8	0xc2e6	Standard query (0)	nezurexternal.sell.app	65	IN (0x0001)	false
Oct 2, 2023 21:57:08.372311115 CEST	192.168.2.8	8.8.8.8	0x664e	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.372502089 CEST	192.168.2.8	8.8.8.8	0x9701	Standard query (0)	clients2.google.com	65	IN (0x0001)	false
Oct 2, 2023 21:57:08.373253107 CEST	192.168.2.8	8.8.8.8	0x997f	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.373450041 CEST	192.168.2.8	8.8.8.8	0xd846	Standard query (0)	accounts.google.com	65	IN (0x0001)	false
Oct 2, 2023 21:57:08.938796043 CEST	192.168.2.8	8.8.8.8	0x7b9b	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.939301968 CEST	192.168.2.8	8.8.8.8	0x1929	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Oct 2, 2023 21:57:09.519815922 CEST	192.168.2.8	8.8.8.8	0xf9d2	Standard query (0)	nezurexternal.sell.app	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:09.519990921 CEST	192.168.2.8	8.8.8.8	0x7716	Standard query (0)	nezurexternal.sell.app	65	IN (0x0001)	false
Oct 2, 2023 21:57:12.812359095 CEST	192.168.2.8	8.8.8.8	0xe3e3	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:12.812618971 CEST	192.168.2.8	8.8.8.8	0xdf9e	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 2, 2023 21:57:08.472830057 CEST	8.8.8.8	192.168.2.8	0x9701	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2023 21:57:08.475517035 CEST	8.8.8.8	192.168.2.8	0x8b92	No error (0)	nezurexternal.sell.app		104.26.13.122	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.475517035 CEST	8.8.8.8	192.168.2.8	0x8b92	No error (0)	nezurexternal.sell.app		104.26.12.122	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.475517035 CEST	8.8.8.8	192.168.2.8	0x8b92	No error (0)	nezurexternal.sell.app		172.67.72.62	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.482950926 CEST	8.8.8.8	192.168.2.8	0x997f	No error (0)	accounts.google.com		172.253.122.84	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.486399889 CEST	8.8.8.8	192.168.2.8	0xc2e6	No error (0)	nezurexternal.sell.app			65	IN (0x0001)	false
Oct 2, 2023 21:57:08.487135887 CEST	8.8.8.8	192.168.2.8	0x664e	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 2, 2023 21:57:08.487135887 CEST	8.8.8.8	192.168.2.8	0x664e	No error (0)	clients.l.google.com		172.253.62.139	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.487135887 CEST	8.8.8.8	192.168.2.8	0x664e	No error (0)	clients.l.google.com		172.253.62.100	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.487135887 CEST	8.8.8.8	192.168.2.8	0x664e	No error (0)	clients.l.google.com		172.253.62.101	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.487135887 CEST	8.8.8.8	192.168.2.8	0x664e	No error (0)	clients.l.google.com		172.253.62.102	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.487135887 CEST	8.8.8.8	192.168.2.8	0x664e	No error (0)	clients.l.google.com		172.253.62.113	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:08.487135887 CEST	8.8.8.8	192.168.2.8	0x664e	No error (0)	clients.l.google.com		172.253.62.138	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:09.045023918 CEST	8.8.8.8	192.168.2.8	0x7b9b	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:09.629966974 CEST	8.8.8.8	192.168.2.8	0x7716	No error (0)	nezurexternal.sell.app			65	IN (0x0001)	false
Oct 2, 2023 21:57:09.631371021 CEST	8.8.8.8	192.168.2.8	0xf9d2	No error (0)	nezurexternal.sell.app		104.26.12.122	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:09.631371021 CEST	8.8.8.8	192.168.2.8	0xf9d2	No error (0)	nezurexternal.sell.app		172.67.72.62	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:09.631371021 CEST	8.8.8.8	192.168.2.8	0xf9d2	No error (0)	nezurexternal.sell.app		104.26.13.122	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:12.919435024 CEST	8.8.8.8	192.168.2.8	0xdf9e	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 2, 2023 21:57:12.919476986 CEST	8.8.8.8	192.168.2.8	0xe3e3	No error (0)	www.google.com		142.251.16.104	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:12.919476986 CEST	8.8.8.8	192.168.2.8	0xe3e3	No error (0)	www.google.com		142.251.16.103	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:12.919476986 CEST	8.8.8.8	192.168.2.8	0xe3e3	No error (0)	www.google.com		142.251.16.106	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:12.919476986 CEST	8.8.8.8	192.168.2.8	0xe3e3	No error (0)	www.google.com		142.251.16.105	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:12.919476986 CEST	8.8.8.8	192.168.2.8	0xe3e3	No error (0)	www.google.com		142.251.16.147	A (IP address)	IN (0x0001)	false
Oct 2, 2023 21:57:12.919476986 CEST	8.8.8.8	192.168.2.8	0xe3e3	No error (0)	www.google.com		142.251.16.99	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

nezurexternal.sell.app

accounts.google.com

clients2.google.com

https:

a.nel.cloudflare.com

slscr.update.microsoft.com

fs.microsoft.com

geo.prod.do.dsp.mp.microsoft.com

geover.prod.do.dsp.mp.microsoft.com

www.bing.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.8	49766	104.26.13.122	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:08 UTC	0	OUT	GET /product/nezur-key-bypass-85-off?info=faq HTTP/1.1 Host: nezurexternal.sell.app Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.8	49765	172.253.122.84	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:08 UTC	0	OUT	POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1 Host: accounts.google.com Connection: keep-alive Content-Length: 1 Origin: https://www.google.com Content-Type: application/x-www-form-urlencoded Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=Ad49MVHIPgzSCO5dm6Y4sij7QbjB6gQ-suVnQ_L4eRzHAzin7k2icwmmPA; CONSENT=PENDING+827; SOCS=CAESHAgCEhJnd3NfMjAyMzA3MjQtMF9SQzMaAmVuIAEaBgiAioymBg; __Secure-ENID=13.SE=gmD7kx4EDrMVm9vUwdFe2dvgR5FStGC5ki3rt3ZghZ0q3XrElUnG5Oax0PReZ8XkWrfAUhtTC4vZM55ZFngCCBDBX_tWtn5lPZ2mvbc9Npxk5ACrlIUkxtqa7ldUFi2vH3lIONRpnbBtccFszM9HjbP0cDzjyQhWFkxQjEswQ8k
2023-10-02 19:57:08 UTC	1	OUT	Data Raw: 20 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.8	49771	104.26.13.122	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	36	OUT	GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1 Host: nezurexternal.sell.app Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://nezurexternal.sell.app/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	35.190.80.1	443	192.168.2.8	49769	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	36	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 02 Oct 2023 19:57:09 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	104.26.13.122	443	192.168.2.8	49770	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	37	IN	HTTP/1.1 200 OK Date: Mon, 02 Oct 2023 19:57:09 GMT Content-Type: image/png Content-Length: 715 Connection: close Last-Modified: Wed, 27 Sep 2023 11:52:30 GMT ETag: "6514177e-2cb" Server: cloudflare CF-RAY: 80ff83460c7613bc-IAD X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Oct 2023 21:57:09 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2023-10-02 19:57:09 UTC	37	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 c0 00 00 00 35 08 03 00 00 00 b9 bf 72 9e 00 00 00 5d 50 4c 54 45 00 00 00 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 eb eb eb 99 99 99 c4 c4 c4 f1 f1 f1 e1 e1 e1 cc cc cc d2 d2 d2 b5 b5 b5 ad ad ad 9d 9d 9d 9b 9b 9b d8 d8 d8 de de de c1 c1 c1 ba ba ba a8 a8 a8 ea ea ea e4 e4 e4 b1 b1 b1 a3 a3 a3 e7 e7 e7 ee ee ee c9 c9 c9 85 39 57 29 00 00 00 08 74 52 4e 53 00 fa d2 75 09 d7 d6 20 00 ef cb c3 00 00 02 15 49 44 41 54 78 da ec db e9 6e a4 30 10 04 e0 9e 23 89 0b c6 9c c3 cd cc fb 3f e6 66 d7 ac 8d 14 c8 49 c6 42 ae ef 67 a9 ff b6 ba 84 85 88 9c 4f c7 03 88 68 57 0e c7 d3 59 5e bd 3c 83 88 76 e8 f9 45 e4 fc 04 22 da a5 a7 b3 9c 40 44 3b 75 92 23 88 68 a7 8e c2 ef 57 44 bb 75 10 10 Data Ascii: PNGIHDR5r]PLTE9W)tRNSu IDATxn0#?fIBgOhWY^<vE"@D;u#hWDu

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	104.26.13.122	443	192.168.2.8	49771	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	38	IN	HTTP/1.1 200 OK Date: Mon, 02 Oct 2023 19:57:09 GMT Content-Type: image/png Content-Length: 3213 Connection: close Last-Modified: Wed, 27 Sep 2023 11:52:30 GMT ETag: "6514177e-c8d" Server: cloudflare CF-RAY: 80ff834609f182b7-IAD X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Oct 2023 21:57:09 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2023-10-02 19:57:09 UTC	38	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b2 00 00 00 af 08 03 00 00 00 6e 1c 74 1f 00 00 02 d0 50 4c 54 45 00 00 00 ff ff ff ff 80 80 ff 55 55 bf 40 40 cc 33 33 d4 2a 2a db 24 49 bf 40 40 c6 39 39 cc 33 33 d1 2e 2e bf 2a 2a c4 27 27 c8 24 37 cc 33 33 bf 30 30 c3 2d 2d c6 2a 2a c9 28 28 bf 26 26 c2 24 31 c5 2e 2e bc 2c 2c bf 2a 2a c2 29 29 c4 27 27 bd 26 2f bf 24 2e c1 2c 2c c3 2a 2a bd 29 29 bf 28 28 c1 27 27 bf 2a 2a c1 29 29 c3 28 28 be 27 27 bf 26 26 c1 25 2c c2 24 2a be 2a 2a bf 29 29 c1 28 28 bc 27 27 be 26 26 bf 25 2a c1 24 2a bd 29 29 be 28 28 c0 26 26 bd 26 2a be 25 2a bf 24 29 bd 28 28 be 27 27 bf 26 26 c0 26 2a bd 25 29 be 24 28 bf 24 28 bc 27 27 bd 27 27 be 26 26 bc 25 29 bd 24 28 bf 27 27 bd 26 26 be 25 29 bf 25 28 bd 24 28 be Data Ascii: PNGIHDRntPLTEUU@@33$I@@9933..''$73300--((&&$1..,,))''&/$.,,))((''))((''&&%,$**))((''&&%$))((&&&%$)((''&&&%)$($(''''&&%)$(''&&%)%($(
2023-10-02 19:57:09 UTC	39	IN	Data Raw: ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe 34 dd b2 71 00 00 08 7d 49 44 41 54 78 da ed 9d fb 5f 15 45 18 c6 e7 20 1c f1 88 02 e2 51 10 31 b3 bc e5 35 6f 69 9a a4 26 59 26 9a 5a 26 11 69 a2 e2 a5 d2 cc 22 af 05 6a 9a a2 96 9a 8a 22 9a e2 5d b9 69 89 a9 a0 88 5c 2d 4d 25 c5 6b 2a 06 04 bc ff 42 de 15 98 dd 79 67 76 76 f7 d4 e7 3c 3f cf 3e f3 65 d9 9d 79 e7 9d 77 e7 10 e2 94 53 4e fd cf 54 d7 db f5 bf 80 e9 d6 26 68 dc 9c d8 a4 13 e7 8b e1 81 ae 15 a4 ed 58 3e 7d 54 9f c6 8e 48 5b a7 67 c4 ba cc 52 50 d2 95 a4 e8 91 2d 1c 08 d7 d6 6f 76 5a 19 b0 55 b4 29 cc 21 b0 1b 86 24 fc 0d 78 fd 1e d5 bb 96 a9 bc 9e a1 fb cb 81 57 45 8b 7b 59 4c e2 75 e9 Data Ascii: 4q}IDATx_E Q15oi&Y&Z&i"j"]i\-M%k*Bygvv<?>eywSNT&hX>}TH[gRP-ovZU)!$xWE{YLu
2023-10-02 19:57:09 UTC	40	IN	Data Raw: 8b e8 91 cc 89 ac f0 09 f4 67 5c 26 19 0d 89 06 d9 f6 73 75 56 a9 f0 08 0e e0 31 39 6e 67 54 c5 4f b2 4a 8c f8 73 15 5c 1a 70 94 4d 66 32 88 5d 63 59 79 a4 3a 3c 01 c2 2a 25 17 7c a0 75 92 45 bc 81 67 af 8d ad 31 4a 26 31 58 87 2c c6 e7 b1 6e 1b ee 37 db cc d8 9b c0 7f 51 a1 58 7e 3d 0c 69 70 8a 71 10 8a 75 e3 a3 ac 30 83 19 3b 46 fd a9 58 4e 61 c7 3d cc d9 be 48 62 80 8d 6e ea 2d 37 e0 90 57 2b 5b a0 a2 2c 56 7d 45 95 7b b7 41 bd 04 d9 15 f7 6c 8c 52 76 98 81 b8 9c b5 93 6e 8d af d2 7c bd 3a b3 0f e6 db bc 72 95 97 bd 23 fb f2 42 c6 9e a9 75 73 b5 0b d6 aa 33 63 86 e7 24 35 03 f6 ba 9d 51 b5 46 19 05 54 bf 85 b3 9c 46 20 87 ab f5 c8 ae b4 eb c3 3f 6e fd a0 c2 3c 0e 41 5c d1 4c ad cb 17 45 43 aa 27 bb ed 14 ad 50 64 0e c6 04 bc 89 ea ff 58 e6 c1 01 67 7c Data Ascii: g\&suV19ngTOJs\pMf2]cYy:<*%\|uEg1J&1X,n7QX~=ipqu0;FXNa=Hbn-7W+[,V}E{AlRvn\|:r#Bus3c$5QFTF ?n<A\LEC'PdXg\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.8	49773	104.26.13.122	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	41	OUT	GET /favicon.ico HTTP/1.1 Host: nezurexternal.sell.app Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.8	49772	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	42	OUT	POST /report/v3?s=cdO5eV%2BcsIVXWwCGrz0Oe%2BJ95Vbu5cW3rpur%2FMZJgiINkC9IkK9Vgo%2Bl8lu1oV0z1T%2BioYem5tJfDKUXpCKnRTff0qXol%2FI5T1TPssoFPZ7awf0F061%2FKF0SoteCNEi39u%2B1O%2BLYwDU%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 432 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-10-02 19:57:09 UTC	42	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 35 36 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 31 33 2e 31 32 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 65 7a 75 72 65 78 74 65 72 6e 61 6c 2e 73 65 Data Ascii: [{"age":0,"body":{"elapsed_time":556,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.26.13.122","status_code":403,"type":"http.error"},"type":"network-error","url":"https://nezurexternal.se

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.8	49776	104.26.12.122	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	43	OUT	GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1 Host: nezurexternal.sell.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.8	49775	104.26.12.122	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	43	OUT	GET /cdn-cgi/images/cf-no-screenshot-error.png HTTP/1.1 Host: nezurexternal.sell.app Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	35.190.80.1	443	192.168.2.8	49772	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	44	IN	HTTP/1.1 200 OK content-length: 0 date: Mon, 02 Oct 2023 19:57:09 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	104.26.13.122	443	192.168.2.8	49773	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	44	IN	HTTP/1.1 403 Forbidden Date: Mon, 02 Oct 2023 19:57:09 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4511 Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: max-age=15 Expires: Mon, 02 Oct 2023 19:57:24 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JTiBhE0%2BpPvz2UEGgNnXWghISA0cWlPcWtP8lmJSVNtc9v1fyAQqr%2BnzSzT3IZ5mh2L47CDVDn%2Bvag8mrwrlTaT9ebS728yh8wm%2Fj7FhR5%2BN6EVSV64%2FHFOmcx%2FSD4qgBDzJ0leV0c%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 80ff8348cf413920-IAD alt-svc: h3=":443"; ma=86400
2023-10-02 19:57:09 UTC	44	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE
2023-10-02 19:57:09 UTC	45	IN	Data Raw: 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 63 73 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 Data Ascii: -css" href="/cdn-cgi/styles/cf.errors.css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator
2023-10-02 19:57:09 UTC	46	IN	Data Raw: 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 68 65 61 64 6c 69 6e 65 22 3e 57 68 79 20 68 61 76 65 20 49 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 64 65 74 61 69 6c 22 3e 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 75 73 69 6e 67 20 61 20 73 65 63 75 72 69 74 79 20 73 65 72 76 69 63 65 20 74 6f 20 70 72 6f 74 65 63 74 20 69 74 73 65 6c 66 20 66 72 6f 6d 20 6f 6e Data Ascii: ="cf-columns two"> <div class="cf-column"> <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2> <p data-translate="blocked_why_detail">This website is using a security service to protect itself from on
2023-10-02 19:57:09 UTC	48	IN	Data Raw: 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 0a 20 20 20 20 20 20 59 6f 75 72 20 49 50 3a 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 Data Ascii: :block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">102.165.48.84</span> <span class="cf-footer-separator sm:hidde

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.8	49768	172.253.62.139	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:08 UTC	1	OUT	GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=115.0.5790.110&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1 Host: clients2.google.com Connection: keep-alive X-Goog-Update-Interactivity: fg X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda X-Goog-Update-Updater: chromecrx-115.0.5790.110 Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	104.26.12.122	443	192.168.2.8	49776	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:10 UTC	49	IN	HTTP/1.1 200 OK Date: Mon, 02 Oct 2023 19:57:10 GMT Content-Type: image/png Content-Length: 715 Connection: close Last-Modified: Wed, 27 Sep 2023 11:52:30 GMT ETag: "6514177e-2cb" Server: cloudflare CF-RAY: 80ff83499c23082e-IAD X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Oct 2023 21:57:10 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2023-10-02 19:57:10 UTC	49	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 c0 00 00 00 35 08 03 00 00 00 b9 bf 72 9e 00 00 00 5d 50 4c 54 45 00 00 00 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 99 eb eb eb 99 99 99 c4 c4 c4 f1 f1 f1 e1 e1 e1 cc cc cc d2 d2 d2 b5 b5 b5 ad ad ad 9d 9d 9d 9b 9b 9b d8 d8 d8 de de de c1 c1 c1 ba ba ba a8 a8 a8 ea ea ea e4 e4 e4 b1 b1 b1 a3 a3 a3 e7 e7 e7 ee ee ee c9 c9 c9 85 39 57 29 00 00 00 08 74 52 4e 53 00 fa d2 75 09 d7 d6 20 00 ef cb c3 00 00 02 15 49 44 41 54 78 da ec db e9 6e a4 30 10 04 e0 9e 23 89 0b c6 9c c3 cd cc fb 3f e6 66 d7 ac 8d 14 c8 49 c6 42 ae ef 67 a9 ff b6 ba 84 85 88 9c 4f c7 03 88 68 57 0e c7 d3 59 5e bd 3c 83 88 76 e8 f9 45 e4 fc 04 22 da a5 a7 b3 9c 40 44 3b 75 92 23 88 68 a7 8e c2 ef 57 44 bb 75 10 10 Data Ascii: PNGIHDR5r]PLTE9W)tRNSu IDATxn0#?fIBgOhWY^<vE"@D;u#hWDu

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	104.26.12.122	443	192.168.2.8	49775	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:10 UTC	50	IN	HTTP/1.1 200 OK Date: Mon, 02 Oct 2023 19:57:10 GMT Content-Type: image/png Content-Length: 3213 Connection: close Last-Modified: Wed, 27 Sep 2023 11:52:30 GMT ETag: "6514177e-c8d" Server: cloudflare CF-RAY: 80ff8349abd03952-IAD X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Oct 2023 21:57:10 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2023-10-02 19:57:10 UTC	50	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 b2 00 00 00 af 08 03 00 00 00 6e 1c 74 1f 00 00 02 d0 50 4c 54 45 00 00 00 ff ff ff ff 80 80 ff 55 55 bf 40 40 cc 33 33 d4 2a 2a db 24 49 bf 40 40 c6 39 39 cc 33 33 d1 2e 2e bf 2a 2a c4 27 27 c8 24 37 cc 33 33 bf 30 30 c3 2d 2d c6 2a 2a c9 28 28 bf 26 26 c2 24 31 c5 2e 2e bc 2c 2c bf 2a 2a c2 29 29 c4 27 27 bd 26 2f bf 24 2e c1 2c 2c c3 2a 2a bd 29 29 bf 28 28 c1 27 27 bf 2a 2a c1 29 29 c3 28 28 be 27 27 bf 26 26 c1 25 2c c2 24 2a be 2a 2a bf 29 29 c1 28 28 bc 27 27 be 26 26 bf 25 2a c1 24 2a bd 29 29 be 28 28 c0 26 26 bd 26 2a be 25 2a bf 24 29 bd 28 28 be 27 27 bf 26 26 c0 26 2a bd 25 29 be 24 28 bf 24 28 bc 27 27 bd 27 27 be 26 26 bc 25 29 bd 24 28 bf 27 27 bd 26 26 be 25 29 bf 25 28 bd 24 28 be Data Ascii: PNGIHDRntPLTEUU@@33$I@@9933..''$73300--((&&$1..,,))''&/$.,,))((''))((''&&%,$**))((''&&%$))((&&&%$)((''&&&%)$($(''''&&%)$(''&&%)%($(
2023-10-02 19:57:10 UTC	51	IN	Data Raw: ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9 ea eb ec ed ee ef f0 f1 f2 f3 f4 f5 f6 f7 f8 f9 fa fb fc fd fe 34 dd b2 71 00 00 08 7d 49 44 41 54 78 da ed 9d fb 5f 15 45 18 c6 e7 20 1c f1 88 02 e2 51 10 31 b3 bc e5 35 6f 69 9a a4 26 59 26 9a 5a 26 11 69 a2 e2 a5 d2 cc 22 af 05 6a 9a a2 96 9a 8a 22 9a e2 5d b9 69 89 a9 a0 88 5c 2d 4d 25 c5 6b 2a 06 04 bc ff 42 de 15 98 dd 79 67 76 76 f7 d4 e7 3c 3f cf 3e f3 65 d9 9d 79 e7 9d 77 e7 10 e2 94 53 4e fd cf 54 d7 db f5 bf 80 e9 d6 26 68 dc 9c d8 a4 13 e7 8b e1 81 ae 15 a4 ed 58 3e 7d 54 9f c6 8e 48 5b a7 67 c4 ba cc 52 50 d2 95 a4 e8 91 2d 1c 08 d7 d6 6f 76 5a 19 b0 55 b4 29 cc 21 b0 1b 86 24 fc 0d 78 fd 1e d5 bb 96 a9 bc 9e a1 fb cb 81 57 45 8b 7b 59 4c e2 75 e9 Data Ascii: 4q}IDATx_E Q15oi&Y&Z&i"j"]i\-M%k*Bygvv<?>eywSNT&hX>}TH[gRP-ovZU)!$xWE{YLu
2023-10-02 19:57:10 UTC	53	IN	Data Raw: 8b e8 91 cc 89 ac f0 09 f4 67 5c 26 19 0d 89 06 d9 f6 73 75 56 a9 f0 08 0e e0 31 39 6e 67 54 c5 4f b2 4a 8c f8 73 15 5c 1a 70 94 4d 66 32 88 5d 63 59 79 a4 3a 3c 01 c2 2a 25 17 7c a0 75 92 45 bc 81 67 af 8d ad 31 4a 26 31 58 87 2c c6 e7 b1 6e 1b ee 37 db cc d8 9b c0 7f 51 a1 58 7e 3d 0c 69 70 8a 71 10 8a 75 e3 a3 ac 30 83 19 3b 46 fd a9 58 4e 61 c7 3d cc d9 be 48 62 80 8d 6e ea 2d 37 e0 90 57 2b 5b a0 a2 2c 56 7d 45 95 7b b7 41 bd 04 d9 15 f7 6c 8c 52 76 98 81 b8 9c b5 93 6e 8d af d2 7c bd 3a b3 0f e6 db bc 72 95 97 bd 23 fb f2 42 c6 9e a9 75 73 b5 0b d6 aa 33 63 86 e7 24 35 03 f6 ba 9d 51 b5 46 19 05 54 bf 85 b3 9c 46 20 87 ab f5 c8 ae b4 eb c3 3f 6e fd a0 c2 3c 0e 41 5c d1 4c ad cb 17 45 43 aa 27 bb ed 14 ad 50 64 0e c6 04 bc 89 ea ff 58 e6 c1 01 67 7c Data Ascii: g\&suV19ngTOJs\pMf2]cYy:<*%\|uEg1J&1X,n7QX~=ipqu0;FXNa=Hbn-7W+[,V}E{AlRvn\|:r#Bus3c$5QFTF ?n<A\LEC'PdXg\|

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.8	49780	13.85.23.86	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:22 UTC	53	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.3208/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.3031&MK=VXN+F25zcaGoHd3&MD=AmHs1To8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-02 19:57:22 UTC	54	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: e4ad4fca-b5a1-4d07-a63e-362050bc412b MS-RequestId: af4f5b9b-52a0-46c5-a9f4-5e6115e8c98b MS-CV: NdvHH21TFEqlBJ14.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 02 Oct 2023 19:57:22 GMT Connection: close Content-Length: 24490
2023-10-02 19:57:22 UTC	54	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2023-10-02 19:57:22 UTC	70	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.8	49784	23.219.201.162	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:28 UTC	78	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-02 19:57:29 UTC	78	IN	HTTP/1.1 200 OK ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: Kestrel X-CID: 11 Cache-Control: public, max-age=126099 Date: Mon, 02 Oct 2023 19:57:28 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.8	49785	23.219.201.162	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:29 UTC	79	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2023-10-02 19:57:29 UTC	79	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=90404 Date: Mon, 02 Oct 2023 19:57:29 GMT Content-Length: 55 Connection: close X-CID: 2
2023-10-02 19:57:29 UTC	79	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.8	49786	52.143.87.28	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:39 UTC	80	OUT	GET /geo?doClientVersion=10.0.19041.3031&profile=1048832&callId=4019858650 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: gzip, deflate User-Agent: Microsoft-Delivery-Optimization/10.0 MS-CV: u1mSJHiEHEqKWkmK.1.1.1 Content-Length: 0 Host: geo.prod.do.dsp.mp.microsoft.com
2023-10-02 19:57:39 UTC	80	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/json Server: Microsoft-IIS/10.0 x-content-type-options: nosniff X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 02 Oct 2023 19:57:39 GMT Connection: close Content-Length: 304
2023-10-02 19:57:39 UTC	80	IN	Data Raw: 7b 22 45 78 74 65 72 6e 61 6c 49 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 22 2c 22 43 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 4b 65 79 56 61 6c 75 65 5f 45 6e 64 70 6f 69 6e 74 46 75 6c 6c 55 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 76 38 30 31 2e 70 72 6f 64 2e 64 6f 2e 64 73 70 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 6c 6c 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 43 61 63 68 65 49 64 22 3a 22 37 22 2c 22 43 6f 6d 70 61 63 74 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 33 30 33 Data Ascii: {"ExternalIpAddress":"102.165.48.84","CountryCode":"US","KeyValue_EndpointFullUri":"https://kv801.prod.do.dsp.mp.microsoft.com/all","Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","CacheId":"7","CompactVersion":"10.0.19041.303

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.8	49787	23.49.102.206	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:40 UTC	80	OUT	GET /geoversion?doClientVersion=10.0.19041.3031&profile=1048832 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: gzip, deflate User-Agent: Microsoft-Delivery-Optimization/10.0 MS-CV: u1mSJHiEHEqKWkmK.3.1.1 Content-Length: 0 Host: geover.prod.do.dsp.mp.microsoft.com
2023-10-02 19:57:40 UTC	81	IN	HTTP/1.1 200 OK Content-Type: text/json Server: Microsoft-IIS/10.0 x-content-type-options: nosniff X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Content-Length: 121 Cache-Control: max-age=269 Date: Mon, 02 Oct 2023 19:57:40 GMT Connection: close
2023-10-02 19:57:40 UTC	81	IN	Data Raw: 7b 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 54 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 33 2d 31 30 2d 30 32 54 31 39 3a 35 37 3a 30 39 2e 34 38 30 36 38 32 37 5a 22 7d Data Ascii: {"Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","Timestamp":"2023-10-02T19:57:09.4806827Z"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.8	49788	52.143.87.28	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:41 UTC	81	OUT	GET /geo?doClientVersion=10.0.19041.3031&profile=1048832&callId=188502370 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: gzip, deflate User-Agent: Microsoft-Delivery-Optimization/10.0 MS-CV: u1mSJHiEHEqKWkmK.4.1.1 Content-Length: 0 Host: geo.prod.do.dsp.mp.microsoft.com
2023-10-02 19:57:41 UTC	81	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/json Server: Microsoft-IIS/10.0 x-content-type-options: nosniff X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 02 Oct 2023 19:57:41 GMT Connection: close Content-Length: 304
2023-10-02 19:57:41 UTC	82	IN	Data Raw: 7b 22 45 78 74 65 72 6e 61 6c 49 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 22 2c 22 43 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 4b 65 79 56 61 6c 75 65 5f 45 6e 64 70 6f 69 6e 74 46 75 6c 6c 55 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 76 38 30 31 2e 70 72 6f 64 2e 64 6f 2e 64 73 70 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 6c 6c 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 43 61 63 68 65 49 64 22 3a 22 37 22 2c 22 43 6f 6d 70 61 63 74 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 33 30 33 Data Ascii: {"ExternalIpAddress":"102.165.48.84","CountryCode":"US","KeyValue_EndpointFullUri":"https://kv801.prod.do.dsp.mp.microsoft.com/all","Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","CacheId":"7","CompactVersion":"10.0.19041.303

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.8	49789	23.49.102.206	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:41 UTC	82	OUT	GET /geoversion?doClientVersion=10.0.19041.3031&profile=1048832 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: gzip, deflate User-Agent: Microsoft-Delivery-Optimization/10.0 MS-CV: u1mSJHiEHEqKWkmK.6.1.1 Content-Length: 0 Host: geover.prod.do.dsp.mp.microsoft.com
2023-10-02 19:57:41 UTC	82	IN	HTTP/1.1 200 OK Content-Type: text/json Server: Microsoft-IIS/10.0 x-content-type-options: nosniff X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Content-Length: 121 Cache-Control: max-age=269 Date: Mon, 02 Oct 2023 19:57:41 GMT Connection: close
2023-10-02 19:57:41 UTC	82	IN	Data Raw: 7b 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 54 69 6d 65 73 74 61 6d 70 22 3a 22 32 30 32 33 2d 31 30 2d 30 32 54 31 39 3a 35 37 3a 30 39 2e 34 38 30 36 38 32 37 5a 22 7d Data Ascii: {"Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","Timestamp":"2023-10-02T19:57:09.4806827Z"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.8	49790	52.143.87.28	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:42 UTC	83	OUT	GET /geo?doClientVersion=10.0.19041.3031&profile=1048832&callId=12971385 HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: gzip, deflate User-Agent: Microsoft-Delivery-Optimization/10.0 MS-CV: u1mSJHiEHEqKWkmK.7.1.1 Content-Length: 0 Host: geo.prod.do.dsp.mp.microsoft.com
2023-10-02 19:57:42 UTC	83	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/json Server: Microsoft-IIS/10.0 x-content-type-options: nosniff X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET Date: Mon, 02 Oct 2023 19:57:42 GMT Connection: close Content-Length: 304
2023-10-02 19:57:42 UTC	83	IN	Data Raw: 7b 22 45 78 74 65 72 6e 61 6c 49 70 41 64 64 72 65 73 73 22 3a 22 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 22 2c 22 43 6f 75 6e 74 72 79 43 6f 64 65 22 3a 22 55 53 22 2c 22 4b 65 79 56 61 6c 75 65 5f 45 6e 64 70 6f 69 6e 74 46 75 6c 6c 55 72 69 22 3a 22 68 74 74 70 73 3a 2f 2f 6b 76 38 30 31 2e 70 72 6f 64 2e 64 6f 2e 64 73 70 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 61 6c 6c 22 2c 22 56 65 72 73 69 6f 6e 22 3a 22 35 42 33 36 31 35 37 41 30 33 43 46 30 35 30 30 44 41 33 43 32 44 38 32 33 38 45 36 30 30 35 46 33 34 36 39 45 32 33 37 37 33 34 43 32 30 34 36 38 39 30 32 30 32 44 42 36 46 38 37 34 38 34 30 22 2c 22 43 61 63 68 65 49 64 22 3a 22 37 22 2c 22 43 6f 6d 70 61 63 74 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 31 2e 33 30 33 Data Ascii: {"ExternalIpAddress":"102.165.48.84","CountryCode":"US","KeyValue_EndpointFullUri":"https://kv801.prod.do.dsp.mp.microsoft.com/all","Version":"5B36157A03CF0500DA3C2D8238E6005F3469E237734C2046890202DB6F874840","CacheId":"7","CompactVersion":"10.0.19041.303

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	104.26.13.122	443	192.168.2.8	49766	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:08 UTC	2	IN	HTTP/1.1 403 Forbidden Date: Mon, 02 Oct 2023 19:57:08 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 4511 Connection: close X-Frame-Options: SAMEORIGIN Referrer-Policy: same-origin Cache-Control: max-age=15 Expires: Mon, 02 Oct 2023 19:57:23 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdO5eV%2BcsIVXWwCGrz0Oe%2BJ95Vbu5cW3rpur%2FMZJgiINkC9IkK9Vgo%2Bl8lu1oV0z1T%2BioYem5tJfDKUXpCKnRTff0qXol%2FI5T1TPssoFPZ7awf0F061%2FKF0SoteCNEi39u%2B1O%2BLYwDU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 80ff83426fa10a7f-IAD alt-svc: h3=":443"; ma=86400
2023-10-02 19:57:08 UTC	2	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE
2023-10-02 19:57:08 UTC	3	IN	Data Raw: 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 63 73 73 22 20 2f 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 27 63 66 5f 73 74 79 6c 65 73 2d 69 65 2d 63 73 73 27 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 Data Ascii: yles-css" href="/cdn-cgi/styles/cf.errors.css" />...[if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navig
2023-10-02 19:57:08 UTC	4	IN	Data Raw: 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 73 20 74 77 6f 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 63 6f 6c 75 6d 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 32 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 68 65 61 64 6c 69 6e 65 22 3e 57 68 79 20 68 61 76 65 20 49 20 62 65 65 6e 20 62 6c 6f 63 6b 65 64 3f 3c 2f 68 32 3e 0a 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 62 6c 6f 63 6b 65 64 5f 77 68 79 5f 64 65 74 61 69 6c 22 3e 54 68 69 73 20 77 65 62 73 69 74 65 20 69 73 20 75 73 69 6e 67 20 61 20 73 65 63 75 72 69 74 79 20 73 65 72 76 69 63 65 20 74 6f 20 70 72 6f 74 65 63 74 20 69 74 73 65 6c 66 20 66 72 6f Data Ascii: lass="cf-columns two"> <div class="cf-column"> <h2 data-translate="blocked_why_headline">Why have I been blocked?</h2> <p data-translate="blocked_why_detail">This website is using a security service to protect itself fro
2023-10-02 19:57:08 UTC	6	IN	Data Raw: 6e 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 0a 20 20 20 20 20 20 59 6f 75 72 20 49 50 3a 0a 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 31 30 32 2e 31 36 35 2e 34 38 2e 38 34 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 Data Ascii: n sm:block sm:mb-1"> Your IP: <button type="button" id="cf-footer-ip-reveal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">102.165.48.84</span> <span class="cf-footer-separator sm:h

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.8	49792	13.85.23.86	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:59 UTC	83	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.3208/0?CH=991&L=en-US&P=&PT=0x30&WUA=10.0.19041.3031&MK=VXN+F25zcaGoHd3&MD=AmHs1To8 HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2023-10-02 19:58:00 UTC	84	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 0b616346-24f6-481a-a91d-d16e8bd815d8 MS-RequestId: d1beaa56-ca68-469a-a51f-ed1210fa6df6 MS-CV: INp5nERvqUOoBn1t.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Mon, 02 Oct 2023 19:57:59 GMT Connection: close Content-Length: 25457
2023-10-02 19:58:00 UTC	84	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2023-10-02 19:58:00 UTC	100	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.8	49794	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:58:09 UTC	109	OUT	OPTIONS /report/v3?s=7JTiBhE0%2BpPvz2UEGgNnXWghISA0cWlPcWtP8lmJSVNtc9v1fyAQqr%2BnzSzT3IZ5mh2L47CDVDn%2Bvag8mrwrlTaT9ebS728yh8wm%2Fj7FhR5%2BN6EVSV64%2FHFOmcx%2FSD4qgBDzJ0leV0c%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://nezurexternal.sell.app Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	35.190.80.1	443	192.168.2.8	49794	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:58:09 UTC	110	IN	HTTP/1.1 200 OK content-length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 02 Oct 2023 19:58:08 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.8	49795	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:58:09 UTC	110	OUT	POST /report/v3?s=7JTiBhE0%2BpPvz2UEGgNnXWghISA0cWlPcWtP8lmJSVNtc9v1fyAQqr%2BnzSzT3IZ5mh2L47CDVDn%2Bvag8mrwrlTaT9ebS728yh8wm%2Fj7FhR5%2BN6EVSV64%2FHFOmcx%2FSD4qgBDzJ0leV0c%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 478 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2023-10-02 19:58:09 UTC	110	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 35 38 39 39 38 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 34 33 37 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 6e 65 7a 75 72 65 78 74 65 72 6e 61 6c 2e 73 65 6c 6c 2e 61 70 70 2f 70 72 6f 64 75 63 74 2f 6e 65 7a 75 72 2d 6b 65 79 2d 62 79 70 61 73 73 2d 38 35 2d 6f 66 66 3f 69 6e 66 6f 3d 66 61 71 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 36 2e 31 33 2e 31 32 32 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c Data Ascii: [{"age":58998,"body":{"elapsed_time":437,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq","sampling_fraction":1.0,"server_ip":"104.26.13.122","status_code":403,

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	35.190.80.1	443	192.168.2.8	49795	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:58:09 UTC	111	IN	HTTP/1.1 200 OK content-length: 0 date: Mon, 02 Oct 2023 19:58:09 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.8	49797	20.190.190.129	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 20:00:41 UTC	111	OUT	POST /RST2.srf HTTP/1.0 Connection: Keep-Alive Content-Type: application/soap+xml Accept: / User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 10.0; Win64; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; IDCRL 24.10.0.19045.0.0; IDCRL-cfg 16.000.29368.4; App svchost.exe, 10.0.19041.1806, {DF60E2DF-88AD-4526-AE21-83D130EF0F68}) Content-Length: 4784 Host: login.live.com
2023-10-02 20:00:41 UTC	111	OUT	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 70 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 50 61 73 73 70 6f 72 74 2f 53 6f 61 70 53 65 72 76 69 63 65 73 2f 50 50 43 52 4c 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 Data Ascii: <?xml version="1.0" encoding="UTF-8"?><s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:ps="http://schemas.microsoft.com/Passport/SoapServices/PPCRL" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1
2023-10-02 20:00:42 UTC	116	IN	HTTP/1.1 200 OK Cache-Control: no-store, no-cache Pragma: no-cache Content-Type: application/soap+xml; charset=utf-8 Expires: Mon, 02 Oct 2023 19:59:41 GMT P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Referrer-Policy: strict-origin-when-cross-origin x-ms-route-info: C105_BAY x-ms-request-id: 7272e752-3bf6-47f7-a291-0b95dc867215 PPServer: PPV: 30 H: BY1PPF15898C1BA V: 0 X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000 X-XSS-Protection: 1; mode=block Date: Mon, 02 Oct 2023 20:00:41 GMT Connection: close Content-Length: 11153
2023-10-02 20:00:42 UTC	117	IN	Data Raw: 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 20 3f 3e 3c 53 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 53 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 33 2f 30 35 2f 73 6f 61 70 2d 65 6e 76 65 6c 6f 70 65 22 20 78 6d 6c 6e 73 3a 77 73 73 65 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 34 30 31 2d 77 73 73 2d 77 73 73 65 63 75 72 69 74 79 2d 73 65 63 65 78 74 2d 31 2e 30 2e 78 73 64 22 20 78 6d 6c 6e 73 3a 77 73 75 3d 22 68 74 74 70 3a 2f 2f 64 6f 63 73 2e 6f 61 73 69 73 2d 6f 70 65 6e 2e 6f 72 67 2f 77 73 73 2f 32 30 30 34 2f 30 31 2f 6f 61 73 69 73 2d 32 30 30 Data Ascii: <?xml version="1.0" encoding="utf-8" ?><S:Envelope xmlns:S="http://www.w3.org/2003/05/soap-envelope" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.8	49798	204.79.197.200	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 20:00:44 UTC	128	OUT	GET /client/config?cc=CH&setlang=en-US HTTP/1.1 X-Search-CortanaAvailableCapabilities: None X-Search-SafeSearch: Moderate Accept-Encoding: gzip, deflate X-Device-MachineId: {E1EEA534-7882-4336-B57B-3F1BDC81FCA6} X-UserAgeClass: Unknown X-BM-Market: CH X-BM-DateFormat: dd/MM/yyyy X-Device-OSSKU: 48 X-BM-DTZ: 120 X-DeviceID: 0100E24C0900BCE7 X-BM-WindowsFlights: FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E X-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard Time X-Device-Manufacturer: oilikt, Inc. X-BM-Theme: 000000;0078d7 X-Search-RPSToken: t%3DEwDYAkR8BAAUcvamItSE/vUHpyZRp3BeyOJPQDsAAeB9hdsWU/aZO0qSEoGBi8SAtjJD8c40goFZmZA/jYQt0bkTmugMzMGzWGK/DHqnPbykPAIIei5s4ywTUXQC03BFA/0AZVFWg6yvgE7Jym85cDVOQgCkJcOdb8n9t5zPXq5EnVV1fHD6Hvvhvh/l53cn43enO97/v2MwAWIIMJhP6jOEkqmfpTd/tPYxtE5AnelW/F6s%2BE71PDnnfUUNj9gQG0mLFqTSA9lKTG3SpmfFZU0TEVgX3%2BDSVbuh1f0/3oz8KPjsW6V0ardvAqYhboNGfsI7lM9bZ8SFci%2B2nGYMkG8ogXI0MyQZ7Ywj5BOODn4UkUNJPwpTElVEX6XUIj4DZgAACIFKoxy2lqqPqAFEfWHFr73YMLPWvJFrDgO7tXM29tSnJFnmSUmCW9QhSFAf%2BLwn7rfFCHJ4XIRcAfwoqwHk0lvzIygYUfDAQhrNTobUkE66LHUliVEU0nQXL3jjz5GwYYd19CEJRaBO%2BhWHNmdcpfjIMPbVWzIc202APZuMi3GlWu8uxCUkwSi7We06vT%2Bt9%2BirAhCFbK2BrPXLNEt/f4Khxg8U16mksAgmex%2Bkz8HZNeq1jo%2B3FD7OTs0JG64SzMcjJQxeyVXUZV5015l9vXQsF8AcJ5RnF9qInqq%2B84M0TfLDCzjBhUuNoIgWMHxAFH8A2pasfT5A7r7ijX/cRUDldc/M1aNKye8G5v0I3l3HHTqDYThkmCkgL01OEa6dwISnYt/8vUBF4iuFH86vWhkMe44JHXdzi7TJhweJulROwYENB7q30twX5p6xjEe2zx6lM4m94K3M%2B1b3W84ojOlT4AYiJ7aIndTQnp9gEIIPzaAiAEe3hu1rCnZCYG4MIfbGO9LtugIPeAJGFx52hf2YAEPU2IIWcv/gSfngMLssWMY5uz25nZlO4XdkyDbtr4ci2QE%3D%26p%3D X-Agent-DeviceId: 0100E24C0900BCE7 X-Device-Product: oilikt7,1 X-BM-CBT: 1696276840 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.10.19041; 10.0.0.0.19045.3208) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045 X-Device-isOptin: false Accept-language: en-US, en X-Device-Touch: false X-Device-ClientSession: E20C8CEE58314231B124087D91760759 X-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI Host: www.bing.com Connection: Keep-Alive Cookie: MUID=449653F191F840A4AB48AAAA057BF484
2023-10-02 20:00:44 UTC	130	IN	HTTP/1.1 200 OK Cache-Control: private Content-Length: 2215 Content-Type: application/json; charset=utf-8 P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: SUID=M; domain=.bing.com; expires=Tue, 03-Oct-2023 08:00:44 GMT; path=/; secure; HttpOnly; SameSite=None Set-Cookie: MUIDB=449653F191F840A4AB48AAAA057BF484; expires=Sat, 26-Oct-2024 20:00:44 GMT; path=/; HttpOnly Set-Cookie: _EDGE_S=SID=3F6215F3729F6DCA2A41066D73D06CE1&mkt=de-ch&ui=en-us; domain=.bing.com; path=/; HttpOnly Set-Cookie: SRCHD=AF=NOFORM; domain=.bing.com; expires=Sat, 26-Oct-2024 20:00:44 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUID=V=2&GUID=AE1A15FA2C4343518797655CC519425B&dmnchg=1; domain=.bing.com; expires=Sat, 26-Oct-2024 20:00:44 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHUSR=DOB=20231002; domain=.bing.com; expires=Sat, 26-Oct-2024 20:00:44 GMT; path=/; secure; SameSite=None Set-Cookie: SRCHHPGUSR=SRCHLANG=en; domain=.bing.com; expires=Sat, 26-Oct-2024 20:00:44 GMT; path=/; secure; SameSite=None Set-Cookie: ANON=A=4D82DAC44212660D1BC14E0FFFFFFFFF; domain=.bing.com; expires=Sat, 26-Oct-2024 20:00:44 GMT; path=/; secure; SameSite=None Set-Cookie: WLS=C=0000000000000000&N=; domain=.bing.com; path=/; secure; SameSite=None Set-Cookie: _SS=SID=3F6215F3729F6DCA2A41066D73D06CE1; domain=.bing.com; path=/; secure; SameSite=None X-EventID: 651b216cd27b4482b1eb7c09dedbfcf6 UserAgentReductionOptOut: A7kgTC5xdZ2WIVGZEfb1hUoNuvjzOZX3VIV/BA6C18kQOOF50Q0D3oWoAm49k3BQImkujKILc7JmPysWk3CSjwUAAACMeyJvcmlnaW4iOiJodHRwczovL3d3dy5iaW5nLmNvbTo0NDMiLCJmZWF0dXJlIjoiU2VuZEZ1bGxVc2VyQWdlbnRBZnRlclJlZHVjdGlvbiIsImV4cGlyeSI6MTY4NDg4NjM5OSwiaXNTdWJkb21haW4iOnRydWUsImlzVGhpcmRQYXJ0eSI6dHJ1ZX0= X-XSS-Protection: 0 X-Cache: CONFIG_NOCACHE Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version X-MSEdge-Ref: Ref A: FAC8CBAB90B1408D9E9D6D0AD8433368 Ref B: BLUEDGE1812 Ref C: 2023-10-02T20:00:44Z Date: Mon, 02 Oct 2023 20:00:44 GMT Connection: close
2023-10-02 20:00:44 UTC	132	IN	Data Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 31 2c 22 63 6f 6e 66 69 67 22 3a 7b 22 46 65 61 74 75 72 65 43 6f 6e 66 69 67 22 3a 7b 22 53 65 61 72 63 68 42 6f 78 49 62 65 61 6d 50 6f 69 6e 74 65 72 4f 6e 48 6f 76 65 72 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 68 6f 77 53 65 61 72 63 68 47 6c 79 70 68 4c 65 66 74 4f 66 53 65 61 72 63 68 42 6f 78 22 3a 7b 22 76 61 6c 75 65 22 3a 74 72 75 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 6f 78 55 73 65 53 65 61 72 63 68 49 63 6f 6e 41 74 52 65 73 74 22 3a 7b 22 76 61 6c 75 65 22 3a 66 61 6c 73 65 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 65 61 72 63 68 42 75 74 74 6f 6e 55 73 65 53 65 61 72 63 68 49 63 6f 6e 22 3a 7b 22 76 61 6c 75 65 Data Ascii: {"version":1,"config":{"FeatureConfig":{"SearchBoxIbeamPointerOnHover":{"value":true,"feature":""},"ShowSearchGlyphLeftOfSearchBox":{"value":true,"feature":""},"SearchBoxUseSearchIconAtRest":{"value":false,"feature":""},"SearchButtonUseSearchIcon":{"value
2023-10-02 20:00:44 UTC	134	IN	Data Raw: 75 74 74 6f 6e 47 6c 79 70 68 22 3a 7b 22 76 61 6c 75 65 22 3a 22 22 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 75 62 6d 69 74 42 75 74 Data Ascii: uttonGlyph":{"value":"","feature":""},"SubmitBut
2023-10-02 20:00:44 UTC	134	IN	Data Raw: 74 6f 6e 47 6c 79 70 68 52 54 4c 22 3a 7b 22 76 61 6c 75 65 22 3a 22 22 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 2c 22 53 75 62 6d 69 74 42 75 74 74 6f 6e 4e 61 72 72 61 74 6f 72 54 65 78 74 22 3a 7b 22 76 61 6c 75 65 22 3a 22 22 2c 22 66 65 61 74 75 72 65 22 3a 22 22 7d 7d 7d 7d Data Ascii: tonGlyphRTL":{"value":"","feature":""},"SubmitButtonNarratorText":{"value":"","feature":""}}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.8	49799	52.159.127.243	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 20:01:00 UTC	134	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 4c 49 71 55 79 4c 34 45 39 55 36 57 79 37 48 45 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 63 30 35 33 66 65 31 35 62 32 64 64 37 31 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: LIqUyL4E9U6Wy7HE.1Context: 43c053fe15b2dd71
2023-10-02 20:01:00 UTC	134	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-10-02 20:01:00 UTC	134	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 4c 49 71 55 79 4c 34 45 39 55 36 57 79 37 48 45 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 63 30 35 33 66 65 31 35 62 32 64 64 37 31 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 77 39 52 62 53 61 47 31 6a 69 45 68 42 59 4a 72 59 79 59 7a 6a 2f 64 58 39 51 4d 59 2b 73 65 6d 54 54 50 2f 43 51 4e 30 43 30 4d 75 46 39 4f 67 4f 6e 74 5a 6b 6e 43 6b 6c 6f 37 56 45 74 4f 2b 58 68 61 4a 7a 7a 4d 66 6f 52 79 43 51 2b 6a 77 55 39 33 79 78 78 6b 4f 75 5a 61 50 59 39 72 44 35 37 59 71 46 68 2b 6e 63 58 63 6a Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: LIqUyL4E9U6Wy7HE.2Context: 43c053fe15b2dd71<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbw9RbSaG1jiEhBYJrYyYzj/dX9QMY+semTTP/CQN0C0MuF9OgOntZknCklo7VEtO+XhaJzzMfoRyCQ+jwU93yxxkOuZaPY9rD57YqFh+ncXcj
2023-10-02 20:01:00 UTC	136	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 4c 49 71 55 79 4c 34 45 39 55 36 57 79 37 48 45 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 34 33 63 30 35 33 66 65 31 35 62 32 64 64 37 31 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: LIqUyL4E9U6Wy7HE.3Context: 43c053fe15b2dd71<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-10-02 20:01:00 UTC	136	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-10-02 20:01:00 UTC	136	IN	Data Raw: 4d 53 2d 43 56 3a 20 53 6a 68 62 42 53 47 54 58 55 57 51 61 68 73 47 73 74 6c 54 72 41 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: SjhbBSGTXUWQahsGstlTrA.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.8	49800	52.159.127.243	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 20:01:15 UTC	136	OUT	Data Raw: 43 4e 54 20 31 20 43 4f 4e 20 33 30 34 0d 0a 4d 53 2d 43 56 3a 20 6f 62 4a 56 39 4a 6d 70 59 6b 71 6e 64 65 38 71 2e 31 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 36 37 61 33 36 31 36 30 30 33 39 61 66 33 0d 0a 0d 0a Data Ascii: CNT 1 CON 304MS-CV: obJV9JmpYkqnde8q.1Context: a567a36160039af3
2023-10-02 20:01:15 UTC	136	OUT	Data Raw: 3c 63 6f 6e 6e 65 63 74 3e 3c 76 65 72 3e 32 3c 2f 76 65 72 3e 3c 61 67 65 6e 74 3e 3c 6f 73 3e 57 69 6e 64 6f 77 73 3c 2f 6f 73 3e 3c 6f 73 56 65 72 3e 31 30 2e 30 2e 30 2e 30 2e 31 39 30 34 35 3c 2f 6f 73 56 65 72 3e 3c 70 72 6f 63 3e 78 36 34 3c 2f 70 72 6f 63 3e 3c 6c 63 69 64 3e 65 6e 2d 43 48 3c 2f 6c 63 69 64 3e 3c 67 65 6f 49 64 3e 32 32 33 3c 2f 67 65 6f 49 64 3e 3c 61 6f 61 63 3e 30 3c 2f 61 6f 61 63 3e 3c 64 65 76 69 63 65 54 79 70 65 3e 31 3c 2f 64 65 76 69 63 65 54 79 70 65 3e 3c 64 65 76 69 63 65 4e 61 6d 65 3e 56 4d 77 61 72 65 37 2c 31 3c 2f 64 65 76 69 63 65 4e 61 6d 65 3e 3c 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 74 72 75 65 3c 2f 66 6f 6c 6c 6f 77 52 65 74 72 79 3e 3c 2f 61 67 65 6e 74 3e 3c 2f 63 6f 6e 6e 65 63 74 3e Data Ascii: <connect><ver>2</ver><agent><os>Windows</os><osVer>10.0.0.0.19045</osVer><proc>x64</proc><lcid>en-CH</lcid><geoId>223</geoId><aoac>0</aoac><deviceType>1</deviceType><deviceName>VMware7,1</deviceName><followRetry>true</followRetry></agent></connect>
2023-10-02 20:01:15 UTC	136	OUT	Data Raw: 41 54 48 20 32 20 43 4f 4e 5c 44 45 56 49 43 45 20 31 30 35 33 0d 0a 4d 53 2d 43 56 3a 20 6f 62 4a 56 39 4a 6d 70 59 6b 71 6e 64 65 38 71 2e 32 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 36 37 61 33 36 31 36 30 30 33 39 61 66 33 0d 0a 0d 0a 3c 64 65 76 69 63 65 3e 3c 63 6f 6d 70 61 63 74 2d 74 69 63 6b 65 74 3e 74 3d 45 77 43 77 41 75 70 49 42 41 41 55 31 62 44 47 66 64 61 7a 69 44 66 58 70 6a 4e 35 4e 36 63 59 68 54 31 77 62 6d 51 41 41 62 77 39 52 62 53 61 47 31 6a 69 45 68 42 59 4a 72 59 79 59 7a 6a 2f 64 58 39 51 4d 59 2b 73 65 6d 54 54 50 2f 43 51 4e 30 43 30 4d 75 46 39 4f 67 4f 6e 74 5a 6b 6e 43 6b 6c 6f 37 56 45 74 4f 2b 58 68 61 4a 7a 7a 4d 66 6f 52 79 43 51 2b 6a 77 55 39 33 79 78 78 6b 4f 75 5a 61 50 59 39 72 44 35 37 59 71 46 68 2b 6e 63 58 63 6a Data Ascii: ATH 2 CON\DEVICE 1053MS-CV: obJV9JmpYkqnde8q.2Context: a567a36160039af3<device><compact-ticket>t=EwCwAupIBAAU1bDGfdaziDfXpjN5N6cYhT1wbmQAAbw9RbSaG1jiEhBYJrYyYzj/dX9QMY+semTTP/CQN0C0MuF9OgOntZknCklo7VEtO+XhaJzzMfoRyCQ+jwU93yxxkOuZaPY9rD57YqFh+ncXcj
2023-10-02 20:01:15 UTC	137	OUT	Data Raw: 42 4e 44 20 33 20 43 4f 4e 5c 57 4e 53 20 30 20 31 39 37 0d 0a 4d 53 2d 43 56 3a 20 6f 62 4a 56 39 4a 6d 70 59 6b 71 6e 64 65 38 71 2e 33 0d 0a 43 6f 6e 74 65 78 74 3a 20 61 35 36 37 61 33 36 31 36 30 30 33 39 61 66 33 0d 0a 0d 0a 3c 77 6e 73 3e 3c 76 65 72 3e 31 3c 2f 76 65 72 3e 3c 63 6c 69 65 6e 74 3e 3c 6e 61 6d 65 3e 57 50 4e 3c 2f 6e 61 6d 65 3e 3c 76 65 72 3e 31 2e 30 3c 2f 76 65 72 3e 3c 2f 63 6c 69 65 6e 74 3e 3c 6f 70 74 69 6f 6e 73 3e 3c 70 77 72 6d 6f 64 65 20 6d 6f 64 65 3d 22 30 22 3e 3c 2f 70 77 72 6d 6f 64 65 3e 3c 2f 6f 70 74 69 6f 6e 73 3e 3c 6c 61 73 74 4d 73 67 49 64 3e 30 3c 2f 6c 61 73 74 4d 73 67 49 64 3e 3c 2f 77 6e 73 3e Data Ascii: BND 3 CON\WNS 0 197MS-CV: obJV9JmpYkqnde8q.3Context: a567a36160039af3<wns><ver>1</ver><client><name>WPN</name><ver>1.0</ver></client><options><pwrmode mode="0"></pwrmode></options><lastMsgId>0</lastMsgId></wns>
2023-10-02 20:01:15 UTC	137	IN	Data Raw: 32 30 32 20 31 20 43 4f 4e 20 35 38 0d 0a Data Ascii: 202 1 CON 58
2023-10-02 20:01:15 UTC	137	IN	Data Raw: 4d 53 2d 43 56 3a 20 67 32 42 34 62 66 42 50 66 6b 61 4e 56 30 77 7a 4c 58 6f 48 77 77 2e 30 0d 0a 0d 0a 50 61 79 6c 6f 61 64 20 70 61 72 73 69 6e 67 20 66 61 69 6c 65 64 2e Data Ascii: MS-CV: g2B4bfBPfkaNV0wzLXoHww.0Payload parsing failed.

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.8	49767	104.26.13.122	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:08 UTC	7	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: nezurexternal.sell.app Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	172.253.122.84	443	192.168.2.8	49765	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:08 UTC	7	IN	HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Access-Control-Allow-Origin: https://www.google.com Access-Control-Allow-Credentials: true X-Content-Type-Options: nosniff Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 02 Oct 2023 19:57:08 GMT Strict-Transport-Security: max-age=31536000; includeSubDomains Content-Security-Policy: script-src 'report-sample' 'nonce-tql15meSQgqMgh4gvLzYZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-02 19:57:08 UTC	9	IN	Data Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a Data Ascii: 11["gaia.l.a.r",[]]
2023-10-02 19:57:08 UTC	10	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	172.253.62.139	443	192.168.2.8	49768	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:08 UTC	9	IN	HTTP/1.1 200 OK Content-Security-Policy: script-src 'report-sample' 'nonce-nhZdAFJYBcC0Nm56aN5n2Q' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Mon, 02 Oct 2023 19:57:08 GMT Content-Type: text/xml; charset=UTF-8 X-Daynum: 6118 X-Daystart: 46628 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Server: GSE Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2023-10-02 19:57:08 UTC	10	IN	Data Raw: 32 63 39 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 36 31 31 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 34 36 36 32 38 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22 Data Ascii: 2c9<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="6118" elapsed_seconds="46628"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
2023-10-02 19:57:08 UTC	10	IN	Data Raw: 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 2f 67 75 70 64 61 74 65 3e 0d 0a Data Ascii: 723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app></gupdate>
2023-10-02 19:57:08 UTC	10	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	104.26.13.122	443	192.168.2.8	49767	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	10	IN	HTTP/1.1 200 OK Date: Mon, 02 Oct 2023 19:57:08 GMT Content-Type: text/css Content-Length: 24132 Connection: close Last-Modified: Wed, 27 Sep 2023 11:52:30 GMT ETag: "6514177e-5e44" Server: cloudflare CF-RAY: 80ff83432c658292-IAD X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 02 Oct 2023 21:57:08 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2023-10-02 19:57:09 UTC	11	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2023-10-02 19:57:09 UTC	12	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2023-10-02 19:57:09 UTC	13	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2023-10-02 19:57:09 UTC	14	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2023-10-02 19:57:09 UTC	16	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2023-10-02 19:57:09 UTC	17	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2023-10-02 19:57:09 UTC	18	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2023-10-02 19:57:09 UTC	20	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2023-10-02 19:57:09 UTC	21	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2023-10-02 19:57:09 UTC	22	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin
2023-10-02 19:57:09 UTC	24	IN	Data Raw: 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 62 61 6e 6e 65 72 20 70 7b 64 69 73 70 6c 61 79 3a 2d 6d 6f 7a 2d 69 6e 6c 69 6e 65 2d 73 74 61 63 6b 3b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 6f 74 74 6f 6d 3b 7a 6f 6f 6d 3a 31 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 62 61 6e 6e 65 72 20 68 34 7b 63 6f 6c 6f 72 3a 23 32 66 37 62 62 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 62 61 6e 6e 65 72 20 2e 63 66 2d 65 72 72 6f 72 2d 61 63 Data Ascii: per #cf-error-banner p{display:-moz-inline-stack;display:inline-block;vertical-align:bottom;zoom:1}#cf-wrapper #cf-error-banner h4{color:#2f7bbf;font-weight:400;font-size:20px;line-height:1;vertical-align:baseline}#cf-wrapper #cf-error-banner .cf-error-ac
2023-10-02 19:57:09 UTC	25	IN	Data Raw: 65 77 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 65 72 72 6f 72 2d 6f 76 65 72 76 69 65 77 20 68 32 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 33 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 65 72 72 6f 72 2d 6f 76 65 72 76 69 65 77 20 68 32 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 68 69 67 68 6c 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 65 62 65 62 65 62 3b 6f 76 65 72 66 6c 6f 77 2d 78 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 3a 33 30 70 78 20 30 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 2d 77 65 Data Ascii: ew h1,#cf-wrapper #cf-error-details .cf-error-overview h2{font-weight:300}#cf-wrapper #cf-error-details .cf-error-overview h2{margin-top:0}#cf-wrapper #cf-error-details .cf-highlight{background:#ebebeb;overflow-x:hidden;padding:30px 0;background-image:-we
2023-10-02 19:57:09 UTC	26	IN	Data Raw: 3a 2d 36 30 70 78 3b 63 6f 6e 74 65 6e 74 3a 22 22 3b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 38 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 32 30 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 32 30 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 68 65 69 67 68 74 3a 30 3b 6c 65 66 74 3a 35 30 25 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 39 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 35 30 25 3b 77 69 64 74 68 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 73 74 61 74 75 73 2d 69 74 65 6d 2b 2e 63 66 2d 73 74 Data Ascii: :-60px;content:"";display:none;border-bottom:18px solid #fff;border-left:20px solid transparent;border-right:20px solid transparent;height:0;left:50%;margin-left:-9px;position:absolute;right:50%;width:0}#cf-wrapper #cf-error-details .cf-status-item+.cf-st
2023-10-02 19:57:09 UTC	28	IN	Data Raw: 76 65 72 66 6c 6f 77 3a 65 6c 6c 69 70 73 69 73 3b 77 69 64 74 68 3a 31 30 30 25 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 73 74 61 74 75 73 2d 64 65 73 63 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 65 72 72 6f 72 2d 66 6f 6f 74 65 72 7b 70 61 64 64 69 6e 67 3a 31 2e 33 33 33 33 33 65 6d 20 30 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 62 65 62 65 62 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 Data Ascii: verflow:ellipsis;width:100%;white-space:nowrap}#cf-wrapper #cf-error-details .cf-status-desc:empty{display:none}#cf-wrapper #cf-error-details .cf-error-footer{padding:1.33333em 0;border-top:1px solid #ebebeb;text-align:center}#cf-wrapper #cf-error-details
2023-10-02 19:57:09 UTC	29	IN	Data Raw: 61 72 2e 70 6e 67 3f 31 33 37 36 37 35 35 36 33 37 29 20 6e 6f 2d 72 65 70 65 61 74 20 23 66 66 66 3b 6d 61 78 2d 68 65 69 67 68 74 3a 34 30 30 70 78 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 35 33 70 78 3b 77 69 64 74 68 3a 39 36 30 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 70 78 20 35 70 78 20 30 20 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 73 63 72 65 65 6e 73 68 6f 74 2d 63 6f 6e 74 61 69 6e 65 72 20 2e 63 66 2d 6e 6f 2d 73 63 72 65 65 6e 73 68 6f 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 63 64 6e 2d 63 67 69 2f 69 6d 61 67 65 73 2f 63 66 2d 6e 6f 2d 73 63 72 65 65 6e 73 68 Data Ascii: ar.png?1376755637) no-repeat #fff;max-height:400px;max-width:100%;overflow:hidden;padding-top:53px;width:960px;border-radius:5px 5px 0 0}#cf-wrapper #cf-error-details .cf-screenshot-container .cf-no-screenshot{background:url(/cdn-cgi/images/cf-no-screensh
2023-10-02 19:57:09 UTC	31	IN	Data Raw: 6e 6f 2d 72 65 70 65 61 74 3b 68 65 69 67 68 74 3a 37 37 70 78 3b 77 69 64 74 68 3a 31 35 31 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 69 63 6f 6e 2d 73 65 72 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 2f 63 64 6e 2d 63 67 69 2f 69 6d 61 67 65 73 2f 63 66 2d 69 63 6f 6e 2d 73 65 72 76 65 72 2e 70 6e 67 29 20 6e 6f 2d 72 65 70 65 61 74 3b 68 65 69 67 68 74 3a 37 35 70 78 3b 77 69 64 74 68 3a 39 35 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 69 63 6f 6e 2d 72 61 69 6c 67 75 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 2d 38 34 38 70 78 3b 68 65 69 67 68 74 3a 38 31 70 78 3b 77 69 64 74 68 3a 39 35 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 61 72 65 74 7b 62 6f 72 64 65 72 Data Ascii: no-repeat;height:77px;width:151px}#cf-wrapper .cf-icon-server{background:url(/cdn-cgi/images/cf-icon-server.png) no-repeat;height:75px;width:95px}#cf-wrapper .cf-icon-railgun{background-position:0 -848px;height:81px;width:95px}#cf-wrapper .cf-caret{border
2023-10-02 19:57:09 UTC	32	IN	Data Raw: 74 75 73 2d 69 74 65 6d 7b 62 6f 72 64 65 72 3a 30 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 73 74 61 74 75 73 2d 69 74 65 6d 2b 2e 63 66 2d 73 74 61 74 75 73 2d 69 74 65 6d 3a 62 65 66 6f 72 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 2d 35 34 34 70 78 3b 68 65 69 67 68 74 3a 32 34 2e 37 35 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 2d 33 37 2e 35 70 78 3b 77 69 64 74 68 3a 37 35 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 33 31 2e 32 35 70 78 20 61 75 74 6f 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 69 63 6f 6e 2d 65 72 72 6f 72 2d 63 6f 6e 74 Data Ascii: tus-item{border:0;padding-top:0}#cf-wrapper #cf-error-details .cf-status-item+.cf-status-item:before{background-position:0 -544px;height:24.75px;margin-left:-37.5px;width:75px;background-size:131.25px auto}#cf-wrapper #cf-error-details .cf-icon-error-cont
2023-10-02 19:57:09 UTC	33	IN	Data Raw: 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 62 61 6e 6e 65 72 20 2e 63 66 2d 64 65 74 61 69 6c 73 2d 6c 69 6e 6b 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 62 61 6e 6e 65 72 20 2e 63 66 2d 65 72 72 6f 72 2d 61 63 74 69 6f 6e 73 7b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 30 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 77 69 64 74 68 3a 61 75 74 6f 7d 23 63 66 2d 77 72 61 70 70 65 72 20 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2e 63 66 2d 73 74 61 74 75 73 2d 69 74 65 6d 2b 2e 63 66 2d 73 74 61 74 75 73 2d 69 74 65 6d 3a 62 65 66 6f 72 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 2d 37 Data Ascii: rapper #cf-error-banner .cf-details-link{padding-right:.5em}#cf-wrapper #cf-error-banner .cf-error-actions{float:right;margin-bottom:0;text-align:left;width:auto}#cf-wrapper #cf-error-details .cf-status-item+.cf-status-item:before{background-position:0 -7

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.8	49769	35.190.80.1	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	34	OUT	OPTIONS /report/v3?s=cdO5eV%2BcsIVXWwCGrz0Oe%2BJ95Vbu5cW3rpur%2FMZJgiINkC9IkK9Vgo%2Bl8lu1oV0z1T%2BioYem5tJfDKUXpCKnRTff0qXol%2FI5T1TPssoFPZ7awf0F061%2FKF0SoteCNEi39u%2B1O%2BLYwDU%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://nezurexternal.sell.app Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.8	49770	104.26.13.122	443	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
2023-10-02 19:57:09 UTC	35	OUT	GET /cdn-cgi/images/browser-bar.png?1376755637 HTTP/1.1 Host: nezurexternal.sell.app Connection: keep-alive sec-ch-ua: "Not/A)Brand";v="99", "Google Chrome";v="115", "Chromium";v="115" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://nezurexternal.sell.app/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Statistics

Click to jump to process

Memory Usage

• Nezur Launcher.exe
• chrome.exe
• chrome.exe

Click to jump to process

High Level Behavior Distribution

• File
• Registry

Click to dive into process behavior distribution

Behavior

• Nezur Launcher.exe
• chrome.exe
• chrome.exe

Click to jump to process

Target ID:	0
Start time:	21:57:03
Start date:	02/10/2023
Path:	C:\Users\user\Desktop\Nezur Launcher.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\Nezur Launcher.exe
Imagebase:	0x23df5a50000
File size:	2'662'400 bytes
MD5 hash:	2E1C03948AD3F04F5BC464A51367D915
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1001942667.0000023DF5CCC000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	21:57:06
Start date:	02/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq
Imagebase:	0x7ff64b690000
File size:	3'217'176 bytes
MD5 hash:	B5FF854EAE31D49E10B4DC714D8296F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	21:57:07
Start date:	02/10/2023
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1976,i,12358395401642143671,13532874533793496884,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff64b690000
File size:	3'217'176 bytes
MD5 hash:	B5FF854EAE31D49E10B4DC714D8296F1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage

Dynamic/Packed Code Coverage

Signature Coverage

Execution Coverage:	11.8%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Show Legend

Hide Nodes/Edges

Executed Functions

Function 00007FFC8EF02EFE Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b01d275f2903864d1b33a1364cf61aa49e646b32e0acc5afa1819267262b4ca
Instruction ID: 7507328f800b783df1fa5053cac07a8f59593ba6d23176d0352678c57c78a657
Opcode Fuzzy Hash: 7b01d275f2903864d1b33a1364cf61aa49e646b32e0acc5afa1819267262b4ca
Instruction Fuzzy Hash: F941573160D39D0FD71E9A7488251B67BA5EB93210B1682BFD087CB1E7DD685806C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EF02EB1 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 917ee10c24b323cd67c14817a9454d7bee8950bb583fa11a8862740ffe73f23b
Instruction ID: ac93096bc727fafd1e7274653f96996b21616563aee0e37c75329541174dd8fb
Opcode Fuzzy Hash: 917ee10c24b323cd67c14817a9454d7bee8950bb583fa11a8862740ffe73f23b
Instruction Fuzzy Hash: 5541673160D79D0FD71E9A7888251B57BA5EB83310B1582BFD087CB1E7DD685806C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EF08005 Relevance: 1.7, APIs: 1, Instructions: 173
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFC8EF08141

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e0a421b33674a1a15005185245be5261be84df8ebc68332392826ff2fd570e0e
Instruction ID: 0188d7796040d09929b823cdd36f1a9bf2ad7929c118b8177221c7f64d70dd23
Opcode Fuzzy Hash: e0a421b33674a1a15005185245be5261be84df8ebc68332392826ff2fd570e0e
Instruction Fuzzy Hash: B951E43190D7C84FD70ADBA898596A47FF1EF57320F0802EFD085C71A3DA64685AC762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EF01431 Relevance: 1.7, APIs: 1, Instructions: 165
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32 ref: 00007FFC8EF01541

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0f2fb1886d49f443a4ba5d48d14ab412f6ef3c02aced69e52fe869a463ce65ee
Instruction ID: a981f67c18709ef770e62f4a14a8ed30496872f9a144fa805d4edafd2518d22c
Opcode Fuzzy Hash: 0f2fb1886d49f443a4ba5d48d14ab412f6ef3c02aced69e52fe869a463ce65ee
Instruction Fuzzy Hash: FE51063190D7988FD70ACBA898556E47FF1EF57320F0942AFD089C75A3CB646846C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EDEDE20 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491141310.00007FFC8EDED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EDED000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8eded000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70ec4501352a7e0e9523d1932aacd59a69f5b4ff33d80aae5a23e146db07f85
Instruction ID: 5b442941b77a01cebbaf2ea79806895f297730a28ae8208dc92967a080706a63
Opcode Fuzzy Hash: a70ec4501352a7e0e9523d1932aacd59a69f5b4ff33d80aae5a23e146db07f85
Instruction Fuzzy Hash: 4741E27040DBC85FD35ADB3898499623FF0EF56320B0505DFD089CB1A7DA65A84AC7A2

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FFC8EF05800 Relevance: .4, Instructions: 364COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0fa6dd73c8ea3c69e8ba5478a0a28bdfcbccb1011815076af52e54a40d3a509d
Instruction ID: 59cc1e2de547af5981918c02bc02d4a68644621458328a79fce436cc147a8ac9
Opcode Fuzzy Hash: 0fa6dd73c8ea3c69e8ba5478a0a28bdfcbccb1011815076af52e54a40d3a509d
Instruction Fuzzy Hash: 2BC1DE7240E7C54FD3178B749CA15A17FB1EF13214B1E46EBC4C2CB0A3E6686A1AC762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EF05871 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 699e28cc90494163e740718b55b2065c69919beb54e52bbe99102bd122a6cfab
Instruction ID: a86e8488a0933c4997e360d94918851f07c3f5ba1c0077642610cd9a07bf88e5
Opcode Fuzzy Hash: 699e28cc90494163e740718b55b2065c69919beb54e52bbe99102bd122a6cfab
Instruction Fuzzy Hash: C961017150D7C84FD31ACB748CA55A17FF1EF17300B0A42EED486CB1A3DA68691AC762

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EF05692 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6741ddc090b29caab8a8983f4eeaaaf6e5701f3eb6f93b343a17a72d14e6db70
Instruction ID: c8e606c5c27ffa1561db3ff524ce4b1c9ecf2966edd2f42e616d06aed77b82e8
Opcode Fuzzy Hash: 6741ddc090b29caab8a8983f4eeaaaf6e5701f3eb6f93b343a17a72d14e6db70
Instruction Fuzzy Hash: DC411931A4D3894FD31A4A745C560B2BBA6EB8322071582FFC4D6CB0B7ED68681BC791

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EF083D3 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ac12efc1867c4858683c02ea2b73b6d4f009faa4bf5f9f0f0b167f1b67fbe11
Instruction ID: 97861a69d0c5e319398ffb7e9e81e26fcf52573124b04c9c8041b13c6e70a018
Opcode Fuzzy Hash: 4ac12efc1867c4858683c02ea2b73b6d4f009faa4bf5f9f0f0b167f1b67fbe11
Instruction Fuzzy Hash: 32214B7160D2D80FD30D8A785C660767F95EB8322071582BFE4C6871D7D9249807C3D6

Uniqueness

Uniqueness Score: -1.00%

Function 00007FFC8EF05788 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.3491643652.00007FFC8EF00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFC8EF00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ffc8ef00000_Nezur Launcher.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c635c40be55e33ec38a88cd5ce2b5bf4d1aedb66178072ce30205ea57c39b833
Instruction ID: 6eb898a944286d644ec1e1ddbb74d2d4b63871534a75a1a85468025ab5a2fef3
Opcode Fuzzy Hash: c635c40be55e33ec38a88cd5ce2b5bf4d1aedb66178072ce30205ea57c39b833
Instruction Fuzzy Hash: 4701F432A4C15C1AA73C9DB18CCA473F74EE3C3214712D23DE9A3C65A6DE60A52792A0

Uniqueness

Uniqueness Score: -1.00%

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://defaultcontainer/interface/uelxsuwblsmkokrpstoofjgjeoraa.xaml
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://fontello.com
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF83ED000.00000004.08000000.00040000.00000000.sdmp, Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://fontello.comMaterial
Source: Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/bar/interface/uelxsuwblsmkokrpstoofjgjeoraa.baml
Source: Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://foo/interface/uelxsuwblsmkokrpstoofjgjeoraa.xaml
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLCopyright
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFLMontserratSemiBold
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.fontisto.com
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.google.com/fontshttp://www.hubertfischer.comThis
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.kenangundogan.com
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.kenangundogan.comhttp://www.kenangundogan.comMITMIThttps://opensource.org/licenses/mit-li
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: http://www.zkysky.com.ar/http://www.zkysky.com.ar/This
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fontawesome.com
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/JetBrains/JetBrainsMono)JetBrains
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/JulietaUla/Montserrat)Montserrat
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/JulietaUla/Montserrat)MontserratSemiBold7.200;ULA
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/googlefonts/rubik)Rubik
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/googlefonts/rubik)RubikRegular2.102;NONE;Rubik-RegularRubik
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/itfoundry/Poppins)Poppins
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/itfoundry/Poppins)PoppinsBold
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/itfoundry/Poppins)PoppinsBoldITFO;
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/itfoundry/Poppins)PoppinsItalicITFO;
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://github.com/itfoundry/Poppins)PoppinsRegularITFO;
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://indiantypefoundry.comThis
Source: Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nezur.net/
Source: Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nezur.net/F/Nezur
Source: Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D80001000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nezur.net/keysys.html
Source: Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCB18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-k
Source: Nezur Launcher.exe, 00000000.00000002.3485320877.0000023DFC631000.00000004.00000020.00020000.00000000.sdmp, Nezur Launcher.exe, 00000000.00000002.3475801447.0000023D803C4000.00000004.00000800.00020000.00000000.sdmp, Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCB18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq
Source: Nezur Launcher.exe, 00000000.00000002.3485320877.0000023DFC631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq$
Source: Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCB18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq)Z
Source: Nezur Launcher.exe, 00000000.00000002.3485320877.0000023DFC631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq.
Source: Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC848000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq0
Source: Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq9
Source: Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faq=
Source: Nezur Launcher.exe, 00000000.00000002.3489721699.0000023DFCB18000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqG
Source: Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7CA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqGGW
Source: Nezur Launcher.exe, 00000000.00000002.3487826812.0000023DFC7E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqh
Source: Nezur Launcher.exe, 00000000.00000002.3485320877.0000023DFC631000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nezurexternal.sell.app/product/nezur-key-bypass-85-off?info=faqt
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://opensource.org/licenses/mit-license.html
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFL
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLJetBrains
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsBlack
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsExtraBold
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsExtraLight
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsLight
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsMedium
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsSemiBold
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLPoppinsThin
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLRubikMediumRubikRomanWeightItalicRoman
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF8505000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLRubikRomanWeightItalicRoman
Source: chromecache_65.3.dr, chromecache_67.3.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: Nezur Launcher.exe, 00000000.00000002.3479542773.0000023DF81F0000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: https://www.jetbrains.comhttps://www.jetbrains.comThis

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49691 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49692 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49693 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49687 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 02 Oct 2023 19:57:08 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4511Connection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 02 Oct 2023 19:57:23 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cdO5eV%2BcsIVXWwCGrz0Oe%2BJ95Vbu5cW3rpur%2FMZJgiINkC9IkK9Vgo%2Bl8lu1oV0z1T%2BioYem5tJfDKUXpCKnRTff0qXol%2FI5T1TPssoFPZ7awf0F061%2FKF0SoteCNEi39u%2B1O%2BLYwDU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 80ff83426fa10a7f-IADalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 02 Oct 2023 19:57:09 GMTContent-Type: text/html; charset=UTF-8Content-Length: 4511Connection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: max-age=15Expires: Mon, 02 Oct 2023 19:57:24 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JTiBhE0%2BpPvz2UEGgNnXWghISA0cWlPcWtP8lmJSVNtc9v1fyAQqr%2BnzSzT3IZ5mh2L47CDVDn%2Bvag8mrwrlTaT9ebS728yh8wm%2Fj7FhR5%2BN6EVSV64%2FHFOmcx%2FSD4qgBDzJ0leV0c%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 80ff8348cf413920-IADalt-svc: h3=":443"; ma=86400

Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 20.106.86.13
Source: unknown	TCP traffic detected without corresponding DNS query: 104.77.36.175
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.113.215
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.112
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 23.0.174.129
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86
Source: unknown	TCP traffic detected without corresponding DNS query: 13.85.23.86

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Nezur Launcher.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 64

Chrome Cache Entry: 65

Chrome Cache Entry: 66

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Network Behavior

Network Port Distribution

TCP Packets

Windows Analysis Report
Nezur Launcher.exe